why security by obscurity only works for a little while
When my local swim center set up their P.A. system, they decided to make it accessible via phone. That way, staff members wouldn’t have to walk back to the office to make an announcement over the loudspeaker — they could just pick up any phone at the center, dial the P.A. system’s phone number, and start speaking.
I guess they figured the system wouldn’t be abused because only the staff members would know the phone number. What they didn’t plan for, however, was telemarketers accidentally stumbling across the system as their auto-dialers try every possible phone number.
So imagine my surprise — and everyone else’s there at the pool the other day — when in the middle of the usual lap swim time a pitch for carpet cleaning services suddenly blasted out from the speakers.
Moral of the story? Just beause you think you’ve hidden some technical feature where no one will find it doesn’t mean they won’t. If it’s important to you to hide something, use real security measures like a password.
My name is Amit Asaravala. I'm an Internet technologies consultant & Web developer located in the San Francisco Bay Area. I specialize in helping organizations build great Web sites on open source technologies.
