| Date: | August 3, 2009 / year-entry #241 |
| Tags: | non-computer |
| Orig Link: | https://blogs.msdn.microsoft.com/oldnewthing/20090803-01/?p=17243 |
| Comments: | 13 |
| Summary: | Jeffrey Strain chats with a former burglar and learns the best place to hide money. ("The bank," responds the former burglar. Oh, the best place to hide money in the house...) A month later, the follow-up article discussed the worst places to hide money (that sound like good ideas but aren't). |
Jeffrey Strain chats with a former burglar and learns the best place to hide money. ("The bank," responds the former burglar. Oh, the best place to hide money in the house...) A month later, the follow-up article discussed the worst places to hide money (that sound like good ideas but aren't). |
Comments (13)
Comments are closed. |
Personally, I think the Captain Koons method is the safest. Perhaps not very convenient (or comfortable), but I’m pretty sure no burglar would think to look there.
Not many people would probably want to take my approach, but I hide my valuables with junk. I don’t have a garage, so have to keep some valuable stuff in my carport. I also keep a pile of junk in my carport (broken electronics, cardboard boxes, an old appliance, etc). Nobody touches the not-broken stuff…they probably assume it’s all junk.
Fascinating article. I just know there is a lesson in there that is applicable to computer security.
In the real world, security through obscurity works!
I try not to have valuable stuff. Sometimes you need or want such things of course, but then usually they wouldn’t be very useful if hidden away and you can’t go fetching and hiding away everything all the time. Maybe it’s better to invest in an alarm and/or a house in a safe neighbourhood.
Which may be why so many people believe it works in the digital world too; they just don’t get how different the parameters are.
Security through obscurity only works when there are more methods of security in use.
E.g., junk in the carport, but that’s probably closed and/or locked, and otherwise hidden most of the time right? Or is it exposed 24/7? Or you have a tendency to have minimal surveillance so someone can’t slowly rifle through your stuff? (i.e., you look at it sometimes, maybe to make sure there aren’t any miscreants obviously rifling through your stuff).
After all, wasn’t Windows 2000 found out by someone scanning IPs?
Truth is, most people with physical objects use security by obscurity with other security measures – maybe a locked door, etc. In which case it helps. Security be obscurity alone is like keeping the housekey under the doormat or in the mailbox – a thief can duplicate the key and return it unknown, only to return much later.
Wow, and I thought Microsoft had a marketing department that announced products that they wanted to see!
In my bachelor days I rented a house along with a shifting cast of other men. A neighbor a couple of doors up was burglarized at least twice during those years, with expensive stuff taken. We had somebody come through a window once and steal a backpack that might’ve cost $25 in 1975 dollars, but otherwise were so blatantly not worth bothering that we were left alone.
But then we had no TV, no computers, no stereos in that house. How many of us following this blog live that way?
Security through obscurity (real or electronic) works only against drive-by threats. If your stuff or your data is targeted, obscurity won’t help much.
I have deadbolts on my doors and good locks on the windows. Not because I think it will keep a thief out, but because it will send him next door to an easier target.
Also, we keep the curtains up so they can clearly see that we own nothing of value :)
"E.g., junk in the carport, but that’s probably closed and/or locked, and otherwise hidden most of the time right? "
Worf, a carport is like a porch for a car. It’s a roof that extends off the side of the house, to protect the car and owner from the rain and snow. It can’t be locked, because most of the sides have no walls.
fake body parts in the freezer usually scares them off
Security depends on your objective. Obscurity isn’t very useful in most computer security scenarios because automation or tools work quickly.
Locks are security by obscurity. A better lock requires a burglar to spend a little more time fiddling with the lock — but all locks are are eventually defeatable.
"Locks are security by obscurity. A better lock requires a burglar to spend a little more time fiddling with the lock — but all locks are are eventually defeatable."
Not sure about the first sentence, but your second points out precisely why I value obscurity.
Darin’s point "If your stuff or your data is targeted, obscurity won’t help much." is pretty much the real danger.
I like the idea that I can zip a file, rename the extension and put it on a diskette and circulate around the globe and only about .01% of anybody would investigate the "file is an unknown type" error from the program. Then if you’ve got a fancy doohickey encrypt/decypter with DNA and retinal scanner, you’re good.