Microsoft logo with shadow of a hand holding a padlock

Microsoft – security through obscurity = no security

Recent Russian hacks of Microsoft systems are believed to have exposed some of the source code of Microsoft systems. Microsoft have been relying on obscurity to keep their systems safe. Keeping the source code hidden. It has been known since the 19th century that this is not smart.

Security through obscurity is the flawed tactic of keeping a system safe by keeping the knowledge of how it works hidden. The Linux community has always known this was a flawed strategy. This is probably because they are smart and have paid attention to history. Microsoft has been relying on keeping its source code hidden to achieve security.

One of the earliest people to understand the flaw in this strategy was locksmith Alfred Charles Hobbs. He was known for public demonstrations of how state-of-the-art locks could be picked. Many people raised concerns that exposing security flaws in the design of locks could make them more vulnerable. He famously said in 1851, “Rogues are very keen in their profession, and know already much more than we can teach them.” His mission was to expose poor quality locks and encourage people to make better locks.

In computing this has been known to be a flawed strategy for a long time. The Open Source community includes source code for a myriad of systems such as Linux (server operating systems), Apache (web servers), PHP (scripting system for websites including Facebook), MySQL (database for websites and many other uses) and Mastodon (social media system similar to X). The open availability of the source code encourages a large number of people to investigate it and spot flaws and improvements. Many of these people report their findings and might get involved in fixing them.

Microsoft have been caught out with their flawed security strategy.

How entertaining was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *