Thread: Apple's Security Through Obscurity Fallacy
View Single Post
Old 09-05-2012, 07:42 AM   #18
JoeD
Guru
JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.
 
Posts: 895
Karma: 4383958
Join Date: Nov 2007
Device: na
The 12 million IDs is in no way related to security through obscurity

Obscurity is when someone claims their product is safe but in reality the security depends upon you not been able to know how it works or view the code doing the protection.

Apple is actually pretty good when it comes to not using security through obscurity. They've used open source encryption routines and released their changes which allows peer review. Now they may still wrap obscurity on top of any real protection due to the nature of the rest of their code been proprietary, but I very much doubt they rely on that to provide any form of security.

Apple do however make mistakes just as any other software company will and their system will have holes just as any other system will.

As an aside, just because the device IDs are for apple devices, that doesn't automatically imply that the DB that was stolen was stored on a mac. For all we know it could have been on a linux or windows machine/server. Not that it changes anything.
Last edited by JoeD; 09-05-2012 at 07:45 AM.
JoeD is offline   Reply With Quote