Re: The real blame goes to..
"This is an argument for security through obscurity."
Exactly this. And security through obscurity is almost certainly not actually secure.
There's a basic rule in sigint which should always be followed:
Always assume the other guy is smarter than you.
This is the basic foundation of modern security infrastructure, and has been since World War 2. Basically, the Nazis assumed that they were smarter than their opponents, and so that the Enigma code was invulnerable. But it turned out the Allies were working on stuff that the Germans hadn't even begun to imagine, and so they were able to break the code in ways that the Axis assumed would be impossible. The Allies knew where the Axis were going to attack within hours of the order being issued, but the Germans remained convinced that Enigma was unbreakable.
This is why, since the end of the war, whenever we come up with a new encryption method we publish it and invite people to have a go at cracking it. Because the assumption is that someone out there is smarter than you and will figure it out even if you think it's unbreakable. It's effectively the same many-eyes principle which works in Open Source; if everyone is working on the problem and still can't crack it, then it's probably securer than if you're the only person working on it and hoping that some combination of obscurity and your own genius makes it uncrackable. This is one of the problems many infosec researchers have with Apple's walled garden; it's a bad philosophical approach to security even if you do a very good job of implementing it, and when someone smarter does decide to target it the result will be devastating.
The assumption should always be that the Bad Guy - whomever they happen to be at a given moment - knows your movements, has access to all your information, has slightly better resources than you do, and can do a bit more than you can at any given time. That makes hording exploits directly equivalent to arming your enemies.
Biting the hand that feeds IT
