I am talking about YOUR example where YOU said hiding the SSID is one layer of security and it’s a good thing to do. I’m saying you’re naive in regards to security if you think that is any layer of security. And in fact it will break many computers and prevent them from even talking to the WAP even if you want that device to talk to your WAP.
Now security in depth is a good practice, but it requires real security throughout the chain. I bet you think changing your http port on a server is a layer of security too. I mean if you think hiding your SSID is a layer of security you might as well say changing your port is another layer. We will all get a good laugh from that too :-)
All of MY systems work with SSID turned off. All the better if the hacker's system can't. You are helping me make my point. But in reality by its technical security it mainly only stops casual newbie wardrivers. For real-world security it lets attackers know you've done something for security, and if you did that you probably went all the way for your WAP. This makes your neighbor's WAP a more promising target, likely to waste less of the attacker's time.
Like the saying goes, you don't have to run faster than the bear that's chasing you. You only have to run faster than the guy running with you.
I bet you think changing your http port on a server is a layer of security too.
If it doesn't interfere with anything. A good example from the past is Code Red, that famous, damaging worm. The first step of the attack scanned TCP port 80. You were safe if you weren't running on 80. For Linux guys, the Slapper variants first checked TCP port 80 for a response saying it's running Apache, then tried TCP port 443 to run the SSL exploit. There, changing ports or responses could stop the worm. There you go, two absolutely proven cases where changing the port would have resulted in improved security.
And I'm about to get a good laugh from you admitting that your position would logically require to you to say that Microsoft shouldn't have implemented address space randomization. Well, a laugh at that or whatever tortured logic is required to weasel out of that corner.