You could lay out every single security system used at Fort Knox and let people download the blueprints over the Net, and Fort Knox would be no less secure than it is today. Fort Knox's location is known to anyone who cares to look at a map.
Security through obscurity would posit that Fort Knox' location would not be generally known, and depend on that to provide protection.
If the person in charge of security at Fort Knox or anywhere else does not assume that an attacker already knows every routine and alarm system, and have a plan to still be secure, he is derelict in his duty and should be removed.
I get the feeling we are talking at cross purposes because the term "security through obscurity" means a specific thing when talking about computer security, and you are thinking of some other situation involving obscurity.
The map location of "fort knox" seems to be a very strange and unrelated example. But to use your 'map' example, could you please tell me the exact location of "Area 51", and are you allowed to access it?
No, because you do not have sufficent "classification" such as is required to view information that has been branded "sensitive" "secret" "top secret" etc.
Security through obscurity is the basis of almost ALL security. If you don't believe it, please post your name, SSN, birthdate and largest bank account details for us right now how about.
You could lay out every single security system used at Fort Knox and let people download the blueprints over the Net, and Fort Knox would be no less secure than it is today. Fort Knox's location is known to anyone who cares to look at a map.
Security through obscurity would posit that Fort Knox' location would not be generally known, and depend on that to provide protection.
Bingo. It should also be noted that even Fort Knox's vaults have metal plates on the interior bevel of the vault doors which outline the fault tolerances of the hardware. That means that even Fort Knox is not impenetrable.
So why is Fort Knox considered "secure"? Well, it's got one helluva Intrusion Detection System (IDS) for one. For another, it's got very good countermeasures to thwart an attacker. And finally, the certainty of capture and eventual prosecution (rather than any ridiculously exaggerated penalties for an attempt) is an unparalleled deterrent.
Yet for some reason, people overlook these simple realities when it comes to computer security and computer crime.
-Jay