A lot of wanna-be IT-experts claim that 'security by obscurity does not work'. That's a load of horseshit. Every magician knows it works. Their whole profession is based on the success of obfuscation. What one does not notice, one will not take note of. What you see, you will act upon. If it's easier to find, it's less secure. Take for example the (wonderful) web-based server administration software called Webmin. When you install this package on your server, it will immediately be accessible on port 10000 in your browser (http://server-address:10000). Because of that, everybody knows where to look for users who use webmin: Scan for port 10000. And as soon as some kind of vulnerability gets known about webmin, optional victims are easily found. Using webmin on its standard port is like saying: "Hey there, I'm one of those strict idiots always using every standard setting, come look at my default machine, everything is stock config here! Come look, you will have it easy because everything works as advertised! By all means, see for yourself! No obscurity implemented here!" Proving why security by obscurity does work: It will confuse the person who wants to break security, and it will cause…