Recently CASB decided to stop sending examination results by mail and instead post them online. They set up a special website where students can check their marks: http://mycasb.com:4433/ce

You might notice that the web server mentioned above is running on an weird port. It appears that this is an attempt at security through obscurity.

I can understand why they might chose to go this approach: to compensate for other poor security measures. My password for the site is a five digit number than is assigned to me and that I cannot change. As far as passwords go, that is as weak as you can get.

There are a number of problems with this approach:

1) It inconveniences users since most corporations and firms would block the port. I am currently trying to get it opened at my workplace, and I anticipate it will take a month or so and a call to a VP or the CFO to go through the necessary bureaucracy.

2) I just eliminated their obscurity. In about an hour after posting this Google will index my site and then the address will be available for everyone to know.

You can't compensate for a weakness in a system just by making it harder to find.