Given his expertise, Schneier acts as an excellent curator/aggregator. Also, by cherry-picking relevant excerpts and framing them with an apt title, the added value is subtle yet significant enough. Here, the focus in his post is markedly different than in Khovanova's.
Oh dear. In one of Schneier's previous posts, he mentions graduate students learning the security mindset though analysing everyday products. One of these products was 24/7 video monitoring for elderly care... and the CEO of that company took offense to the security of his product being questioned, eventually pulling the security-through-obscurity card https://cubist.cs.washington.edu/Security/2008/02/10/securit...
Many of the other products such as OnStar have similar responses - security-through-obscurity requires the eternal vigilance of constantly googling your product + "security" ;)
If you're in the infosec business you should have a small army of bots looking for new results on google searches of "your-product security/exploit/..." and monitoring sec forums, exploit databases and other things as well, regardless of whether you do security properly or not. A 12hrs difference between someone finding news of an exploit and the info getting around to your client or you finding out 12hrs earlier from your bots and be already working on a fix or have it fixed might be the difference between being in and out of business...
The post has nothing to do with one-way functions. The point was that its very difficult, if not impossible, to consider all the possible attack vectors in a system, even for someone with a lot of experience, even for a very simple system.
(also, its important to get as many eyeballs as possible to examine the system)
People say that the smart 8th grader used social engineering, but who knows, maybe it was an example of hard core information engineering. He might thought:
"The white pages book is only one representation of the algorithm, this information may be available somewhere else. Eureka! Rainbow table exists in the field!"
