Stupid security measures, a contest

Hadmut Danisch hadmut at danisch.de
Fri Feb 14 14:42:38 EST 2003 

On Fri, Feb 14, 2003 at 02:18:00AM -0800, alan wrote:
> 
> The extra anal security guard can be fun to play with.

A little bit more about "guards":


In 1985/86 I did my compulsory army service in Koblenz, which 
also included to be the guard of the barracks for several days.

When I was the guard of the main entrance, once an army vehicle
approached to enter the area. I stopped the vehicle and asked for the
identity card, driving license, and driving order, just as usual.  The
guy in the car gave each, but it was obvious that all three were wrong
and forged. I told him to leave the car immediately and come with me
to the officer in duty. He smiled and said "Congratulation, this was a
security check and you have passed perfectly."

I answered "Nice try", immediately pulled the gun, and arrested him,
put him in the prison in the guard house, and informed the chief of the
barracks area.

It turned out that the guy indeed was a security officer of the army,
and it was his job to perform security checks like this. The security
department he came from was performing checks like that one for about 15
years.

He said in about 25% of their checks the guards didn't realize that
the papers are wrong and let the person pass without questions. In
such cases the guards had failed the test.

In the other 75% of their checks the guards realized and stopped the
person, and so the guards had passed the check. But their officers
never ever had to prove that they performed a security check and they
never needed their real identity cards. He was the first one to find
himself arrested. It was always enough to say "Congratulations, this
was a security check and you have passed." to enter the area without
further questions and to leave a happy guard behind. No one ever had
any doubts. And nobody realized that this was a security leak.

The effect was that the officers of that security department were
entering barracks for 15 years as a security officer performing
security checks without ever having to show a valid identity card and
driving order, either in the first or the second way, and didn't
realize that this was a security problem.

:-)

Hadmut






---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list