Keep it secret, stupid!

Neil Johnson njohnsn at iowatelecom.net
Mon Jan 27 20:42:25 EST 2003


My favorite lock is the electronic lock I saw in a data center. To make  it 
easier to leave the room, they installed a motion detector near the door to 
unlock the door when you walked toward the door. That way you didn't need to 
badge out (why they considered this a bad thing, I don't know).

Which is all well and good until you notice that there is a 1/2" gap along the 
bottom of the door.  Take a dowel rod, tape a piece of cardboard to the edge 
(like a flag), stick it under the door, rotate the dowel a couple of times to 
trigger the motion sensor, and  ta-da! you are in.

Of course during the security audit, the auditors' biggest concern was that 
the data center's walls didn't go all the way to the ceiling, so some one 
could sneak in over the suspended ceilings (There were no private offices or 
closets on adjoining walls of the data center).

My other favorite was a company's policy banning "all company confidential 
information" from being stored on PDA's.  Of course they said nothing about 
all the "company confidential information" being stored in Day-Timer's, 
Filo-Faxes, and other paper based personal organizers. I suggested that they 
require these users to use secret decoder rings or Pig-Latin to secure the 
data and require them to photocopy their organizer's daily (to provide 
backups for "disaster recovery"). 

This is why I have so much disdain for "corporate information security" 
departments.  They seem so busy plugging the mouse holes in the barn walls, 
they forget that the door is wide open.

-- 
Neil Johnson

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list