Re: Securing TE to the bench?

Offices had key locks, most labs had keys and cypher locks.

Cheers

Phil Hobbs

--
Dr Philip C D Hobbs 
Principal Consultant 
 Click to see the full signature
Reply to
Phil Hobbs
Loading thread data ...

How about the coffee machines? ;-)

--
Anyone wanting to run for any political office in the US should have to 
have a DD214, and a honorable discharge.
Reply to
Michael A. Terrell

the methods they use to break down doors, old and new differs and the one for old doors is actually pretty clever. None of which even involve touching the lock, unless you've got a $12 Kwikset lock and nothing more.

Either way, when you're a harder target, people look elsewhere.

Take for instance robbing a bank. You walk in, hand over a note, get a token amount of money, nobody puts up a fight and you walk out. It's apparently not hard at all once you cross that moral line. Surprise, there's lots of serial bankrobbers, and it would seem most never get caught as banks only believe in slow-scan quarter VGA-res security cameras.

Reply to
Cydrome Leader

One facility I worked at had some "Department of Defense" certifed keypads (whatever that means, if anything at all, I was never told a certification level of spec they adhered to) that were fairly smart.

The keypad had LED displays inside each swith position in the form or a telephone keypad that could only be read at sitting in a wheelchair height at which they were mounted. The digits at each button always changed so it was not possible to watching somebody enter a code and then repeat it as you could not see what they were keying in. Wear on the keypads was kept even too, and funny business with figuring out which keys were pressed last was useless.

Those got disconnected and they went back to keycards for some reason.

Reply to
Cydrome Leader

Who cares? There are easier ways to get into 99.9% of homes than busting down a door or picking a lock.

Agreed but a solid front door and lock aren't included. Lights are likely the best insurance (after buying insurance ...and a gun). A sign stolen from an alarm company might help, too. ;-)

If you think it's that easy, you're nuts. Sure, it's easy, once. It's easy twice, but pretty soon you're on the TMWL. The FBI doesn't treat bank robbery kindly, even though the average take is less than $4K.

Reply to
krw

What years? Mine was mid '70s, and the DCAS inspector was one of the group "I showed that flaw, that day.

--
Anyone wanting to run for any political office in the US should have to 
have a DD214, and a honorable discharge.
Reply to
Michael A. Terrell

We didn't have locks on office doors (except for managers). No need.

Reply to
krw

They didn't have cipher locks on them either. ;-)

Reply to
krw

Key cards allow security to maintain records of entry into an area. All of the areas where I work (everywhere but the lobby is "secured") has card access, both in and out. I swipe the card at least forty times a day.

Reply to
krw

If you haven't already read it, I highly recommend Richard Feynman's "Safecracker Meets Safecracker" story. I wish I had read it *before* I started asking pointed questions about the passwords on the Unix server at a job long ago. Scan at:

formatting link

In a similar vein, there is a book that discusses the main points of just about every computer-security disclosure argument you've ever heard. The interesting thing is that it predates electronic digital computers by nearly 100 years. "A Rudimentary Treatise on the Construction of Locks", edited by Charles Tomlinson, 1853. Chapter 1 has the discussion on "if a lock is easy to pick, should we talk about it in public?" Scan at:

formatting link

Matt Roberds

Reply to
mroberds

We didn't do any military work, so there was no clean-desk policy. None of us could have functioned if there had been. ;)

Seriously, an office lock is important to prevent the less skilled sort of burglar from getting physical access to your computers.

Cheers

Phil Hobbs

--
Dr Philip C D Hobbs 
Principal Consultant 
 Click to see the full signature
Reply to
Phil Hobbs

That second reference is a win. Thanks.

Cheers

Phil Hobbs

--
Dr Philip C D Hobbs 
Principal Consultant 
 Click to see the full signature
Reply to
Phil Hobbs

It doesn't matter what the FBI likes or doesn't like. If you rob a bank, you walk away with some small amount of money, each and every time. Nobody resists. Tellers don't jump the counter with baseball bats like at a liquir store and fight back.

You might get caught, eventually, and it seems many serial robbers never get caught.

Reply to
Cydrome Leader

The cool keypads were in place until maybe 2010? They looked old as heck but were not all that old when they were installed less than 10 years before.

Reply to
Cydrome Leader

They are good for auditing, but are only one part of security in general. We have doors get just don't close or get propped open, but have no alarms so nobody investigates. Nothing special here but an office, so who cares.

I did once get a call from corp. security at a telecom site as somehow I tripped an alarm. I had to wave at a camera and rescan my badge and only the were they able to clear the alarm. I'm still not sure how they got my cell phone #.

Reply to
Cydrome Leader

Amusing but, unfortunately, more truth than fiction. People rarely engage in Blue Team/Red Team sorts of analysis *BEFORE* deploying a "solution" -- to ANY problem (security or otherwise). They always seem more focused on getting *a* solution than worrying about whether or not it is the *right* solution.

I've got a twisted (?) mind -- immediately looking for flaws in every solution even before the solution is completely fleshed out (i.e., using those flaws to guide further development of that solution). Makes me really good at finding bugs in software, etc. But, tedious to design for ("Yes, but...").

(sigh) I've not been able to come up with a consistent, rational approach to this issue. I've worked on products that were security related (including actual door locks), safety related, performance related, etc. Each cases where "flaws" can have significant "moral" and financial costs (what if I misreport a test result leading to a misdiagnosis of someone's health condition? steer the vessel *into* another? allow a user to "steal" monies? etc.)

"Security (reliability, safety, etc.) by Obscurity" is an ostrich's approach to these problems -- "Hope no one ever finds out and/or exploits them".

I wonder how different (certain) technology would be had the ease of "self (anonymous) publication" that is so available today had, instead, been available 30 or 40 years ago. (conversely, what impact this "disclosure-ability" will have on technology 30-40 years hence!).

E.g., many of the exploits covered in TAP in the 70's would never have survived with the sort of INSTANTANEOUS and WIDESPREAD disclosure common today! All of those holes would have had to have been patched promptly. It's one thing to protect against (i.e., "eat your losses from") hundreds of hackers exchanging photocopied/mimeographed sheets via USPS -- another thing entirely when exploits are posted as YouTube videos, forum messages, etc.

So, I have a patchwork of rationalizations governing what "flaws" and "exploits" I will discuss openly (and a different set of criteria for "trusted communiques"). It's always nice to see some *other* "public" source of (informed... not hypothesized!) disclosure so I can ease my conscience as to the legal/moral constraints placed on my own disclosures.

OTOH, you need some sort of "pressure" on people and organizations to force these things to be fixed instead of avoiding or defering those costs indefinitely ("Well, credit card losses are only $XB/year so it's not worth fixing the problem -- YET!"). E.g., I still see websites/domains that are vulnerable to HeartBleed... how long before someone gets off their *ss and fixes those? (as "simple" as installing an update that someone else has already tested!)

To how many more people do you sell vehicles with faulty ignition switches before taking on the INEVITABLE cost of introducing a fix?

Reply to
Don Y

The FBI is all over bank robberies. It pisses 'em off. As it gets to be more of a "serial" issue, the heat turns up quickly.

I doubt that. They will eventually get caught. They aren't the brightest of the criminal class.

Reply to
krw

Every one I've seen has a door-open sensor. Like anything, it depends on what you do with it how useful it is. At my CPOE, any door that's propped open will be investigated in minutes (and we don't have any security clearance issues).

That's easy. They know who you are by your badge (you did badge in). Once they know the name, finding a phone number is easy. I'm sure your phone number is in company records.

Reply to
krw

No military work in P'ok, either, but there was a clean-desk policy in every location I was in.

I don't recall ever having a lockable door. Hell, with cube farms, doors are a thing of distant memories. Physical security of computers is taken care of with encryption (at best).

Reply to
krw

That's a couple generations newer that what we had.

--
Anyone wanting to run for any political office in the US should have to 
have a DD214, and a honorable discharge.
Reply to
Michael A. Terrell

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.