Slashdot Mirror

← Back to Stories (view on slashdot.org)

Card Locks Thwarted by Shopping Club Card

Posted by ryuzaki0 on from the hmmm-not-so-good dept.

hal9000(jr) writes "A recent column ('Social Engineering, the Shoppers' Way') on darkreading.com shows how easy it is for a pen test team to walk into a supposedly secure facility using a shoppers club card because the man trap feature was enabled. Man-traps allow people to enter an outer door but not an inner door similar to ATM kiosks. Once inside, of course, they had the run of the place." Lessons: after writing down your password, eat your sticky notes rather than leave them on the monitor.

21 of 361 comments (clear)

  1. Wrong kind of trap by HugePedlar · · Score: 4, Funny

    Should have used caltraps instead of mantraps.

    --
    Argh.
    1. Re:Wrong kind of trap by ozmanjusri · · Score: 3, Funny
      And what would a bunch of tacks do to improve security anyway?

      You could nail the door shut.

      --
      "I've got more toys than Teruhisa Kitahara."
  2. Just great. by Rob+T+Firefly · · Score: 5, Funny

    And what's more, the security system added frequent shopper rewards to their card! Those lucky bastards are going to save so much money on their next purchases of orange juice and cat food.

    --
    Slashdot Burying Stories About Slashdot Media Owned
  3. Draw your own ID card by Brix+Braxton · · Score: 4, Funny

    I work in a secured building - it's a federally protected building right above a train hub and across from the sears tower. Anyway - security is similar to what was described - barely flashing anything that resembles a photo ID card with a splash of red on it is sufficient to get in. I keep fighting the urge to do it, but what I really want to do is just draw a half assed I.D. card with crayon and construction paper and see if it gets me through.

    --
    www.wildpad.com
  4. The Man Trap by digitaldc · · Score: 4, Funny

    they could just use the transporter and beam into any secure area, all they need are the coordinates and blammo, they're in.

    But, you forgot, after you beam down there could be an extremely attractive woman just waiting to suck all the salt out of you!

    --
    He who knows best knows how little he knows. - Thomas Jefferson
  5. Re:Wrong use of the word man-trap by Anonymous Coward · · Score: 1, Funny

    Ah...so a "man trap" traps a man (or woman I guess), which makes sense. What, then, does a booby trap do?

  6. Reverse Scenario by ruben.gutierrez · · Score: 2, Funny

    I wonder if we can get mega-discounts at the grocery store if we use our card key in place of our club card?

  7. Re:Bad Advice? by Anonymous Coward · · Score: 1, Funny
    Spending the rest of the night duct-taped in a supply closet just doesn't seem like all that much fun to me :)

    Some people pay good money for that kind of treatment. I mean, I've heard. Just sayin' is all.
  8. Re:Don't give British education a bad name, sonny. by mainframemouse · · Score: 2, Funny

    It's the side effect of living in the spell check generation. Besides, English is my second language. Gibberish is my first.

  9. Re:Wrong use of the word man-trap by MrNougat · · Score: 3, Funny
    What, then, does a booby trap do?


    It would trap a particular kind of sea bird, or a not very smart person. Or maybe it's something else entirely.
    --
    Web 2.0 == Giant Blogspam Circle Jerk
  10. Re:insecurity 101 by MountainLogic · · Score: 4, Funny

    Better get a receipt every time you go to the bathroom

  11. Re:Just have someone carry a baby in carrier by WindBourne · · Score: 3, Funny

    Well, of course they would. Everybody is thinking of the kids.

    --
    I prefer the "u" in honour as it seems to be missing these days.
  12. What about the company fridge? by Il128 · · Score: 1, Funny

    How do I secure my lunch in the company fridge? When someone can provide an answer to that one the world will be a truly better place!

    --
    Thanks to eating disorders most chicks are reasonably good looking these days.
  13. Re:Easy full access by bhpratt · · Score: 4, Funny

    I've worked a national laboratory and even the janitorial staff had to have secret or top-secret clearance to be allowed access to the respective secure areas. In fact, now that I think about it, most of the janitorial staff had higher clearance than I did...

  14. Re:RTFA by lerxstz · · Score: 2, Funny

    maybe this is a dumb question but...seeing as you were at the bank anyway, wouldn't it have been easier for them to just give you some money?

    --
    I chose to end my comments, not with a rim shot, but a long decaying F#7sus4
  15. Re:That's why... by Jon+Luckey · · Score: 3, Funny
    I only buy 3M *flavoured* Post-It (TM) products.

    Do they taste 50% better than M&M's?

    --
    -- 3 events that reshaped the world in the 20th century: WW1, WW2, and WWW
  16. Why not use real people? by boyfaceddog · · Score: 2, Funny

    If you hire someone to sit on a stool inside the door, give them a clipboard with paper printouts including people's names, photos, and some stupid factoid about them, then point a cheap web-cam at the "guard" so they know Big Brother is watching, I bet you get pretty good results. Throw in a tazer, couple of windowless steel fire doors without external key-holes and a big ol' sign that says "Use Other Door" so the poor bastard can take a break or go home, and you're covered.

    Expensive? SURE! As expensive as losing data? Talk to your accountant first.

    --
    Here will be an old abusing of God's patience and the king's English.
  17. Re:insecurity 101 by Intron · · Score: 2, Funny

    Do you read the last page of mysteries first? I was waiting until I had all the suspects gathered in this room.

    --
    Intron: the portion of DNA which expresses nothing useful.
  18. Re:RTFA by Ced_Ex · · Score: 2, Funny

    The other reason is that it would be highly uncomfortable and potentially very dangerous to have someone asking for money from someone getting money out of an ATM.

    Yeah, that would suck. I guess you wouldn't be able to use the excuse "Sorry, I don't have any money on me at the moment."

    --
    Live forever, or die trying.
  19. Re:RTFA by LunaticTippy · · Score: 2, Funny

    Access to funds would be quite convenient.
    Free advertising for potential customers, too.

    --
    Man, you really need that seminar!
  20. Re:RTFA by Schraegstrichpunkt · · Score: 3, Funny

    I don't know about the grandparent poster, but my student cards has a magnetic stripe that isn't used for anything. The library uses the barcode printed on the front of the card, the financial office just enters your student number manually (since it's not encoded into barcode number), and door locks use a different card.

    --
    http://outcampaign.org/