Slashdot Mirror


Card Locks Thwarted by Shopping Club Card

hal9000(jr) writes "A recent column ('Social Engineering, the Shoppers' Way') on darkreading.com shows how easy it is for a pen test team to walk into a supposedly secure facility using a shoppers club card because the man trap feature was enabled. Man-traps allow people to enter an outer door but not an inner door similar to ATM kiosks. Once inside, of course, they had the run of the place." Lessons: after writing down your password, eat your sticky notes rather than leave them on the monitor.

11 of 361 comments (clear)

  1. Wrong kind of trap by HugePedlar · · Score: 4, Funny

    Should have used caltraps instead of mantraps.

    --
    Argh.
    1. Re:Wrong kind of trap by ozmanjusri · · Score: 3, Funny
      And what would a bunch of tacks do to improve security anyway?

      You could nail the door shut.

      --
      "I've got more toys than Teruhisa Kitahara."
  2. Just great. by Rob+T+Firefly · · Score: 5, Funny

    And what's more, the security system added frequent shopper rewards to their card! Those lucky bastards are going to save so much money on their next purchases of orange juice and cat food.

  3. Draw your own ID card by Brix+Braxton · · Score: 4, Funny

    I work in a secured building - it's a federally protected building right above a train hub and across from the sears tower. Anyway - security is similar to what was described - barely flashing anything that resembles a photo ID card with a splash of red on it is sufficient to get in. I keep fighting the urge to do it, but what I really want to do is just draw a half assed I.D. card with crayon and construction paper and see if it gets me through.

    --
    www.wildpad.com
  4. The Man Trap by digitaldc · · Score: 4, Funny

    they could just use the transporter and beam into any secure area, all they need are the coordinates and blammo, they're in.

    But, you forgot, after you beam down there could be an extremely attractive woman just waiting to suck all the salt out of you!

    --
    He who knows best knows how little he knows. - Thomas Jefferson
  5. Re:Wrong use of the word man-trap by MrNougat · · Score: 3, Funny
    What, then, does a booby trap do?


    It would trap a particular kind of sea bird, or a not very smart person. Or maybe it's something else entirely.
    --
    Web 2.0 == Giant Blogspam Circle Jerk
  6. Re:insecurity 101 by MountainLogic · · Score: 4, Funny

    Better get a receipt every time you go to the bathroom

  7. Re:Just have someone carry a baby in carrier by WindBourne · · Score: 3, Funny

    Well, of course they would. Everybody is thinking of the kids.

    --
    I prefer the "u" in honour as it seems to be missing these days.
  8. Re:Easy full access by bhpratt · · Score: 4, Funny

    I've worked a national laboratory and even the janitorial staff had to have secret or top-secret clearance to be allowed access to the respective secure areas. In fact, now that I think about it, most of the janitorial staff had higher clearance than I did...

  9. Re:That's why... by Jon+Luckey · · Score: 3, Funny
    I only buy 3M *flavoured* Post-It (TM) products.

    Do they taste 50% better than M&M's?

    --
    -- 3 events that reshaped the world in the 20th century: WW1, WW2, and WWW
  10. Re:RTFA by Schraegstrichpunkt · · Score: 3, Funny

    I don't know about the grandparent poster, but my student cards has a magnetic stripe that isn't used for anything. The library uses the barcode printed on the front of the card, the financial office just enters your student number manually (since it's not encoded into barcode number), and door locks use a different card.