Card Locks Thwarted by Shopping Club Card

hal9000(jr) writes "A recent column ('Social Engineering, the Shoppers' Way') on darkreading.com shows how easy it is for a pen test team to walk into a supposedly secure facility using a shoppers club card because the man trap feature was enabled. Man-traps allow people to enter an outer door but not an inner door similar to ATM kiosks. Once inside, of course, they had the run of the place." Lessons: after writing down your password, eat your sticky notes rather than leave them on the monitor.

Re:Wrong use of the word man-trap

[umghhh]

It is indeed a major mistake. Firing the responsible technician on the spot as you suggest will not do anything to increase security however. After all persons responsible were able to act on information provided - next time this method did not work. We do not have such certainity about their replacement.

Not giving a chance for improvment is bad policy - the only thing it really does is alienate security people. It may be that next time they spot similar mistake they will not fix it in any official way fearing consequences and this can create bigger security problem then the one 'fixed' by firing squad.
Alienated guards are bad guards.