Slashdot Mirror
What Examples of Security Theater Have You Encountered?
swillden writes "Everyone who pays any attention at all to security, both computer security and 'meatspace' security, has heard the phrase Security Theater. For years I've paid close attention to security setups that I come in contact with, and tried to evaluate their real effectiveness vs their theatrical aspects. In the process I've found many examples of pure theater, but even more cases where the security was really a cover for another motive." swillden would like to know what you've encountered along these lines; read on for the rest of his question below.
swillden continues: "Recently, a neighbor uncovered a good example. He and his wife attended a local semi-pro baseball game where security guards were checking all bags for weapons. Since his wife carries a small pistol in her purse, they were concerned that there would be a problem. They decided to try anyway, and see if her concealed weapon permit satisfied the policy. The guard looked at her gun, said nothing and passed them in, then stopped the man behind them because he had beer and snacks in his bag. Park rules prohibit outside food. It's clear what the 'security' check was really about: improving park food vending revenues.
So, what examples of pure security theater have you noticed? Even more interesting, what examples of security-as-excuse have you seen?"
So, what examples of pure security theater have you noticed? Even more interesting, what examples of security-as-excuse have you seen?"
Airports... Need I say more?
More Twoson than Cupertino
No trolling intended, but the war in Iraq now is the biggest piece of security theater on the planet. It does not make the US safer ( indeed it probably does the reverse ) but it does give certain people benefits. Chaney and friends make millions on no-bid contracts, and neocons get to implement policies that in more normal conditions would not be tolerated by the public.
While creating an intranet for the company I was doing some outside work for I ran into a problem authenticating through their antiquated AD system. Rather than updating everything or heaven forbid give management an actual password to remember my instructions were to "make it as scary as possible but don't actually put a password on it." I had a four tiered authentication system which would allow you to move forward regardless of what was put in the text boxes. They loved it, and a little piece of me died when I cashed the check.
"Never let your sense of morals prevent you from doing what is right" - Salvor Hardin
If public CA's are supposed to be trusted authorities of identity on the Internet, why do we have to have "extended validation" of an entity before they get a certificate? If we can't trust the CA to validate entities before issuing certificates in the first place, how can we trust them to issue Extended Validation Certificates in the second?
Oh, I forgot, they are in collusion with Microsoft and other CA's to inflate the cost of digital certificates they already issue.
Welcome to the world of 'security'. A place where there are hidden meanings behind everyone of their smiles. When you think about it, what makes security software so adventageous? Viruses and other malware. In order to have those wou can not have security. And hense in order to make their buisness prosper they have to have a hidden agenda.
-- (this is a sig) My Computer Programming Forumhttp://www.programers.co.nr/
In 2001 I was living in an apartment complex in a North Dallas suburb. If you got a package that wouldn't fit in those teeny-tiny mailboxes then the mail man would drop off the package at the apartment complex office and you could pick it up in normal office hours.
After September 11th, the apartment management sent out a memo to all residents that because of the heightened state of terrorism awareness the office would no longer allow packages to be held there for the residents.
Of course my first thought was they were just tired of dealing with the packages and saw this as a convenient excuse to stop holding packages for people.
No todo lo que es oro brilla
Oh, and "inspections" of laptops at the border.
Yeah, that will help (actually, it does. It helps because it drastically reduces the number of willing visitors to the US)..
My adviser back at University, Rich Maddox, used to tell a story from his youth, when he was dating a girl who (apparently for religious reasons? I don't remember exactly) always carried a large knife in her purse. So anyway, they were going to Disneyland with a couple of friends, and as they went through the entry turnstile they stopped Rich and asked to check his backpack for weapons and so forth. And they found a pocket knife there, and told him he couldn't bring it into the park because it was dangerous. That's when Rich called over to his girlfriend who was already inside, and said "Honey, do you still have that knife with you?" And she pulled it out of her purse and said "Yeah, why do you ask?"
(rot13) rpbzbab@tznvy.pbz
Recently when flying from Lima, Peru, to Toronto, Canada, I went through check in with 2 pocket knives and a tube of toothpaste in my carryon. They took my toothpaste, but let me on with everything else.
The whole concept of taking sharps from people is stupid. Once you get on the plane, ask for a coke in the can. They will happily give it to you. Tear the can in half (bend/fold several times 1st to make it easier), and you will now have 2 very sharp jagged pieces of metal.
Every time I'm held up by the "No Fly List" because I have an insanely common name, I feel like a victim of security theater. How many would be terrorists have been caught by the no fly list?
In my opinion almost all forms of random searches are security theater.
People putting loaded handguns in their homes in the case of a wood-be assailant or robber breaking in. This is not only security theater, it increases the risk you are putting yourself and your family in. Not to mention that in most instances of murder the victim knew the assailant. You're more likely to die of suicide than a robber killing you.
I don't know if these are examples where the security theater is a cover for another reason--unlikely. But there's clearly examples where it just makes your life worse more often than better.
My work here is dung.
Security theatre in it's finest. It's so unusable that it's clear that any serious user will disable it. So why include it? The article points a valid reason: liability. Micrsoft can't keep your system highly safe without a great cost to them (re-architect the OS and severely damage backwards compatiblility). So they chose to let you either deal with the annoyance, or turn it off, and (symbolically) accept responsibility for anything that goes wrong.
Make sure everyone's vote counts: Verified Voting
Nuff' said.
Slashdot needs to interview Natalie Portman.
I cannot verify this story, anyone else?
Back in ArpaNet days, MIT had machines running an OS called ITS. It was a friendly and happy world and there were user accounts but no passwords. But networking means that strangers can connect and so Arpa insisted that passwords be added. So the ITS developers added a password prompt that ignored the password, and this made the Arpa people happy for a while until they figured it out and made them actually check the password.
In a similar vein, Microsoft file server passwords were originally checked only on the client, a fact which went undiscovered until Samba came along.
I had a boss that named the wireless network "Virus". On asking him about this, he explained "it's to scare off hackers - they won't connect if they think they'll get a virus". Ah, ok.
It's probably worth pointing out he wasn't aware you could "secure" a wireless point with a basic WPA key at least - it was completely open, anyone could walk right in, assuming they beat the fear of the "virus" that was.
throw new NoSignatureException();
The libraries let you sign your own books out. You place your book and card under a scanner, and then it demagnetizes the book so the alarms won't go off when you leave. The scanner only reads a barcode though, so you can stick five books on it, sign out one, and demagnetize them all. Presto, four free books.
Of course, when the security alarms do go off at the library anyway, they just let the people walk out.
come along folks ..its been a long day
DIEBOLD and other voting machine manufacturers take the cake for Security Theater. Throwing around words like encryption make most politicians nod ignorantly in agreement (something politicians often do). By now we should know the whole voting system is rigged, and that these fools are continuing to tout themselves as secure.
Here's the movie that partially but convincingly explores how jacked up this situation is:
http://video.google.com/videoplay?docid=-4762159260759486531&ei=Fms8SKmYKJCEqgPTx4XjAw&hl=en
...while I was temping for a company in Chicago, I was asked to deliver a box of candy to a client in the Sears Tower. While entering, I went though the giant, heightened security setup - x-rays and all - and got held up because I had a box cutter in my backback.
They held it up triumphantly and shouted at me, "Just what do you expect to do with this?!"
I wanted to ask them them the same question back. Just what did they expect I'd do with that? In a building that had security guards with guns? Was I going to hijack the building and crash it into a plane?
On my bank's web site, when I used the browser's back button, things started to get out of sync. You had to click their own custom back button somewhere in the pages so that everything would continues to work.
When I called to report it, I was explained that I had to click their own back button, not mine. When I said "Yes, I know, I just wanted to let you know so that you can fix the bug sometime", the final answer was something like "It's by design. It's for security reasons". At that point I was expected to say "ok. thank you" or whatever, and to understand that a "bug" was totally unthinkable on their super-reliable ultra-secure blah blah bank site.
Nevertheless, a few months later, the bug was gone. I didn't call back to say I'm now worried about the security...
Can he tell you how many millions of emails and documents are encrypted before one is protected? Because it would be nice if he met the same standards he holds others to -- it would be nice if anybody in computer security were held to the same cost/benefit standards as regular security. I used to have 16 different passwords at work, all requiring changes every 64 days, and I somehow doubt it was worth the trouble.
His examples are bunk anyway because he doesn't understand them. Deterrents work without working, that's the point. And the baby thing -- there's a big moral and societal difference between losing a sick kid to disease and having a healthy kid kidnapped. Otherwise, why imprison kidnappers but not doctors who treated patients who died?
The article fails to talk about security as a deterrent.
The RFID bracelets on an infant can give comfort to the parents but its more of a deterrent then anything. Sure the hospital can tell the parents that their child is protected. But the hospital is not protecting the child as much as its protecting itself. For example:
A guard that is in the bank is not there to stop a bank from being robbed. He deters people from committing the crime itself. In a robbery situation the guard himself is useless because the individual or individuals robbing a bank would take him out first. But in most bank robberies, the criminals are going to go after a bank without a guard anyway.
A mall guard doesn't stop people from stealing, he creates the presence of being watched, therefor deterring people from stealing.
Same goes with cameras in stores. Most of the time no one is monitoring the cameras and if anything their used to watch employees over customers. But their deterring employees from doing anything unethical or illegal and they deter people from stealing.
In my opinion the idea of security theater and feeling safe is crap. You might as well spend the time and effort to know your safe then make it seem like you feel like your safe.
...but what the hell is up with these users starting their replies with something like: "I'll probably get modded down for trolling, but..." Are you saying you know your answer will not be appreciated, but you're just the kind of crazy, out-there, don't-give-a-damn, cool guy that says it anyway? Just say what you have to say and stand by it. Stop showing off your insecurity, and/or lack of knowledge on the subject.
What's left to say? It's pretty clear that drugs are more dangerous when they're only available in the unregulated black market than in a regulated legal market. Criminalizing the use of drugs only hurts drug users more, yet it's done in the name of safety.
What's worst is that we've been fighting this war for decades, no end is in sight, we've spent more money and lost more freedoms fighting it than we have in Iraq. And still, no one in power has the balls to speak out against this.
We live in a sick, sad world. People who would meet the non-violent act of drug use with the violent acts of arrest and imprisonment are themselves violent criminals. Yet in this society they are deemed good citizens.
Give me Classic Slashdot or give me death!
rj
The DOD replaced reasonable passwords with Common Access Cards. The difference? Instead of having to find out someone's 8+ character alphanumeric password that changes every month, you need to have physical access to their card and need to know their 6 digit number that never changes. Meanwhile, everyone is forgetting their card in the reader when they go to lunch, so they can't get back on base -- but feel free to use it yourself in the meantime.
Whale
See tsa.gov. I have personally taken gasoline soaked garments on an airplane and not had them given a second look. Of course the radios I also carry always get a second look although they are EXACTLY like most of the guards carry (Motorola CP200). However, I do feel infinitely more secure knowing that an airplane will never be highjacked again, not because of anything the government does but because the passengers won't stand for it and will kill the highjackers. I suppose some passengers might die but as far as they were concerned they were dead anyway. In short, pretty much the whole airline security system is security theatre.
I was working with a particular system where the vendor added a strict password security policy. They require a mixture of uppercase and lowercase letters as well as at least one digit or special character. Later on, I discovered, by accident, that the password is not case sensitive when you actually go to login. It turns out that the routine for setting the password enforces stronger passwords than the underlying system can actually support. The vendor, of course, claimed that they would be upgrading their underlying password encryption algorithm very soon.
What about security measures that have the opposite effect, of making the system less secure?
Aggressive password policies, for example, that require long strings of amnemonic gibberish that must be changed every month or so and may not bear any resemblance to previous long strings of gibberish.
The end result of this at my company is that we each use the same password for every security domain we have access to, and we tend to write it down.
Any sufficiently well-organized community is indistinguishable from Government.
I was living in Salt Lake City during these games. Remember that the Olympics were only a few months after 9/11. There were huge security concerns. We saw low flying helicopters over the city we were told were searching for nuclear material. We saw various 'special forces' teams deployed in the mountains around venues looking for 'snipers.' The security downtown was surreal. People were checking every car coming in and out for bombs. Everyone had to go through metal detectors (in some cases, you actually had to pass two layers of metal detectors). The amount of government agents per city block was astounding. Many were armed with sub-machine guns. For such a quiet city like Salt Lake, seeing troops walk around in full combat gear was quite theatrical.
My favorite security theatric was an ATF agent standing on a street corner, machine gun in hand and in full combat gear. He was waving and smiling at people driving buy to be sure they all saw him and his gun. I stopped and watched him for about 20 minutes before he started using his radio while giving me the 'killer' eyes. Despite the smiling and waving, he was not friendly, not at all. I decided to vacate my vantage point. Those guys were so bored they were looking for targets to harass.
Have I heard the term Security Theatre.
Must have been coined by someone thinking outside the box.
Patriot Act
I had some stock options through my job that I tried to cash through the etrade account that had been set up for me. The stock price was rather high, and our trading window was about to close, so I tried selling at literally the last minute. The sell order failed, and no reason was given. A few days later, I received a letter in the mail from etrade telling me that my account was locked. Several years before, while living in a different state, I had an etrade account. Because the SSN was the same on both accounts, but the addresses were totally different, some part of the Patriot Act made them lock my account until I could prove my identity by sending them a notarized copy of my social security card.
Another example, which isn't really security theater, just shitty work by the TSA happened to me a few years before that.
My wife had to fly out of state for a funeral, and she took our 6 month old daughter with her. I took them to the ticket counter. Since she was traveling with a baby, a car seat, and her carry on bag, the ticket agent offered to print me a pass that would allow me to accompany her to the gate and help her carry her things.
As I was getting up to the xray machines, I remembered that I had a small pocket knife in my pocket. I hadn't removed it since I wasn't expecting to go through security. As I got to the xray machine, I told the operator what had happened, and told her that I'd just go back through the line and put the knife out in our car.
She seemed ok with that, and told me that I could just go ahead and go through the xray machine, and out the exit that was just a few feet from the xray machine, so I didn't have to go back and work my way through the line.
As soon as I went through, several TSA agents came up and detained me for attempting to bring a weapon through the security checkpoint. I wound up being searched, my 6 month old daughter that I was holding was searched, and I was questioned for about an hour as to why I had tried to take a knife through security. Not once did they go talk to the lady running the xray machine less than 50 feet away, who had told me to go through.
In the end, my knife was confiscated (It was about a $50 knife), and I was threatened that I could be under arrest for attempting to smuggle a weapon through the airport, and I could be facing a several thousand dollar fine for it. They filled out a report, and made me immediately leave the terminal.
About a month later, I received a letter from the TSA saying that they had chosen not to fine me this time, but if I ever came up in their system again I would face the maximum penalties.
That was the day that I lost all faith in our government.
In a past life, I worked for a major aerospace company. Security appeared pretty tight, what with armed guards checking IDs at entry points. They also had manned checkpoints to check vehicle passes at the road entrances. These were usually issued to upper management, enabling them to park inside the fence, close to the buildings. The peons had to park outside and walk in.
Because of my job in various R&D labs, I was always hauling equipment around in my personal vehicle. There were provisions to issue employees in my position a temporary vehicle pass and a 'parcel pass', allowing us to transport company equipment through the gates.
Throughout my career, I was never ever challenged when exiting a facility with a hatchback, obviously loaded with expensive equipment. The vehicle pass system existed only to ensure that some scumbag grunt didn't park in a manager's space. Security guards were nothing more than glorified parking enforcement.
At some of the production facilities, gate guards were instructed to examine lunch boxes of the workers exiting to ensure that they were not swiping tools. Briefcases were exempt from such checks, as they were typically carried by trusted engineers and management. As most of the engineers working within production facilities were indistinguishable from mechanics by dress or any badge markings, I suppose it never occurred to security that a worker intent on swiping tools could obtain a briefcase.
Have gnu, will travel.
I was trying to transfer some funds out of a joint bank account. I used the phone based system (and answered the usual security questions). Then the person told me that for the transfer to be allowed, both people on the joint account needed to sign-off on the transfer.
The other person wasn't available... so I just said "Ok, hold on I'll get him." Then waited a few seconds and said "Hi. Yes, I'm he. Yes I confirm the transfer."
They transferred the money. No authentication, no double-checks. Just some voice on a phone (I didn't even bother faking a different-sounding voice) saying that it was ok.
because it was a revolver.
It must suck, being you, and never being able to understand the humor in a pun.
"National Security is the chief cause of national insecurity." - Celine's First Law
A local school here recently went to a closed campus. They paid a lot of money to fence between all perimeter buildings (really old school), and to put up large gates.
During school hours, the only way onto the campus is through the front office (or any door that someone opens from the inside). You can exit the campus from any perimeter door. For good measure, they mounted a security camera to watch the door into the front office.
They placed it so that it records the back of people as they enter the office. At least it would, if they hadn't mounted it directly behind the four inch steel post they installed to mount the gate that closed the campus.
Now, the camera takes a nice video of a shiny new fence post all day.
Everyone knows the camera is useless in its present position. Nobody cares. All the expense of the fences, the gates, and the cameras was never about security.
Copenhagen Airport, after the security check. In the departure hall there is a wide open area with about 30 tables from a Steakhouse restaurant, with all tables layed out with big steak knives just for the taking.
I have a friend who works for *organization*. They work in a
single-story building, in a suburb of a second-tier city. The building
sits on its own plot of land, on a hill, in an industrial-office-park
kind of area. The building is a lab, but it's mostly monitoring
equipment. It's not weapons, or explosives, or significant quantities
of chemicals.
This is probably not what anyone would consider a high-value target.
There's never been any kind of attack or threat against the building
or its personnel. But after 9-11, management started obsessing about
security.
The first thing they did was get armed guards for the building. Armed
guards did not make my friend feel secure. My friend wondered about
their training and worried about getting shot.
Guard duty is tough. It's hot in the summer and cold in the winter,
and the guards aren't in good condition to begin with, since they just
stand there all day and never get any exercise. In practice, the
guards spend most of their time sitting in their cars in front of the
building, with the engine running for heat or AC.
Management decided that this didn't look good, so they built a guard
shack along the right-hand side of the driveway. Now the guard sits in
the shack and watches the cars go by.
But that didn't seem very secure either--a bad guy could just drive
right by without stopping
(http://en.wikipedia.org/wiki/1983_Beirut_barracks_bombing).
So they added a gate, and spikes, and a card reader. To pass, an
employee stops at the gate, rolls down their window and swipes their
card. The gate goes up, the spikes retract, and they drive through.
My friend doesn't trust this system a bit, and makes a point of
watching to see that the spikes have retracted before driving over
them. There was speculation among the staff as to who would be the
first to blow out their tires on the spikes. As it happenes, it was
the mailman, followed some time later by two visitors who either
didn't see or didn't understand the signs warning against following
another vehicle through the gate.
I suggested that they stencil silhouettes of all the vehicles they've
caught on the guard shack, the way fighter pilots (used to?) record
kills on the nose of their airplanes.
My friend points out that even with a gate and spikes, the system only
protects against attackers who
- care about their tires, and
- don't have trucks
because any vehicle can blow through the gate and make it the short
distance to the building on four flat tires, and any truck can drive
over the curb and avoid the whole thing.
Management decided that blowing out their visitors' tires was
unfriendly, so they instituted a new procedure for passing the gate.
Now, drivers stop at the gate and roll down their window. The guard
walks from the shack (on the right), in front of the car, to the card
reader (on the left), takes the driver's card, swipes it, and returns
it to the driver. Then the driver can pass.
The staff considered that the guards were now at risk of being run
over--and it happened. An employee reached down in his car to get his
card, his foot came off the brake, and the car rolled forward into the
guard. The guard was taken to hospital--I don't think the injuries
were too serious. The driver has to appear in court and pay fines--I
don't know if it is criminal or civil.
This is beyond security theater. This is real damage.
Anytime I've travelled through an airport in the last couple of years....
-- Mike
Thus making people wonder "what's so important behind that door?
The security guard on the early shift was the most frail ancient person I have ever seen in a uniform, but dammit, we were doing something. Or at least being seen to do something, which is just as good.
---
"I can't complain, but sometimes still do..." Joe Walsh
I stopped going to the theater a long time ago as "today's" movie offerings suck.
:)
Oh wait, wrong 'theater'.....
Is government funding based on how cool sounding you make it or something?
---- Booth was a patriot ----
Shortly after 9/11 when the airport security restrictions were getting really ramped up and casual travelers didn't know what to expect, I happened to be in line behind a woman who had the unmitigated gall to be carrying a small tweezer in her purse. The security guy very politely explained that she couldn't take it on the plane, but she was having a fit. When he finally started to walk away, I leaned up to her and said "What did he think you were, a plucking terrorist?" That got her laughing and luckily the security guard didn't hear what I said, otherwise I'm sure I'd still be getting a cavity search now.
I was stopped at airport security and made to stand in a little glass box while they looked at my bag under the x-ray. After a half hour of questioning and digging through my stuff they pulled out three beanbags I used for juggling and was told this was the problem. They could not go on the plane with me and I left them behind.
It also helps politicians pander to ignorant members of the right.
"Not an actor, but he plays one on TV."
Every year, my lady and I go up to Canada for the 4th of July weekend to escape the annual (and mostly illegal, under local city codes) fireworks war-zone that infests our neighborhood. We've been doing this for several years, and in fact we both just got our NEXUS cards.
To help put this in context: I'm a ham radio operator, as well as a volunteer first-responder. I've had formal training, through our city's fire department, in disaster relief, emergency medical procedures, basic search-and-rescue, the whole bit.
Because of the above, our minivan is well-equipped for emergencies. I've installed multiple communication radios, a navigation computer, and I carry a medical trauma kit and various safety gear such as flares and a reflective vest. Besides the small antenna farm on the roof, I also have a light bar mounted on the back end (amber, red, clear... same as many tow trucks).
Every bit of it is legal under the road laws of every state except New York (I know, because I spent a couple of long nights going through said laws to make bloody sure!). Couple all that with the fact that I work for our state's police agency (non-commissioned, civil service).
Now, with all the above in mind -- Last year, we're coming back through on Sunday afternoon. I normally have the radios and navigation system on while driving, and this has never, in times past, been an issue.
Not this year. The border guard we drew seemed to be short on both sleep and temper, and rudely ordered me to turn EVERYthing off before he would even talk to us. One of the questions he asked, after that point, was who I worked for. When I told him, he said (snappily) that, for that reason alone, I should understand why he'd told me to turn everything off.
He let us move on at that point, but before I took off I told him, flat out, "No, I don't understand."
And it was the honest truth! If someone's going to try and set off something that goes bang via radio, or other wireless means, it strikes me that they're going to go to considerable effort to keep such activities hidden. They certainly would not do so in a hugely-long border-crossing line, where there was absolutely no way to move anywhere but through the guard posts, in a minivan that stands out like a solar flare and has ham radio callsign plates to boot!
I have no clear idea why this guard was so nasty, or what bizarre purpose his attitude served. I will say that it did indeed strike me as pure theater.
The only thing I can think of is that, perhaps, his sergeant or lieutenant was observing him at the time, and we didn't notice...?
Keep the peace(es).
Bruce Lane, KC7GR,
Blue Feather Technologies
Why did his wife feel the need to carry a gun into a stadium of full people?
I'm not trolling, and it will probably be misconstrued as such, but perhaps people are completely missing the problem.
Lets say, that stadium comfortably holds 40,000 people. Lets say 1% of them have guns. Thats 4,000 people. I know small countries that don't have that level of armament. Chances are, if said wife pulled her gun (I still can't fathom a reason why), she would probably be shot dead by the other 3,999 people.
Sleep tight!
Hi, I Boris. Hear fix bear, yes?
in 2002 I bought a ford focus zx3, complete with a blinking red light on the dash, which the dealer refered to as an "anti-theft device."
The consulting algorithm:
1) Find out what they want. (They will ask for bells and whistles and not tell you core process basics.)
2) Figure out what they actually need. (Research their actual process and design improvements.)
3) Try to convince them to want what they actually need and change the spec go with that.
4) After step 3), give them what they now want, whether it's what they need or not. (Provided it's legal and ethical.)
And of course:
5) Profit!
They are the bosses / customers. They decide what to spend money on. You are the hireling. You agree to do what they want in trade for the fee they pay. After step 3) your moral and ethical obligations are discharged - and if your suggestions are good you've proved your worth. If they're smart they go with what you suggested - or know something about their business that you didn't and reject your suggestion on that basis. But if they decide to do something you think is stupid once they've been informed, it's their business, so it's their call.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
He'll love to hear that story and if you ask nicely he may get your record erased.
A gun a sports game? A knife at an airport? Glad I don't live in the USA.
It's rather hard to believe that authorizing everyone to carry firearms can in any way make the society safer... Here, in Europe, if I met a girl who carries a pistol in her purse, I would immediately freak out and run away!
Kabuki
As illustrated in SCRUBS: Resident Kabuki Theater
It must have been something you assimilated. . . .
When people sign their credit cards "[See] Photo ID". All that does is slow things down, since any place that checks the card and makes you sign is still going to make you sign.
Often times in commercial property, card readers (and occupancy sensors) are a great way to determine if equipment (HVAC, lighting, water chillers) for a section the building actually need to be on. It's nothing nefarious, but it's not really security.
Our national telco made a number of highly confidential documents available on its website. These included interconnection agreements, CEO's contract and all sorts of other goodies.
:)
The theatre bit? The website was https instead of http and the host was secure1.the_telco.com. Perhaps they didn't think it was possible to navigate to https://secure1.the_telco.com/ceo_contract.pdf
It is. Good one guys. Our local papers are grateful
When you're in a hole (as you are now), the best advice is to stop digging.
The office had a second door with a peep hole into the laundry. To give the camera an air of legitimacy, she sat in the office one night and made a note of everyone who came into the laundry. When they came in to pay their rent the next week, she mentioned that she saw them doing their laundry on the "tape" and asked about a fictitious mess that was left.
She managed to do this to a couple of the complex gossips, and never had a problem in there again.
Here's one that will be unbelievable to many of you here, but I swear its true.
A local hospital just spent something like $80M on a new building. In this building they installed three major things: A security camera system which covers most of the building, and which feeds into some kind of Phillips data recorder which is web-assessable for the security folks, keycode punch locks, and a system which uses little RF transmitters which are attached to babies so that they don't get kidnapped.
So I'm walking through the hospital and see this web browser up at one of the nurses stations which shows a bunch of camera video. In the address bar of the browser is the IP address of the server. I jot it down, walk over to another computer, and type in the address. I get a login and password screen, along with the model number of the equipment. Hmmm. 15 seconds of a Google search and I have the default password. I key it in and -- surprise -- they never bothered to change it. I now have administrator access to their entire security camera system.
The punch locks? They never bothered to change the default codes.
The infant monitoring systems? These things are basically radio transmitters which are picked up by receivers all over the hospital, so that they can track an infant. The actual tag consists of a small plastic transmitter with three leads on each side, which an attachment goes in to and then is secured to the child. Take a paper clip and short the top two leads. It beeps. The system picks it up. Then disconnect it. Ten minutes later, the system alarms continuously, goes apeshit because it can't find the tag, and forces the administration to turn it off and reboot it, then reenter the tag data. Meanwhile, you could have just walked out with half the nursery.
Security theatre.
I was an intelligence analyst in the NJ Army National Guard until my contract ended in 2006.
We were deployed twice to protect Port Authority facilities around NY and NJ. On both deployment we had our weapons M16A2s or pistols. On our second deployment we were not given ammunition. Yes, we were walking around in uniforms holding empty rifles.
The best we could do is radio the Port Authority Police or possible club someone trying to steal our weapons. Our combat effectiveness was slightly above that of Nerf.
Welcome to the land of the free...pay toll ahead...no photography...please open your bag...
Back when Geo. Bush visited our little town a while back (Bellevue, WA), the Secret Service, with support from our illustrious local police force, provided the usual high visibility security detail around the Marriott Hotel.
About an hour before they were due to close the surrounding roads down, I found myself driving by the entrance to the facility. As I passed by, I observed the preparations including pedestrian barricades and police officers stationed every few dozen feet. I also happened to spot one of our local city hobos with his head in a dumpster in the adjacent alley, probably digging around for empty cans for the recycling fee.
Unchallenged by the cops, of course.
Like al Qaida doesn't have any bearded, disheveled-looking operatives available on their staff.
Have gnu, will travel.
Back in the mid-80s, a patient flipped out and attacked a doctor. After that, they brought in metal detectors that you had to pass through to get to the waiting room. These were kept in use for roughly 20 years, even though there were no more incidents. Not only that, they weren't at any of the entrances to the hospital itself; they were at the entrance to the waiting room for outpatients. That means that if you had a belt with a big buckle, you'd have to take it off to see your primary doctor, but if you wanted to go to the pharmacy or had an appointment in any other department you could walk in with a great big pocket knife, a leatherman or both if you felt like it. Every time I spoke to a manager or supervisor there, I complained about this, as did a number of other vets, and it was eventually stopped, although the machines are still there. Now, you have to show your ID to get into the building, as if that's going to do any good.
Good, inexpensive web hosting
In a similar vein, Microsoft file server passwords were originally checked only on the client, a fact which went undiscovered until Samba came along.
It wasn't just Microsoft. NFS at one point in my life was synonymous with "no fucking security". It trusted the UserID that you transmitted with it. UserID 0 was a handy value to use...
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
I've been frisked at a sports event. Car was stopped while driving to the parking. We were frisked, allowed to get back into the car, and parked.
It is secure, isn't it?
These things have bugged me for a long time. I mean, have they ever really been tested in court? The last time I checked, I couldn't find anything apart from "experts" recommending their use.
If I put a confidentiality notice on a postcard, is there a reasonable expectation of privacy?
Make no mistake, the TSA is not there for security purposes, if so, then the back end of the airport would be secure as well, it's not.
The TSA exists only to make sure you get good and used to being bullied by thugs with guns while having your rights violated.
No other reason.
Need I say more?
My brother and I were flying out of the country for vacation, and we got stopped at luggage inspection. When the security guard angrily called us over, my brother turned pale, realizing he'd checked the wrong bag.
The guard shouted at him, yelling something about "the weapon" in his bag. He pulled out a 5 oz tube of sun block, and let us on the plane.
The reason my brother turned pale, wasn't because of the sun block. Resting directly underneath it was a 6 inch knife (don't ask me why he needed it for vacation). Apparently sun protection is a bigger risk than I thought.
Not having flown a commercial airliner recently, I'd completely forgotten about the liquid/aerosol rule and decided to carry my luggage onboard. After standing in line for awhile, I noticed the signs and remembered. Crap! I had my mouthwash, an aerosol can of deodorant, and my aerosol shaving cream with me. Given the length the line had grown to, I decided to just forgo those items than risk being late.
A bit about those three items. Both the shaving cream and deodorant were in aerosol cans, both larger than the size allowed, but obviously retail items. The mouthwash was too large as well, and was a generic amber bottle, about 14 or so ounces, with a prescription sticker (I have gingivitis).
I pull all three items out, and just tell the TSA guy that I know I need to toss them. He glances at all three and tells me I have to ditch the deodorant and the shaving cream, but I can keep the mouthwash.
Because it's prescription.
So, the two retail aerosol cans that are nearly impossible to inject anything into are verboten, but the amber bottle with the mystery liquid in it, that's okay, because it has a sticker with a Walgreens logo on it. Fan-fucking-tastic.
Coincidentally, http://thedailywtf.com/Articles/Overdue-Retirement.aspx.
Media that can be recorded and distributed can be recorded and distributed.
-kfg
Security systems that will let you in with nothing more than a fingerprint scan. Gee, what's more difficult: guessing the correct password within 3 attampts, or lifting a fingerprint and making a gelatin mold? (hint: see Mythbusters to see how difficult it isn't to create a gelatin mold)
Worked for Dorothy in "The Wizard of Oz" movie.http://en.wikipedia.org/wiki/The_Wizard_of_Oz_(1939_film)
"A confused Dorothy awakens to discover the house has been caught up in the twister. Through the bedroom window, she sees a parade of people fly by, including Miss Gulch, who seemingly transforms into a frightening witch. Moments later, the twister drops the house, Dorothy and Toto back onto solid ground."
Doesn't seem very controllable though.YMMV
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
You can have TWO kinds of wrong.
When they get security in Vista RIGHT, we can't have it both ways.
Of course there are the obvious TSA stories, but I think the more common stuff may actually be worse.
Working as a contractor for a giant Electronics retailer that shall remain nameless, I saw a memo regarding their policy of searching people's bags as they left, and sometimes entered, the stores.
The public reason given for searching those who left the store was, of course, loss of merchandise. The public reason given for searching those entering was safety...
However the REAL reason for both of these, was to (paraphrasing from memory) 'Establish [company name] as the authority figure in the sales transaction and subsequent customer service encounters...'
Yikes! 'We're in charge here, we've got big scary minimum-wage thugs, You'd better Buy as we say!'
Now if that's not 'Security Theatre' at it's worst, I don't know what is....
=R
Separately, some of the fighters on multiple sides have used terrorist tactics against the civilian population, so they're terrorists. Some of those terrorists work for governments, and some are carpetbaggers who think they're part of a jihad.
And some of those fighters, terrorist or otherwise, not only don't like the US, but are getting good training and a great recruiting tool to get people to join them.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
At one of my previous jobs, the front entrance to the building consisted of two doors: an inner door and an outer door. The outer door was left unlocked during regular business hours, and was locked at all other times - if you needed evening or weekend access you would have to contact security and ask them to unlock it for you. The inner door had a keypad lock, and between the two doors was a phone and an employee directory so visitors could call someone and ask them to come open the inner door.
All in all, it was a reasonably secure system - admittedly, everyone using the same 3-digit code on the keypad lock isn't ultra-secure, but it would at least deter casual thieves.
However, management decided it wasn't secure enough. The solution: employee access cards! The old keypad was removed and replaced by a fancy new card reader... unfortunately, they put the card reader on the outer door. So now we have an inner door with no lock and an outer door that only employees can open - still pretty secure, right? Wait, we forgot: visitors need to be able to get past the outer door. Solution: leave the outer door unlocked during business hours.
In the name of increased security, we went from a half-decent system where only people who knew the door code could get in, to a system where anyone could walk right in the front door. Still, with all these fancy new access cards, the system must be more secure, right?
I'm so excited I just made water in my pantaloons!
I was told that only a doctor's office could fax a prescription in to "prevent fraud."
The original is a letter-sized piece of paper with the doctor's signature on it. If I wanted to be fraudulent, I could fake a prescription to look exactly like this piece of paper, and hand carry the fake to the pharmacy - no problem!
Sometimes it makes me crazy!
But Herr Heisenberg, how does the electron know when I'm looking?
> People putting loaded handguns in their homes in the case of a wood-be
> assailant or robber breaking in.
I won't even bother trying to reason with you because it would only devolve into my statistics are better than yours, nyee nyaa. Been there, done that, you guys are immune to rational thought.
So I'll just ask you to put your ass where your propaganda is. Put a "Gun Free Zone" sign in your yard. Better, get all yer loony neighbors to make your whole neighborhood a Gun Free Zone.
Democrat delenda est
After being checked you could walk for no more than 10 steps then read the root password of all production servers - yes, there was a single password for all of them - printed in big letters on a giant sheet attached to one of the racks.
The abilities of Cerner's flagship Millennium health care systems had a big security problem relating to passwords until recently. The user's password could only be letters and numbers up to 8 characters (after that was ignored) and it was case insensitive. I will leave you to the math of how easy health records would be to access...
Patriot Act, DHS, color coded security threat levels, etc.
I'm a Canadian living and working in Washington, DC, and was recently returning from a vacation in the UK. Before I was permitted to check in and hand over my luggage, I had to endure 10 minutes of interrogation by "Continental Airlines Security".
After running my passport through their system, they asked me about where I lived, why I live in Washington, DC, why I work there, what I do, to produce proof that I live in DC, why I don't have a visa in my passport (Canadians don't require one), where I visited in the UK, why I chose the UK for vacation, who I knew in the UK, where I stayed while I was there.... and on and on...
In the end, I started to give roundabout answers to questions I didn't think were the airline's business, and she eventually waved me through. Incidentally, when I got to immigration in the US, they smiled, said hi, and stamped my passport with no questions.
What was the airline hoping to prove?
I once had a bicycle that was equipped with an "anti-theft" chip. So when it was stolen, I was wondering what that chip actually is and how it could help in getting my bike back. I was surprised to learn it is some kind of RFID chip located inside the lock.
Mutual Assured Destruction?
Some privacy policy Slashdot.
For the longest time, I was on the "do not fly" list. I never knew why, but my name is very common. Turns out somebody used an alias the same as my name in the Bahamas to commit international wire fraud - I found this out when it took 6 hours to open a $100 bank account. It wasn't identity theft - just coincidence.
So here I am, not only taking my shoes off, but also being escorted to the back room for the "enhanced" security check every time I fly on an airliner. The only problem is that I'm an FAA-licensed pilot, and have all the clearance to enter just about any area of the airport! (once I get past the extended searchdown, that is)
What a joke...
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Pretty much everyone's password was "rms". Yes, seriously.
Whatever the reason that the 'guard' was searching handbags, the fact remains that discovering that someone has a gun puts you in the position of immediately deciding what you are going to do if the person with the gun doesn't want you to know about it or inform anyone else about it.
If they have the gun and you don't have one, all the more reason to just be cool about the situation. If you find someone with a gun in America and they are white middle-class, then there's a good chance that you could lose your job by hassling them about it. If you find someone with a gun in America and they are not white middle-class, then there's a good chance that you could lose your life by hassling them about it.
Either way, it's easier to be Mr. Righteous Bad Ass Security Guard with someone with illegal potato chips than someone with a gun. At least it is for me.
I've read a lot of replies that said that TSA security checks were theatre, and they're right, but nobody has mentioned the requirement to present identification. To me, this is the most glaring bit of airline security theatre, because it has almost no security value at all, but a huge ulterior motive for the airlines.
There are times when I get bad data and don't know how to react. So I throw up an error dialog (complete with exclaimation point) that explains what happened (in English) and that now would be a good time to save your work and restart. I have internal users complain that things act funny, when I go to their desk to watch them reproduce it, they get one of my messages. I then read the box to them, and they don't even notice I'm reading off of the screen.
It cuts down on my debugging time at least.
Oh, and to those who ask why I don't point out the box, their (and our mutual boss's) opinion is that no one reads error dialogs.
Your ad here. Ask me how!
I was withdrawing some money from an online gambling site. They phoned me for some reason and I had to give the answer to my 'secret question' to validate who I was. Problem was I had no idea what it was. It was like a game of 20 questions... "I have no idea...is it a name?" "No" "A place?" "Yes" "A city?" "Yes" and so on...
"Physics is to math as sex is to masturbation." -R. Feynman
I used to drive an old farm pickup most of the time. (I never had to worry about another dent in it.)
Whenever I had to park it in a high crime area, I made a big show of locking the door even though the lock did not work. But I figured if someone saw me get out and close the door behind me without locking it, they'd figure it was certainly unlocked since pickups of that vintage did not lock automatically and maybe just go after it on general principle.
I wasn't as worried about someone coming along testing the doors to see if any were unlocked. They'd probably skip it anyway.
Noone ever broke into it in spite of the several hundred dollars worth of tools under the seat.
I also used to park it next to the cafeteria on campus. If it was raining when the workers there would get off work, some of the workers would wait in it for their rides. They never stole or damaged anything so that didn't bother me at all.
I used to work at a coffee shop type store beyond the security gates of a major airport.
The passengers were made to go though the normal security routine where as I, who had a photo-ID pass could walk past them and through a different security terminal. This one had a single guard and the metal detector but was rarely used because I typically carried goods from our storeroom.
It takes about 4 months to get the same level of security pass as I had.
Once past this point, any individual wishing to do harm could pass off a smuggled item to a passenger that has went through security. Passengers were not checked again past this point.
Had an individual desired to, they could have handed a passenger an AK-47 and boarded the plane with it. I'm not kidding. Someone actually took a 7" santaku knife aboard a plane and just before take off the passenger calmly told a stewardess that their security sucked and handed the knife to her. (Yes he was arrested but not charged)
It was like this from Dec 2001 until I left the terminal in 2005. That incident happened in 2004.
By making sure only food purchased from the concessions is consumed at ball games, we make sure the poisoning is more evenly spread.
The way my team has been doing, a quick death from poisoning has to be preferable to watching them play an entire game.
Squirrel!
I fly every week as part of my job. One trip I left a large tactical folder (big scary knife with serrated edges) in my backpack and had forgotten about it. I made it through security screening to my destination and back without it getting detected (For those who can't figure it out, I was on the plane with a knife). While waiting for the plane, I opened my bag to get something and noticed the huge knife. I was shocked. After a few minutes of contemplating and looking at my bag contents, I realized how they missed it. I flew 6 more trips without it being caught. Finally one screener noticed something and had three other people come look at it. Nobody could identify the knife so they ended up searching the bag. The guy searching the bag almost missed it also. Sad. I won't say how I did it, but I feel pretty confident that with a few other mules to carry dissemble parts, I could get a gun or something on a plane pretty easy. I told the TSA supervisor exactly how I did it, he didn't seem interested at all and acted like I was wasting his time. Very sad...
How about situations where you expect there to be at least some security "theater," but when you get there there is no performance at all?
My elderly mother has been in and out of the major hospital in our city quite a few times over the last decade. You name a part of the building, she's been there: ER, ICU, various floors and wards, various testing and imaging areas, the adjacent short-term rehab facility, etc. Because I am such a nice son, I frequently visit her when she's there. Amazingly, no matter where I wander in that huge facility, no matter the time of day or night, no matter how I am dressed (in the most casual mode, I probably resemble a homeless man) I have never been stopped, challenged, or questioned about my intentions. The ONLY exception is the ER treatment area, and that probably because they simply don't want kibitzers getting in the way. Hospitals, at the very least, used to enforce visiting hours, and restrict visitors to immediate family and/or people specifically authorized or requested by the patient. Every time I have found myself wandering around the hospital (it's easy to get lost in that large and poorly-designed thing) trying to find where they have moved my mother or where she is having some test done, I often think how I could be ANYBODY, and with the vilest of intentions, and no one would stop me. You'd think they'd at least manufacture a reasonable facade of security: a uniformed security guard or two (I have never seen a single one) at the main entrances, checking an ID when entering certain areas or wings, having to check in with the nursing station before entering a patient's room, etc. But....nothing.
"Every great cause begins as a movement, becomes a business, and eventually degenerates into a racket." -- Eric Hoffer
Like good /.ers we seem to be mostly deriding the fact that theatre is used instead of "proper" security. As is not wrong. Though I beleive that good theatre is actually one of the best forms of security.
By giving the impression that a security breach is difficult to acheive you will deter 99%+ of people. By implying that breaching the security will incur severe penalties; you will discourage 99.9%+ of people. That leaves the very small percentage that you would probably have been dealing with anyway but you spent less money.
Take the Houses of Parliament in the UK as a great example. I've seen men dressed in super hero outfits and pregnant women unfolding banners from the roof on national televison, so obviously security isn't that great. But when walking past the place with 10,000 camera's pointed at me and machine gun toting police every 5 yards I don't feel particularly keen to test it.
My (then pregnant) wife got rear-ended on the freeway by a medium size rental car. In the car were three female Department of Homeland Security lawyers. Needless to say, they were very nice and horrified with what had occurred (my wife was fine fortunately).
We started the process of getting reimbursed through the DHS. We found that a lot of stuff had to be sent in within a very, very short time period, and if the DHS hasn't responded to you in six months, then they aren't required to at all.
Yes, you read that right. Basically they can (through proxy) damage your property, make you jump through hoops, then, without any fault of your own, simply ignore the fact that anything ever happened, and you are powerless to do anything about it. We have tried calling multiple times to their posted phone numbers without success. We filed through our insurance agent because she thought (through prior experience) we wouldn't get reimbursed - and at least if DHS didnt' cover us then our insurance company would. It's nearly the 6 month mark or more now, and no word.
That's not quite the story as I heard it. RMS tells the story in Revolution OS (http://video.google.com/videoplay?docid=7707585592627775409).
IIRC, the story is actually about the MIT AI guys hacking the authentication system, and then mailing each user their password and letting them know they can stick it to the man by changing their own password to a blank one.
All computers scattered all over a county are hand configured; there is no DHCP. Reason given: security.
All computers are required to have only Internet Explorer 6. Reason given: security.
All computers have their CD-Rom drive disabled. Reason given: security.
All computers allow USB flash drives. Reason given: security.
BTW, what do you mean "at one point"? I thought NFS still accepted UID for filesystem permisson purposes, unless you have the "secure" option set, which then it requires one to "keylogin".
During the first gulf war, I visited several nuclear power plants with coworkers. At Palo Verde in AZ, the guards had submachine guns and bomb sniffing dogs. They used mirrors under the car, examined the contents of our bags, they separated us and asked us questions and confirmed the answers were consistent. They then made us park half a mile from the nearest building with barricades preventing closer vehicular access. The next week in Louisianna, the guard simply asked, "Got any bombs?" When we replied in the negative, he waved us in with a beautiful ZZ-Top swirl. I honestly feel that the second plant had better security.
But what does a positive correlation between suicide and gun ownership really mean? Do guns cause people to commit suicide? Or do suicidal people actively seek guns? Furthermore, if suicidal people were unable to obtain guns, does such a correlation imply that they would then NOT commit suicide? Or is it possible that these people would simply find another method?
Again, what does this correlation mean? Are guns causing these people to be murdered? Isn't it possible that people more likely to be murdered (because of their career, neighborhood, lifestyle, etc.) own guns out of the legitimate fears for their safety? Furthermore, if these people did not own guns, does such a correlation suggest that lives would have been saved? (I personally find it hard to believe that someone would kill you simply because you owned a gun, but I digress...)
Simply pointing to the correlation between gun ownership and suicide or the likelihood of being murdered as arguments against gun ownership are rather weak and generally an intellectually dishonest tactic to imply conclusions that don't actually fit the data.
-Grym
During the 2004 election circuit, GW Bush came to the town next to the one I live in, and gave a stump speech in a gym. The HS band I played in at the time was invited to come and play at the event.
We came in uniform, and of course our uniforms have little metal bits all around them. We were sent through metal detectors, but after about 3 kids (out of 300 in the band and colorguard), they stopped caring if you beeped or not. It would have been easy to bring in a weapon.
The worst part was that once we were inside, the Secret Service said we couldnt play when the pres was in the building, so that they could hear if a gun was fired. When he got there, they ended up blaring a recorded version of the national anthem on their setup speakers at a much louder volume then we could have produced!
I dunno, man. There's a whole lot of amazing confidence in these broad statements:
/. and all, but perhaps there's something to be said for following the same standards of knowing what the f*** you're talking about before you open your mouth that folks here demand of others when they, for example, opine or legislate on tech issues. Otherwise the general perception of this crowd as pointy-headed geeks who are immature children outside their area of professional expertise is...well, justified.
The reason that America hasn't been subsequently attacked had nothing to do with punishing the silly, stupid Taleban in Afghanistan, or fomenting a war in Iraq.
No subsequent acts have occurred for any number of reasons, almost none of which have to do with the wars, as the wars were about pride and oil.
And you know this because....? Because you're tight with the top thinkers inside al Qaeda? You've got good contacts in the backcountry of Pakistan? You speak all the relevant languages and have access to intelligence intercepts of the phone conversations? You've spent two decades studying the history of terrorism from original sources, interviewing suspects and counter-terrorism agents?
Or is it just that these conclusions seems reasonable to you, based on your average-Joe reading of the news and your common sense (supplemented of course by your ideology)?
I'm not saying you're wrong, because I don't have access to all the information necessary to make a judgment one way or the other, and I know that.
But I daresay if some politician made some equally sweeping general statement about why Microsoft is despised by Linux groupies, or whether or not the GNU license model made sense or not, based on a similar combination of what's in the nightly TV news plus his own "gut instinct," you'd jump all over him for being an arrogant ass and speaking far more assuredly than he should about stuff that is for the most part completely outside of his experience.
I realize this is
In stark contrast to this were the Condition Orange procedures at our local Federal Reserve branch. There I was required to exit my vehicle and ring a bell, at which point an armed guard in body armor would emerge and search my and my vehicle.
While I'd object to that level of scrutiny as a private citizen going about his way, I welcomed it in the context of passing through an honest-to-god secure checkpoint on official business in a secure area. It was nice to know that at least somebody wasn't half-assing.
It wasn't just Microsoft. NFS at one point in my life was synonymous with "no fucking security". It trusted the UserID that you transmitted with it. UserID 0 was a handy value to use... NFS still works that way. At least Microsoft has improved.
Of course the first would be the most terrifying. Never had to deal with an assailant with a woodie before and woodn't[sic] know what to do were I confronted with one.
I had a contract at a high security government site. At one location an MP actually had a M16 pointed at me while I worked but that's a different story. At this location the computer room was raised and had a ramp leading to a secure door. Not having the proper card to get in I always needed an escort for access. The problem was no one was ever around when I needed in.
One day after waiting 45 minutes for my escort I had an idea. I lifted one of the tiles in front of the door, slipped under and came up the other side of the raised floor. Another 45 minutes and my escort finely arrived beside himself I was already in the room. He lectured me about Top Secret this and Top Secret that, the ramifications and had to know how I got in... So I told him. They installed a barrier under the floor.
The next time it happened I looked up and saw a tile ceiling. The lecture worked because I didn't go over but I was tempted.
-[d]-
I worked at an office "secured" with a high-tech palm scanner connected to an electronic door lock. Very futuristic. Unfortunately for actual security, you could simply turn right instead of left when you got to the top of the stairs, and walk around to the other side of the "secure" door.
Several laptops were eventually stolen by some random guy that just walked in, picked them up, and casually left.
But then you were like, "I'm sure Hansel's heard of styling gel," like you DIDN'T know!
Shop as usual. And avoid panic buying.
NORAD was a complete failure on 911:
http://www.youtube.com/results?search_query=norad+911&search_type=
The wife & I were on our first (and probably only) cruise this January. To board the first time, we had to go through three checkpoints; one inside the harbour building, then once at the first end of the boarding ramp, then *again* at the ship-side end of the boarding ramp. There were absolutely NO entries or exits accessible after passing the initial checkpoint.
At each port of call, returning to the ship required two checkpoints at each end of the boarding tube.. again, no entries or exits, so they were just checking if someone magically transmuted into a terrorist in the 300 yards or so along the closed ramp. Totally useless.
No body pat-downs either, but all bags had to be put through a scanner -- obviously to prevent cheap drinks making their way onto the ship, which is all they really cared about.
ERROR 144 - REBOOT ?
I've worked in a library where the 'security' gate was unplugged because it was nonfunctional. We hid the plug sitting on the floor with a plant. It's amazing the number of people that are still stopped by such setups. Obviously it doesn't stop those dedicated to getting something out, but stops a large portion of casual/"unintentional" thefts.
Okay, admiting I am French will not get me modded up in slashdot, but, well, as an AC, should I care ?
1) Since the terrorist attack in 1996 in Paris (a bomb in a subway station), we enjoy the "vigipirate" plan (aka "Vigipicrate" [vigilante wine -- drunk vigikantes] or "vichypirate" [vichy piracy -- Vichy was the home of the French collaborating governement in WW2]) . It means that we have military with machine guns in train station since then. They are useless, but instilling fear of the governement twice a day is a priceless thing.
2) Since a few year, the SNCF (the railway system) ask you to put your name and address on your luggage for "improved security". Of course it does not improve anything (ok, it improves you chances of beeing robbed while you goes on holidays, but I don't think they see this as a negative..)
Nah. A Fremen.
Shop as usual. And avoid panic buying.
Chase.com: They have the most annoying system where you have to call them and authorize whenever you try to login from a new IP address, and yet they send your password in cleartext!. (The login page is on the homepage and is not https. Every other credit card company I use has a https homepage...) I complained about it years ago but they still haven't done anything about it, except for adding the way overdone IP authorization feature!
In a related note, how come none of the credit card companies let you use special characters in your password? Do they want hackers to guess it?
I saw that on 4chan, too.
There's more theater than real security. Examples and anecdotes are legion. Its very nature lends itself to being a favorite haunt of every huckster and charlatan born. So long as people swallow the idea that more secrecy is always more security, they'll be in there, unintentionally demonstrating the many ways that isn't true.
Here are a few of my favorites:
The intentional confusion of secrecy with security. Too often these are used to cover up problems or corruption or illegal spying. They're used shore up fundamentally flawed insecure systems, as Diebold and other voting machine vendors have tried. There's withholding of info from people who have the right and really do need to know by claiming they don't, for purposes of weakening their position (perhaps they work for a someone who could be a competitor). We may never know all the details of the reasons Cheney tries so hard to keep everything secret, as in that time he went way over the top by claiming the vice presidency was not part of the executive branch. "It's not a bug, it's a feature" is improved by claiming it's not just a feature, but a security feature!
The confusion between security for everyone, and security for small groups against everyone. Specifically, DRM, and the ludicrous claims that DRM enhances our security!
The login dialog. "Pressing ctrl-alt-delete to log in makes your computer more secure!" No, no it doesn't! Encrypting the hard drive with a secure key does. Then having to log in would actually be a little real security. If it's not encrypted, all the login does is ask you to tell who you are, just to keep things organized, not secure.
Arbitrary password requirements. Must be 8 characters long (but no more?!!), must have at least 1 capital letter, 1 lower case letter, 1 number, and 1 "special" (non-alphanumeric) character.
The password isn't good enough! (And that after you've put in all these special characters they demanded.) Answer these questions too! What is your mother's maiden name? What city was your father's brother's former roommate's 2nd cousin's spouse born in?
WGA being passed off as a "critical security update".
Door locks on convertibles. Enough said.
Security cameras trained on doors with badge readers, or locks on office doors, that can all be bypassed by going over the top because the wall stops at the ceiling tiles, not the real ceiling.
File cabinet and desk locks that can be jimmied by anyone, in 15 seconds, with a paper clip.
The keyboard lock that was common on early PCs.
Intellectual Property is a monopolistic, selfish, and defective concept. It is "tyranny over the mind of man"
My wife used to work for a Perkin-Elmer lab in California. Front desk security was charged with searching all bags, boxes, etc. -- anything carried by an employee on the way in and out of the building -- EXCEPT purses (they might contains tampons, which could embarrass a lady) or briefcases (they might contain top secret business data, I guess, which could embarrass a man, or anyone carrying a briefcase). The policy made no sense whatsoever. She carried a small backpack because it was more convenient than a purse, though about the same size, and had to put up with having it searched all the time. When she pointed out the stupidity of these exceptions, she was told that she was risking her job (by demonstrating to management that it was dumb as a fucking stump). What were they actually searching for? Who knows. But if it could be got in or out in a purse or briefcase, they never would have found it.
I piss off bigots.
I've been smuggling my own food and drink into theaters since I was a kid and I've never been caught.
Hehe. One of the incidents that prompted me to ask this question was my own experience at Disney World two weeks ago.
The friendly security guard carefully looked through my backpack, even making me pull the cover off my camera to check that it wasn't dangerous, and then passed us on in. So the only thing the guard was keeping out was weapons in bags. Weapons carried on the body sail right in.
As someone who frequently (and legally) carries a gun hidden on my body, the situation just made me shake my head.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Have any of you heard what happens if you get caught with a box cutter in an airport? Well, I'll tell you. I accidentally left some tools in the side-pockets of my backpack after a camping trip. One of them was a honest-to-God Sears box cutter. Not any of that dayglo plastic crap--this thing could bludgeon as well as it could cut.
So, I'm at the airport, ready to board an international flight with that same backpack. To their credit, the security checkpoint found the thing, but what do you think they did? Nothing! No taking down names and numbers, no "Why don't you have a seat over there?"--nothing. They just threw it in a big red bucket with, among other things, at least two other bright orange box cutters.
Now, seeing as how I was just trying to get to Frankfurt in one piece and that it was an honest mistake, they did the right thing. But what other than "security theater" can you call it if you've set up the infrastructure to catch box cutter-wielding hijackers (whether that's a threat or not), and you just let folks on after anonymously checking their cutlery.
My company did some contract work with contract work with a Motorola group out in Phoenix. This was a commercial project but for some reason the offices were in the middle of a secure Northrop Grumman facility. Motorola failed to tell us this. I show up with the other contractor, a exceedingly bright and very likeable guy ... who happened to be British. As soon as the NG staff found out, they were hell bent on throwing him out. This guy had been an officer in the RAF, had security clearance in GB and had basic security clearance here in the US but as soon as they found out he wasn't a US citizen they went berserk. The best part about it was they asked me if I was a US citizen "Yes" (I am)... and that was that. They didn't actually ask me for any proof and there was no question of security clearance at all.
We finally struck an "agreement" where he had to be escorted by NG security personal when he was outside of the Motorola area. Which included the restrooms and the dining hall.
We only put him through two weeks of that b.s. before we shuffled assignments. He got sent off to Vegas while I was stuck in Phoenix. Figures :p
AFAIK, there has never been a network or fileshare password that was ignored.
You could have "Share-level" auth, or "Domain-level" auth. Both required valid credentials.
You may be referring to the fact that the "password" is never given to the authenticating fileserver (for Domain-auth). Instead, the user's DC-authenticated SID is used.
Though, if you have a link, I'd love to be corrected.
I had a mate who had some money taken from his bank account. Apparently his telephone banking account had a numeric pin he could choose himself, and he had to enter two numbers from it.
At this point I asked if the first digit was 0, 1 or 2 and the third digit 0 - he looked at me in amazement until I pointed out that 90% of all dates met that configuration (my inner geek has just forced me to calculate that accurately to 79%). Keep calling the access number until you're asked for that combination, then you've got three tries.
Moral of the story: Don't allow 6 digit pins. People will choose a date every time.
It was well documented and everyone knew about it. There's no theater if there's no deception.
don't work.
-- Programming with boost is like building a house with lego. It's a cool but I wouldn't want to live in it
Sorry, no. Do you use twitter too?
That's not a case of security theater, that is just a case of someone using the wrong tool for the job.
If you want authentication on top of sharing files over a network, there are other options for that, none of which is NFS alone.
Granted today NFS tries to take authentication into the picture as well, but originally that was not its intent.
There are now addons to it (such as keylogin) which can be used, and of course one can run NFS over a VPN which handles the authentication and possibly even encryption if you wish.
Generally, airlines and airports have many "security" measures which have nothing to do with security.
1. economy passengers must use the lavatories to the back of the plane. I recall the 9/11 hijackers flew first class... In any case, the steel cockpit door is locked, right?
2. ID is required to fly. On some flights, you get to show your ID again at the gate. This has nothing to do with security and everything to do with the airlines ensuring there is no secondary market for flight tickets.
3. An oft heard question is "Sir, do you have any liquids" (because I couldn't find them if I tried). I've boarded flights with liquids that were never found. It's very hit or miss. To the TSA agent reading slashdot, come get me!
4. Finding liquids causes no harm. A would be attacker can keep trying to smuggle liquids on board until he succeeds. The worst that happens is that his special brew gets dumped a few times.
5. Dim, poorly trained and paid TSA screeners. I've seen many verboten items make it to flights (a diving knife for example).
... it's "theater".
It may be the visible portion of a security system, it may be a visible representation of a similar system, it may be a visible deflection from a different system, or it may be a complete fabrication meant to fool you into thinking there's a system in place.
Only in the first case does the theater and the actuality coincide. In the second, it is theater designed to allow the system to "hide in plain sight". The third is the "card game", with the false front often being designed as a "straw man" that can fall without the actual system failing. The article implies the last of these in its use of the term, but all are "theater" in that public perception matters.
In any case, a real security system operates unseen, because its own security system is the visible portion, whether real, constructed or imagined.
BTW, one can easily and with equal validity substitute "authority" for "security".
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
Ok, this was a long time ago, long before 9/11 but: I was a bike messenger in Baltimore, MD one summer. The city courthouse had metal detectors at the front door, naturally. A bike messenger carries oodles of metal: Bike lock, keys, various buckles, change for the payphone (remember those?) so we set off the detector every time. The guards just let all the bike messengers go through unchallenged. Imagine the piles of shotguns, explosives and whatnot that you could fit into one of those huge messenger bags? But get this: we were all required to leave our bike helmets at the front desk, because it was against some rule to wear a helmet in the building. So, any observant crook would just have to dress up as a bike messenger, load up with weapons, and just make sure to leave that pesky helmet at the desk!
Nonetheless, I know people who continue to use it. Typically, they have a device that can't sign in to WPA, or an access point that doesn't support it. The rationale is generally that anyone looking for a wireless network for whatever reason will pass over the WEP protected network and hop on to a neighbor's open network.
A year and a half ago I was going through airport security at Sea-Tac. After passing through, I heard a baby crying. I turned around to watch a TSA officer ask a woman for her baby so he could check for explosives. The TSA officer swabbed the baby like he/she was a piece of luggage hoping that they would get their promotion by finding traces of nitroglycerin on a diaper.
Thank you. There seem to be so many people who have bought the propaganda to the point that they no longer understand what some words mean, or perhaps they never knew so the definitions have been defined by propaganda.
Insurgents rebel against legal authority, they are individuals within a group that rebel against the group. People from one country who attack another are generally invaders, aggressors or terrorists depending on the scale, government involvement and nature of the attacks.
The US has not experienced an insurgency in Iraq. The Iraqi government has, but that government is of dubious standing in Iraq given that it has been installed by an illegal invader. Hypothetically reverse the conflict and ask yourself if someone invaded the US and installed the government they wanted, would you fight against it or simply accept it? If you would answer the former, you could well be labelled a "terrorist insurgent", or "resistance fighter" depending on the political standpoint of the labeler.
Not many monitors or practitioners of international law consider the invasion of Iraq legal, close to zero. There was no UN mandate to support it, there were mandates supporting the use of force but they were irrelevant to the situation at the time. The only people who argue that it was legal are American neo-cons, hardly known for their understanding or respect of international law, their cronies and idiots who buy the propaganda.
Please re-read the dictionary because while the definition of terrorist has changed recently, the definition of insurgent has not yet been corrupted in the good book.
I don't therefore I'm not.
While applying for my TWIC (Transportation Worker Identification Credential) I was appalled at the password requirements. While I understand the theory that a strong password is key to our national security, the first thing I did once I finally found a password that worked was wrote it on a post it note and put it with my documents. HARDLY secure.
Requirements are: A password must be at least 8 characters in length. Passwords must contain at least one of each of the following: one alphabetic uppercase, one alphabetic lowercase, one numeric, and one special character. Passwords shall not contain any two identical consecutive characters. Passwords shall not contain any dictionary word. Passwords shall not contain any proper noun or the name of any person, pet, child, or fictional character. Passwords shall not contain any employee serial number, Social Security number, birth date, phone number, or any information that could be readily guessed about the creator of the password. Don't use a password that contains part of your User ID. Passwords shall not conatin any simple pattern of letters or numbers, such as "qwerty" or "xyz123". Passwords shall not be any word, noun, or name spelled backwards or appended with a single digit or with a two-digit "year" string, such as 98xyz123.
Man that's a pet peeve of mine
Unless you were actually standing on top of some sort of accident when you learned it, you learned it by accident.
Which is proper short form for "by way of an" accident.
He didn't start his post sound like a pathetic grovelling little worm!!!
I don't therefore I'm not.
I was stopped by a random checkpoint on a CA 2 lane highway at a natural choke point for "drunk test". In reality almost all of the tickets and enforcements issued were for registration and expired licenses and essentially none of the arrests were for DUI.
Later I was stopped at a "fireworks inspection" that one of my better connected friends later informed me was a checkpoint to look for a deadbeat dad on the run. The general public on holiday was inconvenienced for HOURS to do something about a "deadbeat dad" where the child was NOT involved!!!
Anon
It has nothing to do with security against violence, but I couldn't help noticing at the Lihu'e airport that the guy manning the agriculture inspection machine was just staring off into space as travelers' bags went through his machine. Wondering what he was supposed to be doing, I watched the display he was sitting at. It showed a colorful image of two bags. A static image. An image that did not change at all as bag after bag went through the machine. In fact, I watched him for at least five minutes as my line at the ticket counter inched along, and nothing on the display or any other part of the machine changed at all as the bags went through. He just sat there staring at the wall.
The only "security" was provided by the workers who asked each traveler whether they were carrying any fresh fruits or vegetables. I guess flowers, seeds, and cuttings were okay -- they only only asked about fresh fruits and vegetables.
To top it off, the agents who questioned travelers were not like the evil-eyed Border Patrol checkpoint guys who are ready to call for backup and a dog if your cheek twitches. They were dull, shrinking teenage girls who probably made minimum wage and would rather lose their job than make a tourist angry. If I had said, "Yeah, I've got a papaya in here, so what?" they probably would have laughed and pretended I was kidding.
Thankfully, the agricultural inspection only took about thirty seconds, or I would have been pissed about the waste of time.
(posting anonymously for obvious reasons)
My employer has fancy infrared cameras that aren't hooked up to anything.
SuperNAP ;)
The security seems tight, but the author makes allusions to it being just for show. Why would an as yet unheard of company with such sensitive (and one can assume lucrative) government contracts suddenly make itself public? Maybe the government contracts aren't so sensitive or lucrative, and maybe the company isn't so successful financially? Got to put on a good show for potential investors.
In what state did the OP's story take place? In some states, the ballpark may not have had the authority to ban legally-carried firearms; it may also have been their policy to prohibit only unlawfully-carried firearms; the permit would have covered that.
Of course, for security theater, I'd say the no-guns policy itself is just for show. Does anybody really believe that somebody intent on murder is really going to be deterred by a sign? If so, why not just post a sign saying "no murder?"
Forbidding carry-under-permit is theater if the place allows cops entry; permit holders are statistically less likely to commit a crime than police officers, and much less likely than the average citizen.
"Make it ten--I am only a poor corrupt official."
--Captain Louis Renault (Claude Rains), Casablanca
I spent an entire year of my life as a security guard. My job was to guard a potato proccessing plant from 11pm to 7am every night. Frozen fries don't attract many criminals.
(Quotes are paraphrases)
(Yes, I have emails to back this up and CTV and Global has on-line articles to corroborate the facts below)
A while back at the University of Winnipeg some delinquent wrote that (s)he would "shoot this place up" on a specific date at a specific time. After that, the University's President Lloyd Axworthy said that "Universities are under attack." Which is rather an embarrassing statement. There is a profound difference between bad things happening AT Universities and bad thing happening TO Universities. Universities are certainly NOT under attack.
They at least planned the typical impotent measures. Namely, more CCTV, bag checks, etc. Nothing that would actually improve security. Worse yet, I personally emailed them not only telling them of this, but I provided recent real world examples of these measures not working. Point of fact, the answer that I got from Lesely Thomson (Senior Executive Officer & Advisor to the President) was that (exact quote) "we will now have a new "normal" and we are in the process of establishing that." You know, mandatory bag checks at entrances that create bottlenecks enough to create proverbial fish in barrel. Nice work.
But, here's a kicker. The same things were happening at Brandon University (and I believe that the University of Manitoba as well). All of this and the President of the Student Unions at both BU and the UofW were quoted as happy with the reaction and found it completely appropriate. I was also still subscribed to the UWMSSA mailing list and its President encouraged co-operation of these nonsensical measures. I'd expect better from a Math person given the high level of critical thought required in that discipline. I also cc'd both UofW student reps and got zero replies from them (at least that I saw).
The entire episode was a ridiculous over reaction with profoundly negative impacts for our future. One of the pillars of society, our educational institutions, had fallen that day. When the world of education and critical thought can't use what it apparently teaches... such things are so very disturbing.
I was flying with my wife. A big black guy and I were called over to the side of the door before boarding started. We were forced to be wanded and patted down the entire time the plane was being boarded. Right next to the boarding door.
This was after having to pass through the main security line and having everything X-rayed and metal detected once already. It was obvious that they weren't even looking for anything, just passing time so that the other passengers could see that the big scary men were being searched extra specially well.
One of the big ugly male security guards cupped my penis and balls through my pants during the search. For several seconds. There was motion like he was weighing what he found. I told him that usually a man has to buy me dinner before I let him touch me there. He just glared at me.
Good times.
Some 3 weeks after 9/11, I was flying from PHX to SJO and had my toenail clipper confiscated by airport security.
As I walked to the gate and sat in the waiting area, I spied a very-cute young blonde. I sat next to her and noticed that she was knitting.
I asked what she was making, and in the process of telling me, she explained that the needles she was using were 16" long and made of stainless steel.
I was so struck with the absurdity of the situation that I became flustered, and unable to secure her phone number.
Actually+, I think all sentences should be punctuated so as to indicate tone` We could reform the world^ /Everyone knows how beautiful% perl scripts are---why hasn't this spread to the rest of printed# text? It could@ do &wonders for ==human.computer interaction!_ ))Just think: with{everything so clear,$we,could,see+world+`peace]`within&&our$lifetime! \|Misundersta%%ndings %{in*^written)()communi+[cation,"would@become^things&of the past@@
--TheOrangeSquid Is it any wonder things seem so awry? We swim in a sea of confusion and don't have to think to survive
I used to be a customer of many colo facilities back in the dot-com days. Above.Net, Exodus, GlobalCrossing etc... Anyhow, at one Exodus facility to get to the second floor via the stairs you had to:
1. Go through a keycard and palm reader.
2. Enter the stairwell / climb stairs
3. Go through yet ANOTHER keycard and palm reader.
The worst part? Exodus had some 65+ yr old security guard sitting in the stairwell all day and all night long.
Actually the worst part was they made this poor guy sit there even when they were painting the stairwell.
How about those chainlink fences the colos use? Many dotcommers used those to anchor KVM cables to. Nothing's going to stop you from walking by and pulling a few cables out of a server/switch. Or using a $.50 squirt guy to take down a web farm.
Or the fact that I'd never seen Exodus clean the 'palm reader' once. Nothing like having some moron not wash his (there were no women in colos during the dotcom days) hands and then you have to follow him to the palm reader.
Some of the colos had "shared cages", whereby you rented space by the rack or half rack. So you could be sharing a powerstrip with some random customer.
I also worked with a SSP (Storage Service Provider), they claimed they encrypted and then vaulted tapes to a remote (60mi away) Iron Mountain facility. The problem? Netbackup didn't support hardware encryption and the vaulting facility was 5mi away. Also, most of the time this SSP kept your tapes in the same cage in boxes piled up.
It makes sense when you realize two things: First of all, all the newfangled terror security is fake and lipservice at best, and second, security (and lack thereof) and risk is a game of chances.
The only reason airports readily jumped the terror hype train was that they were paid to do just that. And they will do whatever bare minimum is required to fulfill the required duties to retain that money.
And second, the chance that this medicine is some sort of explosive is minuscle compared to the chance that this is actually some sort of medicine required to keep you healthy and/or alive. And since the brainiac working at security there (remember, bare minimum) usually can't offer the intelligence required to discriminate between absolutely necessary medicine and feelgood stuff, his standing order is to let everyone in with medical supplies.
No, that doesn't make sense. Yes, a terrorist would probably use that venue (or some of the other glaring holes in airport security). But what for? Why bother trying to blow up a plane when there are so many other things that are by heaps less well secured?
The whole airport anti-terror security is just a money making scam.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
19 guys that weren't from Iraq?
Nice math.
I think there's a story about ITS and its passwords in the book "Hackers" by Steven Levy http://www.stevenlevy.com/index.php/other-books/hackers I can't remember for sure though... I haven't read it in a while...
Personally, I myself feel that any form of security is nothing more than an illusion. Any determined individual with enough time on his hands can find his way around even the most intricate systems. Of course you can always substitute determined and time with well funded. Because believe it or not, compromising security requires tools, the better the tools the less time or effort required.
/. community enjoyed it.
The only thing security really provides is a piece of mind for those seeking it.
1- Physical, locks which are constantly evolving (but a large percent of homes in the United States are protected by locks that can be bypassed by amateurs in only a few minutes)
2- Local alarms, great if someones home, or your neighbors are around to call it in, or even concerned enough. Now that you can usually expect to hear a car alarm going off at least once a day (in most suburbs/cities) people are becoming desensitized and learning to tune them out.
3- Monitored systems, ADT, Brinks, etc. - This is my favorite, in our quest for security we have completely opened our privacy up to a stranger at a computer (not to mention the externally accessible system requires even an additional level of security to prevent any digital attack or unauthorized monitoring).
I also try to keep in mind the targeted markets for security products. In specific these systems, which I'd be willing to bet that half of the users could not identify nor comprehend half to all components used in the system. Additional service style agreements might have the occasional maintenance visit which could provide an additional point of compromise to social engineering. (always check ID, and verify unscheduled technicians with their company, if it's a problem with the neighbors cable, ask yourself why they need to be in your house).
Ok thats my rant, hope you the
Here is Southern Ontario, we have two problems: tigers and elephants. The former eat our pets and can be dangerous to children in backyards. The latter wreaks havoc on our lawns.
...
...
I sprinkle pepper on the lawn and have some special rocks that I put in front of the house.
Both these procedures keep tigers and elephants away, and so far, they have been 100% effective
Yes, security theatre does work
2bits.com, Inc: Drupal, WordPress, and LAMP performance tuning.
I don't remember the numbers, but most shoplifting is done by employees.
Scenario 2: My wife puts camera in one coat pocket, Ipod in second, cell in third along with the collapsed purse, and walks right through security.
Makes. Me. Crazy.
At the local High School, here in rural south Georgia where just about everybody has a pickup that could scale Mt. Everest without so much as breaking a sweat, the parking lot is in the middle of a field whose elevation change can be measured in microns. Just an island of asphalt with a sea of grass lapping at its black beaches. There one two-lane asphalt road leading up to the parking lot, similarly drenched in fields.
There is no seawall, no fence, no border of any sort. Except where the road meets the lot, however. Here there is a small aluminum swinging gate which is faithfully unlocked and opened half an hour before school starts and ends, and locked back half an hour before school starts and after school ends.
It is there, of course, to keep students from skipping class by driving off campus...
Scene: Metal Detector, Baggage Scanner, 3 Security Personnel
Sign: All ID Must Be Touched By Guard
Effect: Guard reaches out to touch the ID Card without looking at it to match the face and the picture.
(Metal detector and baggage scanner not used)
It depends on where you are, how quickly police can get to you, etc. Don't forget that there are large parts of the country where the nearest cop may be an hour away. Or both of them might be busy handling another situation.
This happened outside of Denver a few months ago. Scumbag with long criminal record broke into a not-quite-empty house, and continued struggling with homeowner even after he was (allegedly) repeatedly told that he could just walk away -- he said the homeowner would shoot him in the back.
The homeowner eventually managed to reach one of his guns. The intruder no longer had to worry about hypothetical situations. The homeowner doesn't have to worry about the intruder's true intentions. He doesn't have to worry about the law either since Colorado law gives broad protection to homeowners.
IIRC the news said it did take the police about an hour to arrive. This situation might not be common, but it does happen.
I'm -not- saying that guns are always a good idea. In fact, I agree that most urban and suburban residents would probably be better off without them. But you can't make broad statements. Millions of people live far from police assistance, millions of people have specific threats, etc.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
One thing you don't realize when you see it on television is just how big the garden is, and how far away the fence is.
But that's by the by. As I was walking around the boundary fence, I noticed a security guard, armed with what appeared to be a shotgun, hiding behind a bush. What was even stranger, he was attempting to, but failing, to hide from me, armed with what was obviously a digital camera and nothing else.
I continued walking around a bit, looking at him. He continued to edge around the particular shrub; again, trying, and failing, to keep out of my view.
It was so patently absurd that I felt like taking a photo of the scene, but given that the guy was carrying a shotgun and this was the White House, I thought it might be prudent to ask first.
So, I called out to the guy "excuse me, but do you mind if I take a photo"?
The reply comes back "no, don't take one". And he tries even harder, and fails, to hide himself.
This is despite the fact that anybody with a pair of binoculars, or a long lens camera, would have easily spotted the bloke from several hundred yards away. The Secret Service must, of course, know this, and probably had two other armed guards I hadn't spotted watching me.
For the life of me, I still don't understand what this guy was trying to achieve hiding behind the shrubbery. Look, everybody expects there to be guards in the White House gardens, some of whom you'll see, some of whom you won't unless you try something insanely stupid. But this whole hide-and-seek routine made absolutely no sense at all.
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
Applying for a work visa in the USA requires male applicants between 16 and 40 to fill out a supplemental form that asks for details of prior military experience (either as a combatant or a civilian), and any nuclear, biological or chemical weapons experience. There are too many problems with this retarded fucking system to count, here are a couple to get you started:
1. This is the 21st fucking century. What, are women incapable of understanding all that nucular stuff? Females aren't a threat?
2. Anyone over 40 is not even worth questioning?
3. Even if you are part of the tiny demographic that are even questioned, does Immigration think undesirables are going to tell the fucking truth on the application form?
sustainable living
After Prohibition alcohol (again) became legal. Did the price "instantly collapse"? No. The alcohol companies are making big $$$.
The local District Court is where (alleged) criminals appear after arrest and in subsequent stages. They've been increasing security for a few years. At one stage they had security scanners at the front door but not other doors, leading to a situation where you could go in another door, through a little known but public set of stairs and corridors and be inside the security cordon with no checks at all. Now they fixed that, but the checking gets packed up at about 10:15 (at the latest) after court starts for the day. Most crims don't actually have to be there at 10:00 as there case probably won't get called first. So if they hang around until 10:15 they avoid the search. Crazy. Mind you I did hear of the security guys balling out a uniformed cop the other day for ducking under the barrier rather than going through the scanner. Nice to see them being even handedly inefficient.
Canada's National Gallery, paid for by taxes, engages in this fraud/theft:
They have many cultural treasures there that are public domain
( like centuries-old carvings ),
and many that aren't.
Since public domain stuff can easily be known for what it is,
by them ( they curate their collection, or at least they demand subsidy to do so! )...
their assertion of authority...
"Visitors may take pictures for personal use, with a hand-held camera and electronic flash, of the public spaces of the National Gallery of Canada. For copyright reasons, it is not permitted to reproduce or to sell the photographs, and to photograph works in the galleries."
Notice that for ALL works, public domain included!, in the name of "copyright", they are blocking humanity from capturing photos -- as all, not just locals, legally have the right to -- while...
"The National Gallery of Canada (NGC) and the Canadian Museum of Contemporary Photography (CMCP) offer a wealth of images to researchers, publishers and others seeking to visually enhance their projects and products. Photographic reproductions of many works of art in the permanent collection are available for use in books, journals, newspapers, theses, on websites, cards, posters, CDs, and other merchandise."
selling their photos of the same stuff.
TRY exercising your legal right in that "institution",
and you WILL be stopped / thrown out.
Robbery of human cultural rights from all
Legally Public Domain Cultural Wealth,
by their misrepresentation of the "law",
while commercially exploiting Canadians' collection,
while being subsidized entirely on taxpayer's backs.
And yes, they do throw around their security "authority".
Getting them to acknowledge Canadian law,
and to permit legal photographing of public domain work might be possible,
but having dealt with such "institutions",
I'll believe it only when it's in writing, publically,
and others that they are unable to intimidate are watching.
We are in the process of international adoption. It is a long process, and you have to have your fingerprints made for imigration services. What I don't understand is how my fingerprints expire every 16 months. As ours were about to expire, we recently had our fingerprints taken again. We went together, but two different agents wound up taking our prints. When we got back to the car, my spouse informed me that she had asked here agent why fingerprints expire. She had been told that as you grow older, your fingerprints stretch. "Funny", I said, "my agent told me it was because the don't have enough disk space to store all the fingerprints so they have to purge them periodically".
If they're going lie to you, I wish they would at least tell the same lie.
I went to a Cubs game in April 2002, and the search they did on purses involved sticking what appeared to be the barrel of a baseball bat into the purse and stirring it a bit.
No clue what they were actually hoping to achieve there.
Also, Amtrak's security has seemed to rely entirely on checking ID (because the TSA tells them to, apparently) every time I've traveled by train. Not sure exactly how that's supposed to achieve anything.
Comment removed based on user account deletion
i find it frankly insulting that the op compared hitler with hussein.
When a support admin threatened to permanently kick him off of the system, he replied "That's OK. I won't be alive tomorrow."
Hmm... Elevated threat level, warnings of possible suicide attacks in the next day or so, and a fundamentalist muslim kid warning that he intends to die roughly in that time frame.... Sounds like something worth investigating (if only because we've got a kid that seems to be threatening to kill himeslf ... terrorism or no).
Being a Canadian, I call the Canadian 1-800 terrorism tip line (remember ... less than 6 months since 9/11) and find that it's been disconnected.
I then turn to US sources, and try to leave information in various places. Then I turn to the local US Consulate and leave an urgent message. After about 24 hours of trying various routes (both Canadian and US), I finally get a callback from a completely disinterested consular official who pretty much has the attitude of "explain to me why I shouldn't hang up on you".
Less than 6 months after 9/11, an orange threat level, and a suicidal fanatic on my site, and I'm fighting to explain why a US official should even take a report from me. "call us with any tips you might have" ... Yea, right!
That was the last time I took post 9/11 security fanaticism seriously. (other than as a threat to my civil rights).
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
At a previous job (pre-9/11) I often had to go to JPL where I was given a visitor badge to wear. The badge stated I should be escorted at all time (I'm not a US citizen). The first time thgere, the badge was checked once or twice. The second time, I was left by my escort for a while in the canteen and, unknown to me at the time, my badge driopped off on the floor. I was able to wander around the place without any comments because everybody assumed that if I didn't have a badge visible thenI was staff and only the visitors would bother to wander around with their badge showing. I'm guessing things have been tightened up now ;-)
Egypt does security theatre routinely. The antiquities sites all have metal detectors on the entrances. They are all turned on and the guards make visitors walk thorugh. The alarms go off for maybe a third of the visitors - coins, belt buckles etc., nothing bad. The attendants never check visitors who set of the alarms. They treat the detectors like some magic amulet that wards off evil; no human intervention needed.
I used to work at a major telco, and as I was logging in to one of their legacy systems through a terminal, I noticed that the password field didn't show the usual **** stars, but rather stayed blank. Intrigued, I marked the text field with my mouse to see what happened, and discovered that yes, there appeared to be text there. I copied it, and there was my password in plaintext! What they had done was simply to make the password text the same color as the text field... I had a good laugh about that one.
for great justice
Apparently, aside from an astonishing level of clerical and managerial chaos which affected every level of the Reich, the reality of SS intelligence, at least in Berlin, was completely at odds with the perception. The offices responsible for monitoring the population and for doling out punishments for those expressing anti-government sentiment or for being friends with jews or for generally not heiling with enough vigor; that office was staffed with only a handful of over-worked clerks surrounded by mountains of un-processed 'reports' filed by nosey neighbors and crafty tattle-tales trying to get in good with the reich for one reason or another. --But the perception was entirely different, and the effect was that the population effectively policed itself into the condition history has made infamous.
The imagination is the most fearsome weapon. Provide a few displays of violent public oppression, and then no matter how wide and large your enforcement net is, the public will imagine something even bigger and meaner. --Thus the mere suggestion that you might be watched and swatted is enough to keep the population in line.
On the one hand, I find it comforting to know that no matter how bad a police state appears, it's true condition is arguably going to be far less than perceived. But on the other hand, the fact that people willingly turn each other, become informants when it is not necessary, work to create hell on earth by becoming their own worst enemy, is truly depressing. --But even in this there is hope; knowledge of the reality spread widely and openly enough should logically be all that is necessary to prevent a horror.
-FL
I work at a small (and fairly obscure) college. After 9/11, some genius decided that terrorists might attack us, so we needed to lock the doors of all the buildings to "control access". Only that was pretty inconvenient, especially for recruiting prospective students and taking deliveries. So they left one door on each building unlocked. Then they put up signs on all the other doors, telling people which door was unlocked.
Nope, no guards. That would have been expensive.
I put up a sign that read, "Attention terrorists: Please do not read any of the other signs on this door." Somebody else took it down. I put it back up, it came down again. I went through 40-50 signs before the dean called me in and told me he'd had a complaint that my signs were making somebody feel unsafe. That happened the day after they gave up on the door locking, so I had already stopped with my signs. I never did find out who was tearing my signs down.
Truth is not something that most businesses can live with. Public systems such as school boards and schools themselves also could not survive if they were transparent.
Security, when done right,makes people accountable. And just as that flashy new security system can detect shop lifters or information thieves it can also be used in a court to show black people being searched disproportionately by store security employees, detect illegal workers or perhaps document the level of sexual harassment that a boss is pushing on an employee.
So it comes down to good security being a real hazard to the businesses that install it.
No 42: How Not To Be Seen
(Association invoked by your use of the word "shrubbery".)
I'm not a coward by any name.
isn't most meatspace security a form of theatre, in a way ? Even (or especially) the cops, are little more than an illusion - if the mass of the punters were to decide that they don't much care for the silly laws anymore, there's not much to stop them.
Not unlike the traditional japanese paper walls, it's more of a convention, to remind ourselves that life would get rather less comfortable if we don't believe in the illusion.
What a depressingly stupid machine.
in summary:
Most americans drive automatics, and many would actively avoid having to drive stick
Most europeans drive manuals, and many would actively avoid having to drive a manual
Both ways have advantages and disadvantages and it's not quite important enough to have world war III over. Please don't debate this further here
my password really is 'stinkypants'
If you sit in the cafe behind the complex, close to where their credit union (And I have forgotten its name) is, unless you wear ear plugs you can pick all manner of choice bits and pieces, from their opinions about The Organization to their plans for a corporate secure back up strategy.
To be honest its just blokes mouthing off, but yea, given the context of the whole area you would think they would be more circumspect.
I wonder if they read Slashdot.
I had the pleasure of flying from LA to DC on 9/11/2004. Needless to say the airports were in a state of "heightened security".
In LA there was a kind of jughead TSA checkpoint guy who was just amped out of his mind with excitement by the possibility that on that day he might be the lucky hero that single handedly thwarted some terrorist plot that would probably unfold to mark the third anniversary of 911.
It so happened that in front of me there was a little boy carrying two tiny turtles the size of silver dollars in a glass bowl with blue rocks at the bottom. The security guy glared down at this kid, and then with preposterous seriousness gruffly demanded that the boy take the turtles out of the bowl. With utmost caution, and pretense of scientific acumen, the TSA guy wiped the turtles down with an explosive detection tissue. The kid's jaw dropped - the absurdity of the situation was not lost upon him. Of course his turtles were not explosive, but the TSA guy seemed disappointed by that, and returned the turtles resentfully as though he had been outmaneuvered.
The response to the Glasgow airport attmepted bombing was to switch around the drop off area and the bus station. Because bombers always follow "buses only" signs, right?
And then the new drop off zone is patrolled by police officers (not even traffic wardens I think) to harass anyone who dares to use the drop off zone as a pick-up point. (there is no pick-up point) Now there could be three reasons for this -
(a) to keep traffic moving. This can't be the case as they still harass people late at night when there is no traffic and the place is almost empty. Also they don't use traffic wardens.
(b) to somehow mitigate the risk from terrurists. Seeing as terrurists wouldn't stop and wait in their car for 2 minutes before doing their thing, this would achieve nothing.
(c) to boost car parking revenue. The short term car parks are so exorbitantly priced (it's cheaper for you to tell your family to get a taxi home!) that this is an essential measure to prevent people using the drop-off zone as a pick-up point.
What a waste of police resources and my tax money - to maintain revenue to a monopoly-abusing private company. Grrr!
So all those reformed addicts and families of those that died through their drug lifestyles, those that work in rehab centers and to campaign against the proliferation of drugs in our communities. Those people are doing it to keep the price high?
... that too would end the "war".
I'll grant you there may be some elements of the higher echelons that are purely evil and wish to profit from the destruction of peoples lives that hard drugs leads to, but such pure capitalist are a small element I warrant.
If all drug dealers, runners, growers were shot on site
Pardon my ignorance.
Dude - if you have figured out how to clone yourself, you should let the world know about it in a big way - not post it in an un-related article like this!
*** Where are we going? And what's with this handbasket?
My company had a problem with people from other companies parking in our car park, meaning there wasnt enough spaces for our employees. Their solution? Make everyone who works here register their vehicle details with reception, and provide everyone with badges to display in their car window. The problem? Nobody patrols the car park to check the badges, so the people who illegally parked before are still doing it, meanwhile we jump through hoops for no reason.
Launch each 'sig'.
I think you are missing the real security feature here - these are not set up to protect babies from being stolen, the beep at the door is just an added feature. The real security is that it keeps hospital workers form administering the wrong medications to a patient - a threat that is more like 1 in 4...
It's interesting that autos have an expensive price premium in Europe - In the U.S. it has gotten to the point where a manual commands a significant price premium, if you can even get it.
retrorocket.o not found, launch anyway?
In November 2007 there was a shootout at my local shopping center during an attempted jewelery heist. The center management decided to post security guards at all entrances, ostensibly to prevent such incidents from happening in the future.
What's wrong with this picture?
Did it work? Perhaps. There have been no further heists. Much like in the years preceding this incident. The werewolf deterrent in my fridge also appears to be working...
i-name =twylite [http://public.xdi.org/=twylite], see idcommons.net
Encountered this link; some government agency level security related theatre:
http://hacksawru.narod.ru/
It's not as mind-boggling as some of these other stories, but I work for a company that has a strong password policy... for the peons. Management is exempt.
IIRC the client didn't check the password but told the server how long the password was. So you could just tell the server the password is one char and then brute force it
At work: To "improve security and enhance employee safety" my employer installed turnstiles at the building entrances that open when you wave your ID badge at it. It's basically to prevent "tailgating" (unauthorized person(s) entering behind authorized ones) by requiring that people go through one at a time and requires that each person has a valid ID badge. The security theater aspect is that there is no check to ensure that the badge being used actually belongs to the person using it. I also have to use the badge to open doors. Between the front door and my desk I have to use my security badge 4 times (door, turnstile, door, door) and the first three readers are within 20 feet of each other. I feel safer!
At home: We live in the suburbs on a busy street near the center of town. Our dog just died and we're planning to get a new one at the end of the summer after vacations are over and we're back on a routine and able to devote the time to train the dog. My wife announced that she doesn't feel safe without a dog and wants to install an alarm system. We've lived here for over 9 years wihout any incident, we're ten feet from the second busiest street in town, we're at an intersection, and there are street lights. We are a terrible target. An alarm system won't make us any safer because we're already very safe, but it will make my wife feel safer. Pure security theater.
In my view alarm systems (home and car) can actually make people less safe because the best way to get around the alarm is to commit the crime while the owner is present.
DD
"Can I finish? Can I finish?
Last year Japan immigration introduced fingerprint scans and face photographs for all foreign entrants to the country for "terrorism prevention". The only terrorist acts ever committed in Japan were by Japanese people (who aren't scanned when returning to Japan).
The real reason is to satisfy their paranoia that a high percentage of crime is committed by foreigners, which statistically is untrue; and to capture the odd illegal immigrant.
Believe me, Japan is not the golden land for immigrants or hot target for terrorists.
Furthermore, one of my friends flew from the UK to Japan via Germany. At Frankfurt the security directed him through another security gate which checked for forbidden goods. The 500 ml jar of expensive honey he'd bought as a gift at Heathrow duty free had to be binned because of the liquids restriction. Totally insane.
There's a supreme being watching over you. Protecting you.
And if you communicate with him telepathically, and you're sincere enough,
he'll do nice things for you. Like if you're in some kind of trouble or danger.
I went to the local discount chain to get a small plinking gun - a Ruger 10-22, pretty much the gun you'd buy a 12 year old to practice with. In this rural town of a few thousand, it's the rare family dog who doesn't have his own rifle.
.22 is the terrorist's top choice for mowing down squirrels.
They said they had to do a background check. OK, I guess I don't want Charlie Manson getting a weapon, I'll wait the fifteen minutes.
They told me I was denied, but could check back in a few weeks. I asked why. The girl didn't know, but had assumptions. "You must have a felony conviction".
"No, I never had a felony." They couldn't deny me for that pot possession ticket 20 years ago, could they?
"Well, you must have a case pending." She turned back to stock the large-caliber hollow points anyone can buy without even showing ID.
"No, the worst I've gotten in the past few decades is a ticket. Maybe it's because I moved here from out-of-state last year?"
"Oh, maybe...where from?" Her Pacific NW facade of polite warmth much cooler now.
"New York City"
"Oh, of course, you know, since 9-11..." she trailed off, as if she had actually said something meaningful.
Right. Because it was native Brooklynites who dropped the planes on Manhattan during the great inter-boro civil war of 2001, and a
A few weeks later I got the OK and picked up my rifle. Turns out they have to check with your home state for domestic violence convictions, actually a pretty reasonable rule.
Presumably people from New Orleans won't be allowed to buy bottled water there now lest they create a flood with it.
The policy of forcing users to change their passwords monthly does not effectively counter any real-world threats, and creates additional threats. Instead, force users to pick a strong password and never change it unless there is suspicion of compromise.
By the way, have you read how incredibly difficult chemists have stated that it is to actually mix explosives on a plane? It requires beakers, ice and precision and the chances of making a mistake and not being able to take down the plane are quite high.
I live in Florida, we are allowed to stand our ground.
We have the right to have guns on our property without registration.
If you come onto my property, I can shoot you. ONLY survivors talk to police.
We can't take them everywhere, but we can have them in our cars.
That is why car jackers look for rental cars not local cars.
I would prefer an airline that hands out knives.
I trust 200 armed citizens against 5 nut jobs,
more than 200 unarmed sheep against 5 nut jobs.
I am proud to be a citizen and not a subject.
NFS still does assume UIDs are trustworthy. Keep in mind, Sun did NFS and NIS roughly together, and they use the same RPC mechanism. But it is very much a relic of the "trusted LAN" era. If you've got switches that allow arbitrary machines to connect, and DHCP servers that give arbitrary machines address information, NFS is probably not for you.
/etc/passwd away. Even easier if NIS is up, because I can get the entire passwd file from the NIS server.
Even with root squash, there's still no security. That just means I need to switch to someone else's UID before I can read their files--and that's just a quick vi
The great thing about the various attempts to add security to NFS is, they don't work with everything. The only redeeming feature of NFS is that every UNIX-a-like can at least operate as an NFS client. If you now have to do PKI and token management, why not install a good distributed file system instead? Maybe something with aggressive-but-useful client-side caching with server invalidation?
(Wanders off to play with OpenAFS some more....)
yeah, that'll protect my data.
The story sounds slightly unlikely. The ARPANet was so small then that everyone knew almost everyone else. There were no malicious people on the net. Also, ITS had, SFAIK, no internal security, and anyone could create his own account (and then access others' accounts). So, passwords would have added nothing.
ITS also had a feature where someone could eavesdrop on someone else's session, to offer help. I don't think it required the consent of the eavesdroppee.
In case it needs to be said, this was a research machine. Production work was done on machines with passwords.
Contemporaneously with this, at a college a few miles up the river, an undergrad was using the DARPA funded PDP-10 to implement a simulator with which to create the first BASIC interpreter for a micro, which he then sold. There was a rumor that he used so much time that DARPA complained. Using a government computer for private commercial gain is a big no-no. That kid later said that he skipped his CS lectures to attend management classes, which explains a lot about the company he co-founded. A few years ago he bought the college a new CS building.
The USS Constitution, the 200 year old wooden warship docked in Boston Harbor, is protected by a security cordon including metal detector, X-ray, and divers checking under the ship.
It was a fearsome weapon in 1800. However, if you smuggled sufficient gunpowder abord and fired its cannons now, the ship would probably split apart.
The company I work for uses (unnamed) antivirus. It's a joke. Our employees believe that if they have it installed they are immune to spyware. I haven't seen a single piece of AV software that stopped even 6 month old spyware. The fact our company has to spend money on this stuff or risk our customers telling us we're "insecure" depresses me.
- You can have anything in your carry-on bag up until the point you pass through security. So you could easily fill a maximum-allowed-size bag with dynamite and set it off in the middle of the line to security, probably killing as many people as if you blew up a plane and probably disrupting traffic even more.
- If you don't want to be in the line when the bag blows up, find a nice elderly couple and ask them to look after your bag while you go to the bathroom. If you look like white middle class, there is little risk they will refuse.
- Arrange with 20 other people to each bring in the allowed amount of liquids and mix it to a sizeable amount of explosive after getting through security. Or -- equally effective, and a lot easier -- to a poisonous gas.
- Many synthetic cloths are highly flammable and develop dense, poisonous smoke when burning. So just take off your jacket and set fire to it.
And many more. A problem is that the security measures are mainly reactive -- they handle only the things that have been tried before, and it is not difficult to come up with new idea. And when that happens, they just add new measures, but tehy can never stop everything.
I'm not saying that all security should be dropped, but the measures that are most invasive and annoying should be. I don't mind sending my back through X-rays etc. and walking through a metal detector. But please let me keep my shoes on and belt on and have a deodorant and a laptop computer in my bag without having to dig them out.
You seemed to have missed the point of my original post. I didn't say that (say) rehab center workers would be upset by legalization--I was referring to those who make large profits from the illegal drug trade.
"Not an actor, but he plays one on TV."
How about the campaign that the NYPD started on the New York City subway system over a year ago? Apparently, entering the subway system alters ones constitutional rights and makes it ok for the police to illegally search your bags with no need for probable cause. You either submit to random searches of your bags or you are not allowed to ride the subway. Nevermind the fact that cops seem to be randomly placed in random subway stations on random days checking random people's bags... If I were a terrorist I would simply leave the station and walk a few blocks to the next one. Unless they have cops searching everyone who gets on the subway at any station along the line, this is all either theater or an agenda with ulterior motives (catching other types of criminals/contraband on the subway?). My fiance had her diaper bag searched when she was taking our toddler to the park, but when someone tried to steal her purse one night on the subway the cop _watching the whole thing go down_ told her that she "looked like she could handle herself".
Years ago I worked at the computer labs at a university, and the administration instituted a policy forbidding users to use the 'chfn' command to change their "Real Name" on the UNIX systems used by the students for email. This was done ostensibly for security reasons, but when you asked what specific security concern this would mitigate you got yourself a bad reputation. I'm given to understand that the new head of the department had received an email from one of the students who had changed his "Real Name" to Mickey Mouse, and that he'd been offended.
Now around this time I happened to notice that the hostnames of the lab PCs from which the students would access the UNIX machines were all based on their location (the lab they were in and the number of the station, printed on the monitor). So if you walked into a lab and happened to notice a pretty girl you wanted to stalk, you could log into the UNIX system and if she was checking her email the list of who was online would tell you her name based on what workstation she was sitting at. When I raised that as a possible privacy concern, I was pretty much ignored.
Gun control laws -- especially in "Gun Free Zones" implentations -- are the ultimate security theater.
Let's assume for a moment that the "Gun Free Zones" were literally that: places no firearm went. Well, the the post office shootings of the early '80s would never have happened -- government buildings have been weapons-free zones for ages. And the Columbine school schooting -- well, not only was that a Gun Free Zone, but both shooters were not old enough to legally carry or own firearms!
When you look logically at the "more guns mean more killings" argument it falls apart with astonishing speed. Have you ever heard of a mass shooting at a gun show? What about at a gun range? The availability of weapons in either of those places is very high -- but somehow it's the places that the firearms aren't supposed to be that are at risk.
Extend this logic just a half-step further and gun control laws of all stripes start looking stupid. I will accept gun control when the advocates for it can tell me why criminals -- people who by definition break the laws -- will respect gun control laws while they completely ignore laws against drugs, theft, and murder.Do you like Japanese imports?
First let me address the claims above that the war in the middle east is security theater:
The fact that Saddam Hussein and more importantly his two children are dead makes the entire world more secure. If you think otherwise go read up on some of their recent history, such as torturing (REAL torture, not this waterboarding crap everyone seems to think is torture these days, I'm talking slice-open-your-thigh-and-put-wasp-larvae-in-it, then-sew-it-back-up-and-watch-you-squirm torture), maiming, and killing people that didn't agree with what the Iraqi government were doing, among other things.
Now we are stuck there because we didn't correctly fill the power vacuum that we created by removing these three monsters.
Now on to point two:
Security Theater is EVERYWHERE. Airports? My favorite bit of theater in airports these days are the (usually) Air Force guys there with M16's with empty magazines in them, and the breach locked back. If *I* noticed it and wasn't even looking for it, you think anyone intent on malfeasance wouldn't?
London is one giant piece of security theater. The most camera coverage anywhere in the world, and statistics prover what we already know, the cameras don't actually deter crime, they just help the cops figure out what happened, and occasionally catch the ones responsible.
If you want some even more amazing examples of security theater, check out Johnny Long's talk on no tech hacking to learn exactly how insecure all this security theater is making us.
Well it sounds like since your name was on a 'no fly list', the checks weren't random, they were the result of a filtering system with a high false positive rate.
Random checks are not security theater, at least not in principle.
It seems very rational to do a random check if:
A) you lack confidence in your non-random screening functions (the ones that force a mandatory check),
B) AND the random check will provide more information than the non-checking case,
C) AND if the random check requires an cost (in economic or liberty terms) that would not be acceptable if everyone was checked all the time.
A random check also allows the checker to cloak or obscure their screening function (to some degree) since an attacker cannot probe the presence/absence of the screening criteria without expending an effort that correlates with the frequency of the random checks.
That said, random checks don't make sense if:
- the consequences of failing to check and someone getting through aren't that serious,
OR
- attackers are infrequent and the the random check is infrequent enough that your overall detection rate isn't helped
- AND you don't care about obscuring your screening function
While I don't know enough facts about costs or detection rates and false positive rates to gauge whether random airline passenger screening checks make sense, it seems plausible that they could in theory be reasonable.
They look up the doctor's name in their list of doctors (often on a computer! amazing!), and call the number that their system lists. At this point, if the doctor's name is fake, they already know you're full of shit. If it's real, they'll have verification from the doctor or their administrative staff shortly as to whether or not that prescription was actually given out by that office. It's happened to me on prescriptions with no potential for abuse (once on an inhaler, and another time on some medicine for altitude sickness)-- I can only imagine how thorough they have to be with abuse drugs.
But when you want to LEAVE our birthing center, you better have a key.
Of course, the fire alarm disables the lock so you can imaging a kidnapper pulling the alarm then exiting. I think if you want to escape unnoticed this wouldn't work, and if you tried to use the 'confusion' of an alarm to your advantage, we have many fire drills so there is little confusion--everyone knows what to do.
And unless you are already out at the street when they call a code pink (kidnapping), you are not getting away. We practice code pinks and believe me, no one can 'sneak' out of our building once the announcement is broadcast. We do not rely on technology (beyond the PA) to pull this off, it is 200 human observers with assigned strategic positions all looking for anyone entering, leaving, or even driving in the parking lot.
The Feds in the US are paying for chain-link fences around aiports. There can be several miles of bob-wire topped, 10ft high chain-link,which is all but transparent to a set of $20 bolt cutters, but in many places it is just a 4ft high barrier. These come with electronic gates, that stay broken and hence propped open most of the time.
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
The hospital where my kids were born at had one of those fancy RFID tag systems where a tag is attached to the umbilical stump. During the mandatory hospital tour, when they made a big deal about this state-of-the-art security, how they do kidnapping drills all the time, etc, I wondered to myself, "It's a little plastic tag. Why couldn't the baby-napper just snip it off?"
Fast forward a few months to when my first child was born. Part of the discharge procedure is, of course, to remove the RFID tag, which the nurse unceremoniously did with a small wire cutter. When I made light of how easily the security system might be defeated, the nurse assured me that a kidnapper would never have a wire cutter. I would have asked how she could be so sure, but I really just wanted to go home at that point.
It wasn't until after having my second child that I realized the true security measure: "Newborns are a royal pain in the ass." I'd have 12 kids if there were some way to just pick 'em up after 9 months or so.
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
Secure password policies. My workplace introduced this policy not long ago and it's clearly a bit of security theater. Sure, done properly it will work. But the reality is that when you are requiring a high level of complexity... high number of characters, capitals or special characters, people will start to write them down when they previously wouldn't have. In these cases, we now have effectively LESS security, as that password is potentially more available to intruders. It is an even easier method of breaking into a system than it is using a dictionary or brute force attacks, especially when a typical scenario would only allow an attacker a short period of opportunity to try and crack a password. This isn't to say that all strong password requirements are a bad idea, requiring just a single capital letter or a single number in the password would probably work just fine, but the notion that deploying a complex set of password rules will increase security is flat out wrong.
The same goes for applications requiring seperate credentials from those used to initially log on to the system. When you start to introduce even MORE usernames and passwords into the mix, it is going to greatly increase people's tendency to write them down.
Using a single set of credentials for everything and requiring only a minimally complex password, locking out the account after a set number of attempts would be the best solution, but of course in a large corporation the voice of the front line staff is rarely heard.
I saw in INTA building (the Argentina version of USDA) some door that have a card reader to get it, but the traffic is to intense in the morning that is always left with a stone working as a doorstop.
Like the password written in the keyboard.
DNA in your Linux: DNALinux
My kids' doctor doesn't mess with any of this faxing BS. He just calls their prescriptions into the pharmacy.
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
As for "working
It's a cost benefit analysis a couple of thousand GBP is worth a few nights in jail, it's not worth the risk of summary execution.
I'm trying to think of when I've encountered security that wasn't theater.
* mechanical locks of all kinds
* car alarms
* antivirus software
All of these are not only ineffective (theater), they're usually at least as bad as the disease they attempt to prevent (lost keys, carrying keys, false alarms, automatic download and execution of useless resource-hogging insecure code...).
Yes, I can verify that your story is close to correct.
:LOGIN GUMBY. Mainly it just set your homedir since there wasn't much difference between being logged in and not being logged in. You could type the command :PASS (or was it :PASSWORD -- I no longer remember) and send a password, but some wag added that command and the response "You're sending a password HERE?" That was probably Guy Steele). So that was ITS. Oh yea you could read anybody's mail by doing :PRMAIL GUMBY (or :PRMAIL RMS), or I think it was GUMBY^R.
The command interpreter ("shell") for ITS was the debugger(!). You could give it commands either as shortcuts (control characters) or in long form, with a colon and the command name. So you could log in as GUMBYU (altmode was a special character -- if you only had an ASCII terminal you could use escape) or via
Now if you came in from a remote machine not in the lab you did have to log in, but that was only because the server you talked to implemented that. It looked a lot like DDT, the "shell" but really wasn't -- it only implemented a few commands, one of which was a login command that required a password. If you authenticated then you were given a DDT with the homedir already set. By the time I started using the system in late 1979/early 1980 that authenticating server already existed.
Note this is all before the arpanet switched over to TCP in 1984. We used an older protocol called NCP.
Too many people don't understand they have a legal right to take photographs and record video in public places, and that it's protected under the First Amendment of the Constitution.
The practice of street photography has a long tradition in New York City and its purpose varies from hobby and artistic expression to memory making and journalistic documentation. But the freedom to photograph and film has long been taken for granted and challenged in the wake of 9/11.
Know your rights and what to do when approached by law enforcement.
My name is Kim Lengle and I pitched this story to several College Current producer during a pitch session of Jon Alpert's Documentary class at the Columbia University Graduate School of Journalism. I was told that you had a similar story that couldn't be aired.
My story has first hand accounts and shows myself and my partner being kicked out of public places for trying to record video.
Watch the video.
As this guy clearly escapes with video footage, and I've seen countless others do the same, it's pretty clear that this isn't any real form of security at all.
my school (baker college) has decided to implement a 'all classrooms must be locked' policy. Many classrooms have plaster walls and windows into the halls. Students can't get back in once they leave. For the most part we prop the doors open, or put things in the doors. I don't for a second thing this would stop a shooter from killing enough. And it would preven emergency services from easily entering the rooms to aid wounded.