What Examples of Security Theater Have You Encountered?
swillden writes "Everyone who pays any attention at all to security, both computer security and 'meatspace' security, has heard the phrase Security Theater. For years I've paid close attention to security setups that I come in contact with, and tried to evaluate their real effectiveness vs their theatrical aspects. In the process I've found many examples of pure theater, but even more cases where the security was really a cover for another motive." swillden would like to know what you've encountered along these lines; read on for the rest of his question below.
swillden continues: "Recently, a neighbor uncovered a good example. He and his wife attended a local semi-pro baseball game where security guards were checking all bags for weapons. Since his wife carries a small pistol in her purse, they were concerned that there would be a problem. They decided to try anyway, and see if her concealed weapon permit satisfied the policy. The guard looked at her gun, said nothing and passed them in, then stopped the man behind them because he had beer and snacks in his bag. Park rules prohibit outside food. It's clear what the 'security' check was really about: improving park food vending revenues.
So, what examples of pure security theater have you noticed? Even more interesting, what examples of security-as-excuse have you seen?"
So, what examples of pure security theater have you noticed? Even more interesting, what examples of security-as-excuse have you seen?"
More Twoson than Cupertino
My adviser back at University, Rich Maddox, used to tell a story from his youth, when he was dating a girl who (apparently for religious reasons? I don't remember exactly) always carried a large knife in her purse. So anyway, they were going to Disneyland with a couple of friends, and as they went through the entry turnstile they stopped Rich and asked to check his backpack for weapons and so forth. And they found a pocket knife there, and told him he couldn't bring it into the park because it was dangerous. That's when Rich called over to his girlfriend who was already inside, and said "Honey, do you still have that knife with you?" And she pulled it out of her purse and said "Yeah, why do you ask?"
(rot13) rpbzbab@tznvy.pbz
I had a boss that named the wireless network "Virus". On asking him about this, he explained "it's to scare off hackers - they won't connect if they think they'll get a virus". Ah, ok.
It's probably worth pointing out he wasn't aware you could "secure" a wireless point with a basic WPA key at least - it was completely open, anyone could walk right in, assuming they beat the fear of the "virus" that was.
throw new NoSignatureException();
...while I was temping for a company in Chicago, I was asked to deliver a box of candy to a client in the Sears Tower. While entering, I went though the giant, heightened security setup - x-rays and all - and got held up because I had a box cutter in my backback.
They held it up triumphantly and shouted at me, "Just what do you expect to do with this?!"
I wanted to ask them them the same question back. Just what did they expect I'd do with that? In a building that had security guards with guns? Was I going to hijack the building and crash it into a plane?
I was working with a particular system where the vendor added a strict password security policy. They require a mixture of uppercase and lowercase letters as well as at least one digit or special character. Later on, I discovered, by accident, that the password is not case sensitive when you actually go to login. It turns out that the routine for setting the password enforces stronger passwords than the underlying system can actually support. The vendor, of course, claimed that they would be upgrading their underlying password encryption algorithm very soon.
OK, solution. Ask for TWO cans of soda. Drink the first one and then tear the second one in half. Try to pour as much of the flowing liquid into the now empty first can.......no wait.. Ask for THREE cans......crap....
I was trying to transfer some funds out of a joint bank account. I used the phone based system (and answered the usual security questions). Then the person told me that for the transfer to be allowed, both people on the joint account needed to sign-off on the transfer.
The other person wasn't available... so I just said "Ok, hold on I'll get him." Then waited a few seconds and said "Hi. Yes, I'm he. Yes I confirm the transfer."
They transferred the money. No authentication, no double-checks. Just some voice on a phone (I didn't even bother faking a different-sounding voice) saying that it was ok.
in 2002 I bought a ford focus zx3, complete with a blinking red light on the dash, which the dealer refered to as an "anti-theft device."
And since they're a group of them, desperate enough to mangle or kill you, they certainly all have weapons. And given the situation, the weapons in question are certainly assault rifles. And they're not stupid, just desperate, so they'll rely on strength in numbers, attacking by the hundreds. At this point, having arranged a group of hundreds of heavily armed men, they pretty much have to murder you. This is why I feel much safer keeping a loaded M1 Abrams in my bedroom.
Search 2010 Gen Con events
Two things: Firstly wooden assailants are very dangerous and resistant to gunshot wounds. Your best bet against this sort of wood-be assailant is a flamethrower or an ax.
Secondly, saying that you shouldn't have a gun because you are more likely to commit suicide than be killed by an intruder implies that either people randomly commit suicide for no reason or that people choose to have home invasions. They are not really the same sort of thing so the statistics aren't really a helpful metric.
That said, if you are a person with suicidal tendencies you should keep neither firearms nor flamethrowers (which confusingly are not generally considered firearms) around the house. Axes however are very difficult to commit suicide with, and as such should be kept in the event you run into any would-be wood-be assailants.
I had a contract at a high security government site. At one location an MP actually had a M16 pointed at me while I worked but that's a different story. At this location the computer room was raised and had a ramp leading to a secure door. Not having the proper card to get in I always needed an escort for access. The problem was no one was ever around when I needed in.
One day after waiting 45 minutes for my escort I had an idea. I lifted one of the tiles in front of the door, slipped under and came up the other side of the raised floor. Another 45 minutes and my escort finely arrived beside himself I was already in the room. He lectured me about Top Secret this and Top Secret that, the ramifications and had to know how I got in... So I told him. They installed a barrier under the floor.
The next time it happened I looked up and saw a tile ceiling. The lecture worked because I didn't go over but I was tempted.
-[d]-
I've always thought the way the TSA treats pilots was a bit.. odd. A couple years ago, a TSA agent was giving a pilot a hard time over a small jeweler's screwdriver in an eyeglass repair kit.
The pilot said to him, "Well, you can confiscate this if you want, but -- and I don't mean to alarm you -- I have a fire axe in the cockpit."
The
Some 3 weeks after 9/11, I was flying from PHX to SJO and had my toenail clipper confiscated by airport security.
As I walked to the gate and sat in the waiting area, I spied a very-cute young blonde. I sat next to her and noticed that she was knitting.
I asked what she was making, and in the process of telling me, she explained that the needles she was using were 16" long and made of stainless steel.
I was so struck with the absurdity of the situation that I became flustered, and unable to secure her phone number.
Actually+, I think all sentences should be punctuated so as to indicate tone` We could reform the world^ /Everyone knows how beautiful% perl scripts are---why hasn't this spread to the rest of printed# text? It could@ do &wonders for ==human.computer interaction!_ ))Just think: with{everything so clear,$we,could,see+world+`peace]`within&&our$lifetime! \|Misundersta%%ndings %{in*^written)()communi+[cation,"would@become^things&of the past@@
--TheOrangeSquid Is it any wonder things seem so awry? We swim in a sea of confusion and don't have to think to survive
One thing you don't realize when you see it on television is just how big the garden is, and how far away the fence is.
But that's by the by. As I was walking around the boundary fence, I noticed a security guard, armed with what appeared to be a shotgun, hiding behind a bush. What was even stranger, he was attempting to, but failing, to hide from me, armed with what was obviously a digital camera and nothing else.
I continued walking around a bit, looking at him. He continued to edge around the particular shrub; again, trying, and failing, to keep out of my view.
It was so patently absurd that I felt like taking a photo of the scene, but given that the guy was carrying a shotgun and this was the White House, I thought it might be prudent to ask first.
So, I called out to the guy "excuse me, but do you mind if I take a photo"?
The reply comes back "no, don't take one". And he tries even harder, and fails, to hide himself.
This is despite the fact that anybody with a pair of binoculars, or a long lens camera, would have easily spotted the bloke from several hundred yards away. The Secret Service must, of course, know this, and probably had two other armed guards I hadn't spotted watching me.
For the life of me, I still don't understand what this guy was trying to achieve hiding behind the shrubbery. Look, everybody expects there to be guards in the White House gardens, some of whom you'll see, some of whom you won't unless you try something insanely stupid. But this whole hide-and-seek routine made absolutely no sense at all.
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)