Slashdot Mirror
What Examples of Security Theater Have You Encountered?
swillden writes "Everyone who pays any attention at all to security, both computer security and 'meatspace' security, has heard the phrase Security Theater. For years I've paid close attention to security setups that I come in contact with, and tried to evaluate their real effectiveness vs their theatrical aspects. In the process I've found many examples of pure theater, but even more cases where the security was really a cover for another motive." swillden would like to know what you've encountered along these lines; read on for the rest of his question below.
swillden continues: "Recently, a neighbor uncovered a good example. He and his wife attended a local semi-pro baseball game where security guards were checking all bags for weapons. Since his wife carries a small pistol in her purse, they were concerned that there would be a problem. They decided to try anyway, and see if her concealed weapon permit satisfied the policy. The guard looked at her gun, said nothing and passed them in, then stopped the man behind them because he had beer and snacks in his bag. Park rules prohibit outside food. It's clear what the 'security' check was really about: improving park food vending revenues.
So, what examples of pure security theater have you noticed? Even more interesting, what examples of security-as-excuse have you seen?"
So, what examples of pure security theater have you noticed? Even more interesting, what examples of security-as-excuse have you seen?"
Airports... Need I say more?
More Twoson than Cupertino
No trolling intended, but the war in Iraq now is the biggest piece of security theater on the planet. It does not make the US safer ( indeed it probably does the reverse ) but it does give certain people benefits. Chaney and friends make millions on no-bid contracts, and neocons get to implement policies that in more normal conditions would not be tolerated by the public.
While creating an intranet for the company I was doing some outside work for I ran into a problem authenticating through their antiquated AD system. Rather than updating everything or heaven forbid give management an actual password to remember my instructions were to "make it as scary as possible but don't actually put a password on it." I had a four tiered authentication system which would allow you to move forward regardless of what was put in the text boxes. They loved it, and a little piece of me died when I cashed the check.
"Never let your sense of morals prevent you from doing what is right" - Salvor Hardin
If public CA's are supposed to be trusted authorities of identity on the Internet, why do we have to have "extended validation" of an entity before they get a certificate? If we can't trust the CA to validate entities before issuing certificates in the first place, how can we trust them to issue Extended Validation Certificates in the second?
Oh, I forgot, they are in collusion with Microsoft and other CA's to inflate the cost of digital certificates they already issue.
Welcome to the world of 'security'. A place where there are hidden meanings behind everyone of their smiles. When you think about it, what makes security software so adventageous? Viruses and other malware. In order to have those wou can not have security. And hense in order to make their buisness prosper they have to have a hidden agenda.
-- (this is a sig) My Computer Programming Forumhttp://www.programers.co.nr/
In 2001 I was living in an apartment complex in a North Dallas suburb. If you got a package that wouldn't fit in those teeny-tiny mailboxes then the mail man would drop off the package at the apartment complex office and you could pick it up in normal office hours.
After September 11th, the apartment management sent out a memo to all residents that because of the heightened state of terrorism awareness the office would no longer allow packages to be held there for the residents.
Of course my first thought was they were just tired of dealing with the packages and saw this as a convenient excuse to stop holding packages for people.
No todo lo que es oro brilla
Oh, and "inspections" of laptops at the border.
Yeah, that will help (actually, it does. It helps because it drastically reduces the number of willing visitors to the US)..
My adviser back at University, Rich Maddox, used to tell a story from his youth, when he was dating a girl who (apparently for religious reasons? I don't remember exactly) always carried a large knife in her purse. So anyway, they were going to Disneyland with a couple of friends, and as they went through the entry turnstile they stopped Rich and asked to check his backpack for weapons and so forth. And they found a pocket knife there, and told him he couldn't bring it into the park because it was dangerous. That's when Rich called over to his girlfriend who was already inside, and said "Honey, do you still have that knife with you?" And she pulled it out of her purse and said "Yeah, why do you ask?"
(rot13) rpbzbab@tznvy.pbz
Every time I'm held up by the "No Fly List" because I have an insanely common name, I feel like a victim of security theater. How many would be terrorists have been caught by the no fly list?
In my opinion almost all forms of random searches are security theater.
People putting loaded handguns in their homes in the case of a wood-be assailant or robber breaking in. This is not only security theater, it increases the risk you are putting yourself and your family in. Not to mention that in most instances of murder the victim knew the assailant. You're more likely to die of suicide than a robber killing you.
I don't know if these are examples where the security theater is a cover for another reason--unlikely. But there's clearly examples where it just makes your life worse more often than better.
My work here is dung.
Security theatre in it's finest. It's so unusable that it's clear that any serious user will disable it. So why include it? The article points a valid reason: liability. Micrsoft can't keep your system highly safe without a great cost to them (re-architect the OS and severely damage backwards compatiblility). So they chose to let you either deal with the annoyance, or turn it off, and (symbolically) accept responsibility for anything that goes wrong.
Make sure everyone's vote counts: Verified Voting
Nuff' said.
Slashdot needs to interview Natalie Portman.
I cannot verify this story, anyone else?
Back in ArpaNet days, MIT had machines running an OS called ITS. It was a friendly and happy world and there were user accounts but no passwords. But networking means that strangers can connect and so Arpa insisted that passwords be added. So the ITS developers added a password prompt that ignored the password, and this made the Arpa people happy for a while until they figured it out and made them actually check the password.
In a similar vein, Microsoft file server passwords were originally checked only on the client, a fact which went undiscovered until Samba came along.
I had a boss that named the wireless network "Virus". On asking him about this, he explained "it's to scare off hackers - they won't connect if they think they'll get a virus". Ah, ok.
It's probably worth pointing out he wasn't aware you could "secure" a wireless point with a basic WPA key at least - it was completely open, anyone could walk right in, assuming they beat the fear of the "virus" that was.
throw new NoSignatureException();
The libraries let you sign your own books out. You place your book and card under a scanner, and then it demagnetizes the book so the alarms won't go off when you leave. The scanner only reads a barcode though, so you can stick five books on it, sign out one, and demagnetize them all. Presto, four free books.
Of course, when the security alarms do go off at the library anyway, they just let the people walk out.
DIEBOLD and other voting machine manufacturers take the cake for Security Theater. Throwing around words like encryption make most politicians nod ignorantly in agreement (something politicians often do). By now we should know the whole voting system is rigged, and that these fools are continuing to tout themselves as secure.
Here's the movie that partially but convincingly explores how jacked up this situation is:
http://video.google.com/videoplay?docid=-4762159260759486531&ei=Fms8SKmYKJCEqgPTx4XjAw&hl=en
...while I was temping for a company in Chicago, I was asked to deliver a box of candy to a client in the Sears Tower. While entering, I went though the giant, heightened security setup - x-rays and all - and got held up because I had a box cutter in my backback.
They held it up triumphantly and shouted at me, "Just what do you expect to do with this?!"
I wanted to ask them them the same question back. Just what did they expect I'd do with that? In a building that had security guards with guns? Was I going to hijack the building and crash it into a plane?
On my bank's web site, when I used the browser's back button, things started to get out of sync. You had to click their own custom back button somewhere in the pages so that everything would continues to work.
When I called to report it, I was explained that I had to click their own back button, not mine. When I said "Yes, I know, I just wanted to let you know so that you can fix the bug sometime", the final answer was something like "It's by design. It's for security reasons". At that point I was expected to say "ok. thank you" or whatever, and to understand that a "bug" was totally unthinkable on their super-reliable ultra-secure blah blah bank site.
Nevertheless, a few months later, the bug was gone. I didn't call back to say I'm now worried about the security...
The article fails to talk about security as a deterrent.
The RFID bracelets on an infant can give comfort to the parents but its more of a deterrent then anything. Sure the hospital can tell the parents that their child is protected. But the hospital is not protecting the child as much as its protecting itself. For example:
A guard that is in the bank is not there to stop a bank from being robbed. He deters people from committing the crime itself. In a robbery situation the guard himself is useless because the individual or individuals robbing a bank would take him out first. But in most bank robberies, the criminals are going to go after a bank without a guard anyway.
A mall guard doesn't stop people from stealing, he creates the presence of being watched, therefor deterring people from stealing.
Same goes with cameras in stores. Most of the time no one is monitoring the cameras and if anything their used to watch employees over customers. But their deterring employees from doing anything unethical or illegal and they deter people from stealing.
In my opinion the idea of security theater and feeling safe is crap. You might as well spend the time and effort to know your safe then make it seem like you feel like your safe.
...but what the hell is up with these users starting their replies with something like: "I'll probably get modded down for trolling, but..." Are you saying you know your answer will not be appreciated, but you're just the kind of crazy, out-there, don't-give-a-damn, cool guy that says it anyway? Just say what you have to say and stand by it. Stop showing off your insecurity, and/or lack of knowledge on the subject.
What's left to say? It's pretty clear that drugs are more dangerous when they're only available in the unregulated black market than in a regulated legal market. Criminalizing the use of drugs only hurts drug users more, yet it's done in the name of safety.
What's worst is that we've been fighting this war for decades, no end is in sight, we've spent more money and lost more freedoms fighting it than we have in Iraq. And still, no one in power has the balls to speak out against this.
We live in a sick, sad world. People who would meet the non-violent act of drug use with the violent acts of arrest and imprisonment are themselves violent criminals. Yet in this society they are deemed good citizens.
Give me Classic Slashdot or give me death!
rj
The DOD replaced reasonable passwords with Common Access Cards. The difference? Instead of having to find out someone's 8+ character alphanumeric password that changes every month, you need to have physical access to their card and need to know their 6 digit number that never changes. Meanwhile, everyone is forgetting their card in the reader when they go to lunch, so they can't get back on base -- but feel free to use it yourself in the meantime.
Whale
See tsa.gov. I have personally taken gasoline soaked garments on an airplane and not had them given a second look. Of course the radios I also carry always get a second look although they are EXACTLY like most of the guards carry (Motorola CP200). However, I do feel infinitely more secure knowing that an airplane will never be highjacked again, not because of anything the government does but because the passengers won't stand for it and will kill the highjackers. I suppose some passengers might die but as far as they were concerned they were dead anyway. In short, pretty much the whole airline security system is security theatre.
I was working with a particular system where the vendor added a strict password security policy. They require a mixture of uppercase and lowercase letters as well as at least one digit or special character. Later on, I discovered, by accident, that the password is not case sensitive when you actually go to login. It turns out that the routine for setting the password enforces stronger passwords than the underlying system can actually support. The vendor, of course, claimed that they would be upgrading their underlying password encryption algorithm very soon.
What about security measures that have the opposite effect, of making the system less secure?
Aggressive password policies, for example, that require long strings of amnemonic gibberish that must be changed every month or so and may not bear any resemblance to previous long strings of gibberish.
The end result of this at my company is that we each use the same password for every security domain we have access to, and we tend to write it down.
Any sufficiently well-organized community is indistinguishable from Government.
OK, solution. Ask for TWO cans of soda. Drink the first one and then tear the second one in half. Try to pour as much of the flowing liquid into the now empty first can.......no wait.. Ask for THREE cans......crap....
I was living in Salt Lake City during these games. Remember that the Olympics were only a few months after 9/11. There were huge security concerns. We saw low flying helicopters over the city we were told were searching for nuclear material. We saw various 'special forces' teams deployed in the mountains around venues looking for 'snipers.' The security downtown was surreal. People were checking every car coming in and out for bombs. Everyone had to go through metal detectors (in some cases, you actually had to pass two layers of metal detectors). The amount of government agents per city block was astounding. Many were armed with sub-machine guns. For such a quiet city like Salt Lake, seeing troops walk around in full combat gear was quite theatrical.
My favorite security theatric was an ATF agent standing on a street corner, machine gun in hand and in full combat gear. He was waving and smiling at people driving buy to be sure they all saw him and his gun. I stopped and watched him for about 20 minutes before he started using his radio while giving me the 'killer' eyes. Despite the smiling and waving, he was not friendly, not at all. I decided to vacate my vantage point. Those guys were so bored they were looking for targets to harass.
Have I heard the term Security Theatre.
Must have been coined by someone thinking outside the box.
Patriot Act
I had some stock options through my job that I tried to cash through the etrade account that had been set up for me. The stock price was rather high, and our trading window was about to close, so I tried selling at literally the last minute. The sell order failed, and no reason was given. A few days later, I received a letter in the mail from etrade telling me that my account was locked. Several years before, while living in a different state, I had an etrade account. Because the SSN was the same on both accounts, but the addresses were totally different, some part of the Patriot Act made them lock my account until I could prove my identity by sending them a notarized copy of my social security card.
Another example, which isn't really security theater, just shitty work by the TSA happened to me a few years before that.
My wife had to fly out of state for a funeral, and she took our 6 month old daughter with her. I took them to the ticket counter. Since she was traveling with a baby, a car seat, and her carry on bag, the ticket agent offered to print me a pass that would allow me to accompany her to the gate and help her carry her things.
As I was getting up to the xray machines, I remembered that I had a small pocket knife in my pocket. I hadn't removed it since I wasn't expecting to go through security. As I got to the xray machine, I told the operator what had happened, and told her that I'd just go back through the line and put the knife out in our car.
She seemed ok with that, and told me that I could just go ahead and go through the xray machine, and out the exit that was just a few feet from the xray machine, so I didn't have to go back and work my way through the line.
As soon as I went through, several TSA agents came up and detained me for attempting to bring a weapon through the security checkpoint. I wound up being searched, my 6 month old daughter that I was holding was searched, and I was questioned for about an hour as to why I had tried to take a knife through security. Not once did they go talk to the lady running the xray machine less than 50 feet away, who had told me to go through.
In the end, my knife was confiscated (It was about a $50 knife), and I was threatened that I could be under arrest for attempting to smuggle a weapon through the airport, and I could be facing a several thousand dollar fine for it. They filled out a report, and made me immediately leave the terminal.
About a month later, I received a letter from the TSA saying that they had chosen not to fine me this time, but if I ever came up in their system again I would face the maximum penalties.
That was the day that I lost all faith in our government.
In a past life, I worked for a major aerospace company. Security appeared pretty tight, what with armed guards checking IDs at entry points. They also had manned checkpoints to check vehicle passes at the road entrances. These were usually issued to upper management, enabling them to park inside the fence, close to the buildings. The peons had to park outside and walk in.
Because of my job in various R&D labs, I was always hauling equipment around in my personal vehicle. There were provisions to issue employees in my position a temporary vehicle pass and a 'parcel pass', allowing us to transport company equipment through the gates.
Throughout my career, I was never ever challenged when exiting a facility with a hatchback, obviously loaded with expensive equipment. The vehicle pass system existed only to ensure that some scumbag grunt didn't park in a manager's space. Security guards were nothing more than glorified parking enforcement.
At some of the production facilities, gate guards were instructed to examine lunch boxes of the workers exiting to ensure that they were not swiping tools. Briefcases were exempt from such checks, as they were typically carried by trusted engineers and management. As most of the engineers working within production facilities were indistinguishable from mechanics by dress or any badge markings, I suppose it never occurred to security that a worker intent on swiping tools could obtain a briefcase.
Have gnu, will travel.
I was trying to transfer some funds out of a joint bank account. I used the phone based system (and answered the usual security questions). Then the person told me that for the transfer to be allowed, both people on the joint account needed to sign-off on the transfer.
The other person wasn't available... so I just said "Ok, hold on I'll get him." Then waited a few seconds and said "Hi. Yes, I'm he. Yes I confirm the transfer."
They transferred the money. No authentication, no double-checks. Just some voice on a phone (I didn't even bother faking a different-sounding voice) saying that it was ok.
because it was a revolver.
It must suck, being you, and never being able to understand the humor in a pun.
"National Security is the chief cause of national insecurity." - Celine's First Law
A local school here recently went to a closed campus. They paid a lot of money to fence between all perimeter buildings (really old school), and to put up large gates.
During school hours, the only way onto the campus is through the front office (or any door that someone opens from the inside). You can exit the campus from any perimeter door. For good measure, they mounted a security camera to watch the door into the front office.
They placed it so that it records the back of people as they enter the office. At least it would, if they hadn't mounted it directly behind the four inch steel post they installed to mount the gate that closed the campus.
Now, the camera takes a nice video of a shiny new fence post all day.
Everyone knows the camera is useless in its present position. Nobody cares. All the expense of the fences, the gates, and the cameras was never about security.
Copenhagen Airport, after the security check. In the departure hall there is a wide open area with about 30 tables from a Steakhouse restaurant, with all tables layed out with big steak knives just for the taking.
What? You mean you don't have any ex-cons in your family that already could have told you about this?
My favorite always was the vodka made from mashed potatoes...
A Pirate and a Puritan look the same on a balance sheet.
I have a friend who works for *organization*. They work in a
single-story building, in a suburb of a second-tier city. The building
sits on its own plot of land, on a hill, in an industrial-office-park
kind of area. The building is a lab, but it's mostly monitoring
equipment. It's not weapons, or explosives, or significant quantities
of chemicals.
This is probably not what anyone would consider a high-value target.
There's never been any kind of attack or threat against the building
or its personnel. But after 9-11, management started obsessing about
security.
The first thing they did was get armed guards for the building. Armed
guards did not make my friend feel secure. My friend wondered about
their training and worried about getting shot.
Guard duty is tough. It's hot in the summer and cold in the winter,
and the guards aren't in good condition to begin with, since they just
stand there all day and never get any exercise. In practice, the
guards spend most of their time sitting in their cars in front of the
building, with the engine running for heat or AC.
Management decided that this didn't look good, so they built a guard
shack along the right-hand side of the driveway. Now the guard sits in
the shack and watches the cars go by.
But that didn't seem very secure either--a bad guy could just drive
right by without stopping
(http://en.wikipedia.org/wiki/1983_Beirut_barracks_bombing).
So they added a gate, and spikes, and a card reader. To pass, an
employee stops at the gate, rolls down their window and swipes their
card. The gate goes up, the spikes retract, and they drive through.
My friend doesn't trust this system a bit, and makes a point of
watching to see that the spikes have retracted before driving over
them. There was speculation among the staff as to who would be the
first to blow out their tires on the spikes. As it happenes, it was
the mailman, followed some time later by two visitors who either
didn't see or didn't understand the signs warning against following
another vehicle through the gate.
I suggested that they stencil silhouettes of all the vehicles they've
caught on the guard shack, the way fighter pilots (used to?) record
kills on the nose of their airplanes.
My friend points out that even with a gate and spikes, the system only
protects against attackers who
- care about their tires, and
- don't have trucks
because any vehicle can blow through the gate and make it the short
distance to the building on four flat tires, and any truck can drive
over the curb and avoid the whole thing.
Management decided that blowing out their visitors' tires was
unfriendly, so they instituted a new procedure for passing the gate.
Now, drivers stop at the gate and roll down their window. The guard
walks from the shack (on the right), in front of the car, to the card
reader (on the left), takes the driver's card, swipes it, and returns
it to the driver. Then the driver can pass.
The staff considered that the guards were now at risk of being run
over--and it happened. An employee reached down in his car to get his
card, his foot came off the brake, and the car rolled forward into the
guard. The guard was taken to hospital--I don't think the injuries
were too serious. The driver has to appear in court and pay fines--I
don't know if it is criminal or civil.
This is beyond security theater. This is real damage.
Thus making people wonder "what's so important behind that door?
The security guard on the early shift was the most frail ancient person I have ever seen in a uniform, but dammit, we were doing something. Or at least being seen to do something, which is just as good.
---
"I can't complain, but sometimes still do..." Joe Walsh
I stopped going to the theater a long time ago as "today's" movie offerings suck.
:)
Oh wait, wrong 'theater'.....
Is government funding based on how cool sounding you make it or something?
---- Booth was a patriot ----
Shortly after 9/11 when the airport security restrictions were getting really ramped up and casual travelers didn't know what to expect, I happened to be in line behind a woman who had the unmitigated gall to be carrying a small tweezer in her purse. The security guy very politely explained that she couldn't take it on the plane, but she was having a fit. When he finally started to walk away, I leaned up to her and said "What did he think you were, a plucking terrorist?" That got her laughing and luckily the security guard didn't hear what I said, otherwise I'm sure I'd still be getting a cavity search now.
I was stopped at airport security and made to stand in a little glass box while they looked at my bag under the x-ray. After a half hour of questioning and digging through my stuff they pulled out three beanbags I used for juggling and was told this was the problem. They could not go on the plane with me and I left them behind.
It also helps politicians pander to ignorant members of the right.
"Not an actor, but he plays one on TV."
Every year, my lady and I go up to Canada for the 4th of July weekend to escape the annual (and mostly illegal, under local city codes) fireworks war-zone that infests our neighborhood. We've been doing this for several years, and in fact we both just got our NEXUS cards.
To help put this in context: I'm a ham radio operator, as well as a volunteer first-responder. I've had formal training, through our city's fire department, in disaster relief, emergency medical procedures, basic search-and-rescue, the whole bit.
Because of the above, our minivan is well-equipped for emergencies. I've installed multiple communication radios, a navigation computer, and I carry a medical trauma kit and various safety gear such as flares and a reflective vest. Besides the small antenna farm on the roof, I also have a light bar mounted on the back end (amber, red, clear... same as many tow trucks).
Every bit of it is legal under the road laws of every state except New York (I know, because I spent a couple of long nights going through said laws to make bloody sure!). Couple all that with the fact that I work for our state's police agency (non-commissioned, civil service).
Now, with all the above in mind -- Last year, we're coming back through on Sunday afternoon. I normally have the radios and navigation system on while driving, and this has never, in times past, been an issue.
Not this year. The border guard we drew seemed to be short on both sleep and temper, and rudely ordered me to turn EVERYthing off before he would even talk to us. One of the questions he asked, after that point, was who I worked for. When I told him, he said (snappily) that, for that reason alone, I should understand why he'd told me to turn everything off.
He let us move on at that point, but before I took off I told him, flat out, "No, I don't understand."
And it was the honest truth! If someone's going to try and set off something that goes bang via radio, or other wireless means, it strikes me that they're going to go to considerable effort to keep such activities hidden. They certainly would not do so in a hugely-long border-crossing line, where there was absolutely no way to move anywhere but through the guard posts, in a minivan that stands out like a solar flare and has ham radio callsign plates to boot!
I have no clear idea why this guard was so nasty, or what bizarre purpose his attitude served. I will say that it did indeed strike me as pure theater.
The only thing I can think of is that, perhaps, his sergeant or lieutenant was observing him at the time, and we didn't notice...?
Keep the peace(es).
Bruce Lane, KC7GR,
Blue Feather Technologies
Why did his wife feel the need to carry a gun into a stadium of full people?
I'm not trolling, and it will probably be misconstrued as such, but perhaps people are completely missing the problem.
Lets say, that stadium comfortably holds 40,000 people. Lets say 1% of them have guns. Thats 4,000 people. I know small countries that don't have that level of armament. Chances are, if said wife pulled her gun (I still can't fathom a reason why), she would probably be shot dead by the other 3,999 people.
Sleep tight!
Hi, I Boris. Hear fix bear, yes?
in 2002 I bought a ford focus zx3, complete with a blinking red light on the dash, which the dealer refered to as an "anti-theft device."
The consulting algorithm:
1) Find out what they want. (They will ask for bells and whistles and not tell you core process basics.)
2) Figure out what they actually need. (Research their actual process and design improvements.)
3) Try to convince them to want what they actually need and change the spec go with that.
4) After step 3), give them what they now want, whether it's what they need or not. (Provided it's legal and ethical.)
And of course:
5) Profit!
They are the bosses / customers. They decide what to spend money on. You are the hireling. You agree to do what they want in trade for the fee they pay. After step 3) your moral and ethical obligations are discharged - and if your suggestions are good you've proved your worth. If they're smart they go with what you suggested - or know something about their business that you didn't and reject your suggestion on that basis. But if they decide to do something you think is stupid once they've been informed, it's their business, so it's their call.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
It's rather hard to believe that authorizing everyone to carry firearms can in any way make the society safer... Here, in Europe, if I met a girl who carries a pistol in her purse, I would immediately freak out and run away!
Kabuki
As illustrated in SCRUBS: Resident Kabuki Theater
It must have been something you assimilated. . . .
When people sign their credit cards "[See] Photo ID". All that does is slow things down, since any place that checks the card and makes you sign is still going to make you sign.
Often times in commercial property, card readers (and occupancy sensors) are a great way to determine if equipment (HVAC, lighting, water chillers) for a section the building actually need to be on. It's nothing nefarious, but it's not really security.
The office had a second door with a peep hole into the laundry. To give the camera an air of legitimacy, she sat in the office one night and made a note of everyone who came into the laundry. When they came in to pay their rent the next week, she mentioned that she saw them doing their laundry on the "tape" and asked about a fictitious mess that was left.
She managed to do this to a couple of the complex gossips, and never had a problem in there again.
I didn't think of that at the time. I did contact the local media though, and a few of them were interested in running a story about it. They lost that interest though when I wound up not being fined or charged with anything.
I was an intelligence analyst in the NJ Army National Guard until my contract ended in 2006.
We were deployed twice to protect Port Authority facilities around NY and NJ. On both deployment we had our weapons M16A2s or pistols. On our second deployment we were not given ammunition. Yes, we were walking around in uniforms holding empty rifles.
The best we could do is radio the Port Authority Police or possible club someone trying to steal our weapons. Our combat effectiveness was slightly above that of Nerf.
Welcome to the land of the free...pay toll ahead...no photography...please open your bag...
Back when Geo. Bush visited our little town a while back (Bellevue, WA), the Secret Service, with support from our illustrious local police force, provided the usual high visibility security detail around the Marriott Hotel.
About an hour before they were due to close the surrounding roads down, I found myself driving by the entrance to the facility. As I passed by, I observed the preparations including pedestrian barricades and police officers stationed every few dozen feet. I also happened to spot one of our local city hobos with his head in a dumpster in the adjacent alley, probably digging around for empty cans for the recycling fee.
Unchallenged by the cops, of course.
Like al Qaida doesn't have any bearded, disheveled-looking operatives available on their staff.
Have gnu, will travel.
Back in the mid-80s, a patient flipped out and attacked a doctor. After that, they brought in metal detectors that you had to pass through to get to the waiting room. These were kept in use for roughly 20 years, even though there were no more incidents. Not only that, they weren't at any of the entrances to the hospital itself; they were at the entrance to the waiting room for outpatients. That means that if you had a belt with a big buckle, you'd have to take it off to see your primary doctor, but if you wanted to go to the pharmacy or had an appointment in any other department you could walk in with a great big pocket knife, a leatherman or both if you felt like it. Every time I spoke to a manager or supervisor there, I complained about this, as did a number of other vets, and it was eventually stopped, although the machines are still there. Now, you have to show your ID to get into the building, as if that's going to do any good.
Good, inexpensive web hosting
In a similar vein, Microsoft file server passwords were originally checked only on the client, a fact which went undiscovered until Samba came along.
It wasn't just Microsoft. NFS at one point in my life was synonymous with "no fucking security". It trusted the UserID that you transmitted with it. UserID 0 was a handy value to use...
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
These things have bugged me for a long time. I mean, have they ever really been tested in court? The last time I checked, I couldn't find anything apart from "experts" recommending their use.
If I put a confidentiality notice on a postcard, is there a reasonable expectation of privacy?
Make no mistake, the TSA is not there for security purposes, if so, then the back end of the airport would be secure as well, it's not.
The TSA exists only to make sure you get good and used to being bullied by thugs with guns while having your rights violated.
No other reason.
My brother and I were flying out of the country for vacation, and we got stopped at luggage inspection. When the security guard angrily called us over, my brother turned pale, realizing he'd checked the wrong bag.
The guard shouted at him, yelling something about "the weapon" in his bag. He pulled out a 5 oz tube of sun block, and let us on the plane.
The reason my brother turned pale, wasn't because of the sun block. Resting directly underneath it was a 6 inch knife (don't ask me why he needed it for vacation). Apparently sun protection is a bigger risk than I thought.
Not having flown a commercial airliner recently, I'd completely forgotten about the liquid/aerosol rule and decided to carry my luggage onboard. After standing in line for awhile, I noticed the signs and remembered. Crap! I had my mouthwash, an aerosol can of deodorant, and my aerosol shaving cream with me. Given the length the line had grown to, I decided to just forgo those items than risk being late.
A bit about those three items. Both the shaving cream and deodorant were in aerosol cans, both larger than the size allowed, but obviously retail items. The mouthwash was too large as well, and was a generic amber bottle, about 14 or so ounces, with a prescription sticker (I have gingivitis).
I pull all three items out, and just tell the TSA guy that I know I need to toss them. He glances at all three and tells me I have to ditch the deodorant and the shaving cream, but I can keep the mouthwash.
Because it's prescription.
So, the two retail aerosol cans that are nearly impossible to inject anything into are verboten, but the amber bottle with the mystery liquid in it, that's okay, because it has a sticker with a Walgreens logo on it. Fan-fucking-tastic.
Coincidentally, http://thedailywtf.com/Articles/Overdue-Retirement.aspx.
Media that can be recorded and distributed can be recorded and distributed.
-kfg
Security systems that will let you in with nothing more than a fingerprint scan. Gee, what's more difficult: guessing the correct password within 3 attampts, or lifting a fingerprint and making a gelatin mold? (hint: see Mythbusters to see how difficult it isn't to create a gelatin mold)
Worked for Dorothy in "The Wizard of Oz" movie.http://en.wikipedia.org/wiki/The_Wizard_of_Oz_(1939_film)
"A confused Dorothy awakens to discover the house has been caught up in the twister. Through the bedroom window, she sees a parade of people fly by, including Miss Gulch, who seemingly transforms into a frightening witch. Moments later, the twister drops the house, Dorothy and Toto back onto solid ground."
Doesn't seem very controllable though.YMMV
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
Of course there are the obvious TSA stories, but I think the more common stuff may actually be worse.
Working as a contractor for a giant Electronics retailer that shall remain nameless, I saw a memo regarding their policy of searching people's bags as they left, and sometimes entered, the stores.
The public reason given for searching those who left the store was, of course, loss of merchandise. The public reason given for searching those entering was safety...
However the REAL reason for both of these, was to (paraphrasing from memory) 'Establish [company name] as the authority figure in the sales transaction and subsequent customer service encounters...'
Yikes! 'We're in charge here, we've got big scary minimum-wage thugs, You'd better Buy as we say!'
Now if that's not 'Security Theatre' at it's worst, I don't know what is....
=R
Separately, some of the fighters on multiple sides have used terrorist tactics against the civilian population, so they're terrorists. Some of those terrorists work for governments, and some are carpetbaggers who think they're part of a jihad.
And some of those fighters, terrorist or otherwise, not only don't like the US, but are getting good training and a great recruiting tool to get people to join them.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
At one of my previous jobs, the front entrance to the building consisted of two doors: an inner door and an outer door. The outer door was left unlocked during regular business hours, and was locked at all other times - if you needed evening or weekend access you would have to contact security and ask them to unlock it for you. The inner door had a keypad lock, and between the two doors was a phone and an employee directory so visitors could call someone and ask them to come open the inner door.
All in all, it was a reasonably secure system - admittedly, everyone using the same 3-digit code on the keypad lock isn't ultra-secure, but it would at least deter casual thieves.
However, management decided it wasn't secure enough. The solution: employee access cards! The old keypad was removed and replaced by a fancy new card reader... unfortunately, they put the card reader on the outer door. So now we have an inner door with no lock and an outer door that only employees can open - still pretty secure, right? Wait, we forgot: visitors need to be able to get past the outer door. Solution: leave the outer door unlocked during business hours.
In the name of increased security, we went from a half-decent system where only people who knew the door code could get in, to a system where anyone could walk right in the front door. Still, with all these fancy new access cards, the system must be more secure, right?
I'm so excited I just made water in my pantaloons!
I was told that only a doctor's office could fax a prescription in to "prevent fraud."
The original is a letter-sized piece of paper with the doctor's signature on it. If I wanted to be fraudulent, I could fake a prescription to look exactly like this piece of paper, and hand carry the fake to the pharmacy - no problem!
Sometimes it makes me crazy!
But Herr Heisenberg, how does the electron know when I'm looking?
Although I agree with what you say, that isn't what they're trying to avoid.
What would you rather HAVE to fight against in order to "save your life?"
A) knife
B) coke can
One thing i always like to mention is i carry a full size spyderco "police" knife with full seration. It's a rather long/large knife and some people don't even want to look at it because they get scared! Can you believe that? That being said, I can still get that passed security and metal detectors... i've always said someone who is smart can think about these checkpoints and get knives and other weapons through. It's always in the back of my mind that someone who isn't in the right frame of mind might be carrying the same as I am.
Anyways, like i said in the TSA competition to improve security and decrease wait time at security check points... you need more people that are better trained than technology, our eyes are very capable but the brains we have using them are lazy!
My abilities are only limited by my imagination
> People putting loaded handguns in their homes in the case of a wood-be
> assailant or robber breaking in.
I won't even bother trying to reason with you because it would only devolve into my statistics are better than yours, nyee nyaa. Been there, done that, you guys are immune to rational thought.
So I'll just ask you to put your ass where your propaganda is. Put a "Gun Free Zone" sign in your yard. Better, get all yer loony neighbors to make your whole neighborhood a Gun Free Zone.
Democrat delenda est
Patriot Act, DHS, color coded security threat levels, etc.
I once had a bicycle that was equipped with an "anti-theft" chip. So when it was stolen, I was wondering what that chip actually is and how it could help in getting my bike back. I was surprised to learn it is some kind of RFID chip located inside the lock.
Mutual Assured Destruction?
Some privacy policy Slashdot.
For the longest time, I was on the "do not fly" list. I never knew why, but my name is very common. Turns out somebody used an alias the same as my name in the Bahamas to commit international wire fraud - I found this out when it took 6 hours to open a $100 bank account. It wasn't identity theft - just coincidence.
So here I am, not only taking my shoes off, but also being escorted to the back room for the "enhanced" security check every time I fly on an airliner. The only problem is that I'm an FAA-licensed pilot, and have all the clearance to enter just about any area of the airport! (once I get past the extended searchdown, that is)
What a joke...
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Whatever the reason that the 'guard' was searching handbags, the fact remains that discovering that someone has a gun puts you in the position of immediately deciding what you are going to do if the person with the gun doesn't want you to know about it or inform anyone else about it.
If they have the gun and you don't have one, all the more reason to just be cool about the situation. If you find someone with a gun in America and they are white middle-class, then there's a good chance that you could lose your job by hassling them about it. If you find someone with a gun in America and they are not white middle-class, then there's a good chance that you could lose your life by hassling them about it.
Either way, it's easier to be Mr. Righteous Bad Ass Security Guard with someone with illegal potato chips than someone with a gun. At least it is for me.
I've read a lot of replies that said that TSA security checks were theatre, and they're right, but nobody has mentioned the requirement to present identification. To me, this is the most glaring bit of airline security theatre, because it has almost no security value at all, but a huge ulterior motive for the airlines.
There are times when I get bad data and don't know how to react. So I throw up an error dialog (complete with exclaimation point) that explains what happened (in English) and that now would be a good time to save your work and restart. I have internal users complain that things act funny, when I go to their desk to watch them reproduce it, they get one of my messages. I then read the box to them, and they don't even notice I'm reading off of the screen.
It cuts down on my debugging time at least.
Oh, and to those who ask why I don't point out the box, their (and our mutual boss's) opinion is that no one reads error dialogs.
Your ad here. Ask me how!
I was withdrawing some money from an online gambling site. They phoned me for some reason and I had to give the answer to my 'secret question' to validate who I was. Problem was I had no idea what it was. It was like a game of 20 questions... "I have no idea...is it a name?" "No" "A place?" "Yes" "A city?" "Yes" and so on...
"Physics is to math as sex is to masturbation." -R. Feynman
I used to drive an old farm pickup most of the time. (I never had to worry about another dent in it.)
Whenever I had to park it in a high crime area, I made a big show of locking the door even though the lock did not work. But I figured if someone saw me get out and close the door behind me without locking it, they'd figure it was certainly unlocked since pickups of that vintage did not lock automatically and maybe just go after it on general principle.
I wasn't as worried about someone coming along testing the doors to see if any were unlocked. They'd probably skip it anyway.
Noone ever broke into it in spite of the several hundred dollars worth of tools under the seat.
I also used to park it next to the cafeteria on campus. If it was raining when the workers there would get off work, some of the workers would wait in it for their rides. They never stole or damaged anything so that didn't bother me at all.
By making sure only food purchased from the concessions is consumed at ball games, we make sure the poisoning is more evenly spread.
The way my team has been doing, a quick death from poisoning has to be preferable to watching them play an entire game.
Squirrel!
I fly every week as part of my job. One trip I left a large tactical folder (big scary knife with serrated edges) in my backpack and had forgotten about it. I made it through security screening to my destination and back without it getting detected (For those who can't figure it out, I was on the plane with a knife). While waiting for the plane, I opened my bag to get something and noticed the huge knife. I was shocked. After a few minutes of contemplating and looking at my bag contents, I realized how they missed it. I flew 6 more trips without it being caught. Finally one screener noticed something and had three other people come look at it. Nobody could identify the knife so they ended up searching the bag. The guy searching the bag almost missed it also. Sad. I won't say how I did it, but I feel pretty confident that with a few other mules to carry dissemble parts, I could get a gun or something on a plane pretty easy. I told the TSA supervisor exactly how I did it, he didn't seem interested at all and acted like I was wasting his time. Very sad...
How about situations where you expect there to be at least some security "theater," but when you get there there is no performance at all?
My elderly mother has been in and out of the major hospital in our city quite a few times over the last decade. You name a part of the building, she's been there: ER, ICU, various floors and wards, various testing and imaging areas, the adjacent short-term rehab facility, etc. Because I am such a nice son, I frequently visit her when she's there. Amazingly, no matter where I wander in that huge facility, no matter the time of day or night, no matter how I am dressed (in the most casual mode, I probably resemble a homeless man) I have never been stopped, challenged, or questioned about my intentions. The ONLY exception is the ER treatment area, and that probably because they simply don't want kibitzers getting in the way. Hospitals, at the very least, used to enforce visiting hours, and restrict visitors to immediate family and/or people specifically authorized or requested by the patient. Every time I have found myself wandering around the hospital (it's easy to get lost in that large and poorly-designed thing) trying to find where they have moved my mother or where she is having some test done, I often think how I could be ANYBODY, and with the vilest of intentions, and no one would stop me. You'd think they'd at least manufacture a reasonable facade of security: a uniformed security guard or two (I have never seen a single one) at the main entrances, checking an ID when entering certain areas or wings, having to check in with the nursing station before entering a patient's room, etc. But....nothing.
"Every great cause begins as a movement, becomes a business, and eventually degenerates into a racket." -- Eric Hoffer
Like good /.ers we seem to be mostly deriding the fact that theatre is used instead of "proper" security. As is not wrong. Though I beleive that good theatre is actually one of the best forms of security.
By giving the impression that a security breach is difficult to acheive you will deter 99%+ of people. By implying that breaching the security will incur severe penalties; you will discourage 99.9%+ of people. That leaves the very small percentage that you would probably have been dealing with anyway but you spent less money.
Take the Houses of Parliament in the UK as a great example. I've seen men dressed in super hero outfits and pregnant women unfolding banners from the roof on national televison, so obviously security isn't that great. But when walking past the place with 10,000 camera's pointed at me and machine gun toting police every 5 yards I don't feel particularly keen to test it.
My (then pregnant) wife got rear-ended on the freeway by a medium size rental car. In the car were three female Department of Homeland Security lawyers. Needless to say, they were very nice and horrified with what had occurred (my wife was fine fortunately).
We started the process of getting reimbursed through the DHS. We found that a lot of stuff had to be sent in within a very, very short time period, and if the DHS hasn't responded to you in six months, then they aren't required to at all.
Yes, you read that right. Basically they can (through proxy) damage your property, make you jump through hoops, then, without any fault of your own, simply ignore the fact that anything ever happened, and you are powerless to do anything about it. We have tried calling multiple times to their posted phone numbers without success. We filed through our insurance agent because she thought (through prior experience) we wouldn't get reimbursed - and at least if DHS didnt' cover us then our insurance company would. It's nearly the 6 month mark or more now, and no word.
All computers scattered all over a county are hand configured; there is no DHCP. Reason given: security.
All computers are required to have only Internet Explorer 6. Reason given: security.
All computers have their CD-Rom drive disabled. Reason given: security.
All computers allow USB flash drives. Reason given: security.
We're not scared because the knife has a serrated edge. We're scared of crazy motherfuckers who wander around and "always like to mention" that they're carrying around a big goddamn knife. We think you're the freaky weirdo who's going to flip out one day and start filleting people because the government's mind rays are becoming too powerful for your tinfoil-lined hat. And we don't find it comforting that you'll be there to protect us from criminals. We just kind of wish you'd go away.
BTW, what do you mean "at one point"? I thought NFS still accepted UID for filesystem permisson purposes, unless you have the "secure" option set, which then it requires one to "keylogin".
But what does a positive correlation between suicide and gun ownership really mean? Do guns cause people to commit suicide? Or do suicidal people actively seek guns? Furthermore, if suicidal people were unable to obtain guns, does such a correlation imply that they would then NOT commit suicide? Or is it possible that these people would simply find another method?
Again, what does this correlation mean? Are guns causing these people to be murdered? Isn't it possible that people more likely to be murdered (because of their career, neighborhood, lifestyle, etc.) own guns out of the legitimate fears for their safety? Furthermore, if these people did not own guns, does such a correlation suggest that lives would have been saved? (I personally find it hard to believe that someone would kill you simply because you owned a gun, but I digress...)
Simply pointing to the correlation between gun ownership and suicide or the likelihood of being murdered as arguments against gun ownership are rather weak and generally an intellectually dishonest tactic to imply conclusions that don't actually fit the data.
-Grym
Otherwise, why imprison kidnappers but not doctors who treated patients who died?
You know, the preview button gives you a chance to think about the content of your post, not just its formatting.
If you say, "now I'll be modded down because of X", I'll happily oblige.
During the 2004 election circuit, GW Bush came to the town next to the one I live in, and gave a stump speech in a gym. The HS band I played in at the time was invited to come and play at the event.
We came in uniform, and of course our uniforms have little metal bits all around them. We were sent through metal detectors, but after about 3 kids (out of 300 in the band and colorguard), they stopped caring if you beeped or not. It would have been easy to bring in a weapon.
The worst part was that once we were inside, the Secret Service said we couldnt play when the pres was in the building, so that they could hear if a gun was fired. When he got there, they ended up blaring a recorded version of the national anthem on their setup speakers at a much louder volume then we could have produced!
I dunno, man. There's a whole lot of amazing confidence in these broad statements:
/. and all, but perhaps there's something to be said for following the same standards of knowing what the f*** you're talking about before you open your mouth that folks here demand of others when they, for example, opine or legislate on tech issues. Otherwise the general perception of this crowd as pointy-headed geeks who are immature children outside their area of professional expertise is...well, justified.
The reason that America hasn't been subsequently attacked had nothing to do with punishing the silly, stupid Taleban in Afghanistan, or fomenting a war in Iraq.
No subsequent acts have occurred for any number of reasons, almost none of which have to do with the wars, as the wars were about pride and oil.
And you know this because....? Because you're tight with the top thinkers inside al Qaeda? You've got good contacts in the backcountry of Pakistan? You speak all the relevant languages and have access to intelligence intercepts of the phone conversations? You've spent two decades studying the history of terrorism from original sources, interviewing suspects and counter-terrorism agents?
Or is it just that these conclusions seems reasonable to you, based on your average-Joe reading of the news and your common sense (supplemented of course by your ideology)?
I'm not saying you're wrong, because I don't have access to all the information necessary to make a judgment one way or the other, and I know that.
But I daresay if some politician made some equally sweeping general statement about why Microsoft is despised by Linux groupies, or whether or not the GNU license model made sense or not, based on a similar combination of what's in the nightly TV news plus his own "gut instinct," you'd jump all over him for being an arrogant ass and speaking far more assuredly than he should about stuff that is for the most part completely outside of his experience.
I realize this is
In stark contrast to this were the Condition Orange procedures at our local Federal Reserve branch. There I was required to exit my vehicle and ring a bell, at which point an armed guard in body armor would emerge and search my and my vehicle.
While I'd object to that level of scrutiny as a private citizen going about his way, I welcomed it in the context of passing through an honest-to-god secure checkpoint on official business in a secure area. It was nice to know that at least somebody wasn't half-assing.
Of course the first would be the most terrifying. Never had to deal with an assailant with a woodie before and woodn't[sic] know what to do were I confronted with one.
I had a contract at a high security government site. At one location an MP actually had a M16 pointed at me while I worked but that's a different story. At this location the computer room was raised and had a ramp leading to a secure door. Not having the proper card to get in I always needed an escort for access. The problem was no one was ever around when I needed in.
One day after waiting 45 minutes for my escort I had an idea. I lifted one of the tiles in front of the door, slipped under and came up the other side of the raised floor. Another 45 minutes and my escort finely arrived beside himself I was already in the room. He lectured me about Top Secret this and Top Secret that, the ramifications and had to know how I got in... So I told him. They installed a barrier under the floor.
The next time it happened I looked up and saw a tile ceiling. The lecture worked because I didn't go over but I was tempted.
-[d]-
I worked at an office "secured" with a high-tech palm scanner connected to an electronic door lock. Very futuristic. Unfortunately for actual security, you could simply turn right instead of left when you got to the top of the stairs, and walk around to the other side of the "secure" door.
Several laptops were eventually stolen by some random guy that just walked in, picked them up, and casually left.
But then you were like, "I'm sure Hansel's heard of styling gel," like you DIDN'T know!
Shop as usual. And avoid panic buying.
The wife & I were on our first (and probably only) cruise this January. To board the first time, we had to go through three checkpoints; one inside the harbour building, then once at the first end of the boarding ramp, then *again* at the ship-side end of the boarding ramp. There were absolutely NO entries or exits accessible after passing the initial checkpoint.
At each port of call, returning to the ship required two checkpoints at each end of the boarding tube.. again, no entries or exits, so they were just checking if someone magically transmuted into a terrorist in the 300 yards or so along the closed ramp. Totally useless.
No body pat-downs either, but all bags had to be put through a scanner -- obviously to prevent cheap drinks making their way onto the ship, which is all they really cared about.
ERROR 144 - REBOOT ?
Nah. A Fremen.
Shop as usual. And avoid panic buying.
Chase.com: They have the most annoying system where you have to call them and authorize whenever you try to login from a new IP address, and yet they send your password in cleartext!. (The login page is on the homepage and is not https. Every other credit card company I use has a https homepage...) I complained about it years ago but they still haven't done anything about it, except for adding the way overdone IP authorization feature!
In a related note, how come none of the credit card companies let you use special characters in your password? Do they want hackers to guess it?
I saw that on 4chan, too.
There's more theater than real security. Examples and anecdotes are legion. Its very nature lends itself to being a favorite haunt of every huckster and charlatan born. So long as people swallow the idea that more secrecy is always more security, they'll be in there, unintentionally demonstrating the many ways that isn't true.
Here are a few of my favorites:
The intentional confusion of secrecy with security. Too often these are used to cover up problems or corruption or illegal spying. They're used shore up fundamentally flawed insecure systems, as Diebold and other voting machine vendors have tried. There's withholding of info from people who have the right and really do need to know by claiming they don't, for purposes of weakening their position (perhaps they work for a someone who could be a competitor). We may never know all the details of the reasons Cheney tries so hard to keep everything secret, as in that time he went way over the top by claiming the vice presidency was not part of the executive branch. "It's not a bug, it's a feature" is improved by claiming it's not just a feature, but a security feature!
The confusion between security for everyone, and security for small groups against everyone. Specifically, DRM, and the ludicrous claims that DRM enhances our security!
The login dialog. "Pressing ctrl-alt-delete to log in makes your computer more secure!" No, no it doesn't! Encrypting the hard drive with a secure key does. Then having to log in would actually be a little real security. If it's not encrypted, all the login does is ask you to tell who you are, just to keep things organized, not secure.
Arbitrary password requirements. Must be 8 characters long (but no more?!!), must have at least 1 capital letter, 1 lower case letter, 1 number, and 1 "special" (non-alphanumeric) character.
The password isn't good enough! (And that after you've put in all these special characters they demanded.) Answer these questions too! What is your mother's maiden name? What city was your father's brother's former roommate's 2nd cousin's spouse born in?
WGA being passed off as a "critical security update".
Door locks on convertibles. Enough said.
Security cameras trained on doors with badge readers, or locks on office doors, that can all be bypassed by going over the top because the wall stops at the ceiling tiles, not the real ceiling.
File cabinet and desk locks that can be jimmied by anyone, in 15 seconds, with a paper clip.
The keyboard lock that was common on early PCs.
Intellectual Property is a monopolistic, selfish, and defective concept. It is "tyranny over the mind of man"
My wife used to work for a Perkin-Elmer lab in California. Front desk security was charged with searching all bags, boxes, etc. -- anything carried by an employee on the way in and out of the building -- EXCEPT purses (they might contains tampons, which could embarrass a lady) or briefcases (they might contain top secret business data, I guess, which could embarrass a man, or anyone carrying a briefcase). The policy made no sense whatsoever. She carried a small backpack because it was more convenient than a purse, though about the same size, and had to put up with having it searched all the time. When she pointed out the stupidity of these exceptions, she was told that she was risking her job (by demonstrating to management that it was dumb as a fucking stump). What were they actually searching for? Who knows. But if it could be got in or out in a purse or briefcase, they never would have found it.
I piss off bigots.
Hehe. One of the incidents that prompted me to ask this question was my own experience at Disney World two weeks ago.
The friendly security guard carefully looked through my backpack, even making me pull the cover off my camera to check that it wasn't dangerous, and then passed us on in. So the only thing the guard was keeping out was weapons in bags. Weapons carried on the body sail right in.
As someone who frequently (and legally) carries a gun hidden on my body, the situation just made me shake my head.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Have any of you heard what happens if you get caught with a box cutter in an airport? Well, I'll tell you. I accidentally left some tools in the side-pockets of my backpack after a camping trip. One of them was a honest-to-God Sears box cutter. Not any of that dayglo plastic crap--this thing could bludgeon as well as it could cut.
So, I'm at the airport, ready to board an international flight with that same backpack. To their credit, the security checkpoint found the thing, but what do you think they did? Nothing! No taking down names and numbers, no "Why don't you have a seat over there?"--nothing. They just threw it in a big red bucket with, among other things, at least two other bright orange box cutters.
Now, seeing as how I was just trying to get to Frankfurt in one piece and that it was an honest mistake, they did the right thing. But what other than "security theater" can you call it if you've set up the infrastructure to catch box cutter-wielding hijackers (whether that's a threat or not), and you just let folks on after anonymously checking their cutlery.
My company did some contract work with contract work with a Motorola group out in Phoenix. This was a commercial project but for some reason the offices were in the middle of a secure Northrop Grumman facility. Motorola failed to tell us this. I show up with the other contractor, a exceedingly bright and very likeable guy ... who happened to be British. As soon as the NG staff found out, they were hell bent on throwing him out. This guy had been an officer in the RAF, had security clearance in GB and had basic security clearance here in the US but as soon as they found out he wasn't a US citizen they went berserk. The best part about it was they asked me if I was a US citizen "Yes" (I am)... and that was that. They didn't actually ask me for any proof and there was no question of security clearance at all.
We finally struck an "agreement" where he had to be escorted by NG security personal when he was outside of the Motorola area. Which included the restrooms and the dining hall.
We only put him through two weeks of that b.s. before we shuffled assignments. He got sent off to Vegas while I was stuck in Phoenix. Figures :p
It was well documented and everyone knew about it. There's no theater if there's no deception.
don't work.
-- Programming with boost is like building a house with lego. It's a cool but I wouldn't want to live in it
That's not a case of security theater, that is just a case of someone using the wrong tool for the job.
If you want authentication on top of sharing files over a network, there are other options for that, none of which is NFS alone.
Granted today NFS tries to take authentication into the picture as well, but originally that was not its intent.
There are now addons to it (such as keylogin) which can be used, and of course one can run NFS over a VPN which handles the authentication and possibly even encryption if you wish.
Generally, airlines and airports have many "security" measures which have nothing to do with security.
1. economy passengers must use the lavatories to the back of the plane. I recall the 9/11 hijackers flew first class... In any case, the steel cockpit door is locked, right?
2. ID is required to fly. On some flights, you get to show your ID again at the gate. This has nothing to do with security and everything to do with the airlines ensuring there is no secondary market for flight tickets.
3. An oft heard question is "Sir, do you have any liquids" (because I couldn't find them if I tried). I've boarded flights with liquids that were never found. It's very hit or miss. To the TSA agent reading slashdot, come get me!
4. Finding liquids causes no harm. A would be attacker can keep trying to smuggle liquids on board until he succeeds. The worst that happens is that his special brew gets dumped a few times.
5. Dim, poorly trained and paid TSA screeners. I've seen many verboten items make it to flights (a diving knife for example).
... it's "theater".
It may be the visible portion of a security system, it may be a visible representation of a similar system, it may be a visible deflection from a different system, or it may be a complete fabrication meant to fool you into thinking there's a system in place.
Only in the first case does the theater and the actuality coincide. In the second, it is theater designed to allow the system to "hide in plain sight". The third is the "card game", with the false front often being designed as a "straw man" that can fall without the actual system failing. The article implies the last of these in its use of the term, but all are "theater" in that public perception matters.
In any case, a real security system operates unseen, because its own security system is the visible portion, whether real, constructed or imagined.
BTW, one can easily and with equal validity substitute "authority" for "security".
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
Ok, this was a long time ago, long before 9/11 but: I was a bike messenger in Baltimore, MD one summer. The city courthouse had metal detectors at the front door, naturally. A bike messenger carries oodles of metal: Bike lock, keys, various buckles, change for the payphone (remember those?) so we set off the detector every time. The guards just let all the bike messengers go through unchallenged. Imagine the piles of shotguns, explosives and whatnot that you could fit into one of those huge messenger bags? But get this: we were all required to leave our bike helmets at the front desk, because it was against some rule to wear a helmet in the building. So, any observant crook would just have to dress up as a bike messenger, load up with weapons, and just make sure to leave that pesky helmet at the desk!
Nonetheless, I know people who continue to use it. Typically, they have a device that can't sign in to WPA, or an access point that doesn't support it. The rationale is generally that anyone looking for a wireless network for whatever reason will pass over the WEP protected network and hop on to a neighbor's open network.
Thank you. There seem to be so many people who have bought the propaganda to the point that they no longer understand what some words mean, or perhaps they never knew so the definitions have been defined by propaganda.
Insurgents rebel against legal authority, they are individuals within a group that rebel against the group. People from one country who attack another are generally invaders, aggressors or terrorists depending on the scale, government involvement and nature of the attacks.
The US has not experienced an insurgency in Iraq. The Iraqi government has, but that government is of dubious standing in Iraq given that it has been installed by an illegal invader. Hypothetically reverse the conflict and ask yourself if someone invaded the US and installed the government they wanted, would you fight against it or simply accept it? If you would answer the former, you could well be labelled a "terrorist insurgent", or "resistance fighter" depending on the political standpoint of the labeler.
Not many monitors or practitioners of international law consider the invasion of Iraq legal, close to zero. There was no UN mandate to support it, there were mandates supporting the use of force but they were irrelevant to the situation at the time. The only people who argue that it was legal are American neo-cons, hardly known for their understanding or respect of international law, their cronies and idiots who buy the propaganda.
Please re-read the dictionary because while the definition of terrorist has changed recently, the definition of insurgent has not yet been corrupted in the good book.
I don't therefore I'm not.
He didn't start his post sound like a pathetic grovelling little worm!!!
I don't therefore I'm not.
It has nothing to do with security against violence, but I couldn't help noticing at the Lihu'e airport that the guy manning the agriculture inspection machine was just staring off into space as travelers' bags went through his machine. Wondering what he was supposed to be doing, I watched the display he was sitting at. It showed a colorful image of two bags. A static image. An image that did not change at all as bag after bag went through the machine. In fact, I watched him for at least five minutes as my line at the ticket counter inched along, and nothing on the display or any other part of the machine changed at all as the bags went through. He just sat there staring at the wall.
The only "security" was provided by the workers who asked each traveler whether they were carrying any fresh fruits or vegetables. I guess flowers, seeds, and cuttings were okay -- they only only asked about fresh fruits and vegetables.
To top it off, the agents who questioned travelers were not like the evil-eyed Border Patrol checkpoint guys who are ready to call for backup and a dog if your cheek twitches. They were dull, shrinking teenage girls who probably made minimum wage and would rather lose their job than make a tourist angry. If I had said, "Yeah, I've got a papaya in here, so what?" they probably would have laughed and pretended I was kidding.
Thankfully, the agricultural inspection only took about thirty seconds, or I would have been pissed about the waste of time.
(posting anonymously for obvious reasons)
My employer has fancy infrared cameras that aren't hooked up to anything.
SuperNAP ;)
The security seems tight, but the author makes allusions to it being just for show. Why would an as yet unheard of company with such sensitive (and one can assume lucrative) government contracts suddenly make itself public? Maybe the government contracts aren't so sensitive or lucrative, and maybe the company isn't so successful financially? Got to put on a good show for potential investors.
In what state did the OP's story take place? In some states, the ballpark may not have had the authority to ban legally-carried firearms; it may also have been their policy to prohibit only unlawfully-carried firearms; the permit would have covered that.
Of course, for security theater, I'd say the no-guns policy itself is just for show. Does anybody really believe that somebody intent on murder is really going to be deterred by a sign? If so, why not just post a sign saying "no murder?"
Forbidding carry-under-permit is theater if the place allows cops entry; permit holders are statistically less likely to commit a crime than police officers, and much less likely than the average citizen.
"Make it ten--I am only a poor corrupt official."
--Captain Louis Renault (Claude Rains), Casablanca
I spent an entire year of my life as a security guard. My job was to guard a potato proccessing plant from 11pm to 7am every night. Frozen fries don't attract many criminals.
(Quotes are paraphrases)
(Yes, I have emails to back this up and CTV and Global has on-line articles to corroborate the facts below)
A while back at the University of Winnipeg some delinquent wrote that (s)he would "shoot this place up" on a specific date at a specific time. After that, the University's President Lloyd Axworthy said that "Universities are under attack." Which is rather an embarrassing statement. There is a profound difference between bad things happening AT Universities and bad thing happening TO Universities. Universities are certainly NOT under attack.
They at least planned the typical impotent measures. Namely, more CCTV, bag checks, etc. Nothing that would actually improve security. Worse yet, I personally emailed them not only telling them of this, but I provided recent real world examples of these measures not working. Point of fact, the answer that I got from Lesely Thomson (Senior Executive Officer & Advisor to the President) was that (exact quote) "we will now have a new "normal" and we are in the process of establishing that." You know, mandatory bag checks at entrances that create bottlenecks enough to create proverbial fish in barrel. Nice work.
But, here's a kicker. The same things were happening at Brandon University (and I believe that the University of Manitoba as well). All of this and the President of the Student Unions at both BU and the UofW were quoted as happy with the reaction and found it completely appropriate. I was also still subscribed to the UWMSSA mailing list and its President encouraged co-operation of these nonsensical measures. I'd expect better from a Math person given the high level of critical thought required in that discipline. I also cc'd both UofW student reps and got zero replies from them (at least that I saw).
The entire episode was a ridiculous over reaction with profoundly negative impacts for our future. One of the pillars of society, our educational institutions, had fallen that day. When the world of education and critical thought can't use what it apparently teaches... such things are so very disturbing.
I was flying with my wife. A big black guy and I were called over to the side of the door before boarding started. We were forced to be wanded and patted down the entire time the plane was being boarded. Right next to the boarding door.
This was after having to pass through the main security line and having everything X-rayed and metal detected once already. It was obvious that they weren't even looking for anything, just passing time so that the other passengers could see that the big scary men were being searched extra specially well.
One of the big ugly male security guards cupped my penis and balls through my pants during the search. For several seconds. There was motion like he was weighing what he found. I told him that usually a man has to buy me dinner before I let him touch me there. He just glared at me.
Good times.
Some 3 weeks after 9/11, I was flying from PHX to SJO and had my toenail clipper confiscated by airport security.
As I walked to the gate and sat in the waiting area, I spied a very-cute young blonde. I sat next to her and noticed that she was knitting.
I asked what she was making, and in the process of telling me, she explained that the needles she was using were 16" long and made of stainless steel.
I was so struck with the absurdity of the situation that I became flustered, and unable to secure her phone number.
Actually+, I think all sentences should be punctuated so as to indicate tone` We could reform the world^ /Everyone knows how beautiful% perl scripts are---why hasn't this spread to the rest of printed# text? It could@ do &wonders for ==human.computer interaction!_ ))Just think: with{everything so clear,$we,could,see+world+`peace]`within&&our$lifetime! \|Misundersta%%ndings %{in*^written)()communi+[cation,"would@become^things&of the past@@
--TheOrangeSquid Is it any wonder things seem so awry? We swim in a sea of confusion and don't have to think to survive
I used to be a customer of many colo facilities back in the dot-com days. Above.Net, Exodus, GlobalCrossing etc... Anyhow, at one Exodus facility to get to the second floor via the stairs you had to:
1. Go through a keycard and palm reader.
2. Enter the stairwell / climb stairs
3. Go through yet ANOTHER keycard and palm reader.
The worst part? Exodus had some 65+ yr old security guard sitting in the stairwell all day and all night long.
Actually the worst part was they made this poor guy sit there even when they were painting the stairwell.
How about those chainlink fences the colos use? Many dotcommers used those to anchor KVM cables to. Nothing's going to stop you from walking by and pulling a few cables out of a server/switch. Or using a $.50 squirt guy to take down a web farm.
Or the fact that I'd never seen Exodus clean the 'palm reader' once. Nothing like having some moron not wash his (there were no women in colos during the dotcom days) hands and then you have to follow him to the palm reader.
Some of the colos had "shared cages", whereby you rented space by the rack or half rack. So you could be sharing a powerstrip with some random customer.
I also worked with a SSP (Storage Service Provider), they claimed they encrypted and then vaulted tapes to a remote (60mi away) Iron Mountain facility. The problem? Netbackup didn't support hardware encryption and the vaulting facility was 5mi away. Also, most of the time this SSP kept your tapes in the same cage in boxes piled up.
It makes sense when you realize two things: First of all, all the newfangled terror security is fake and lipservice at best, and second, security (and lack thereof) and risk is a game of chances.
The only reason airports readily jumped the terror hype train was that they were paid to do just that. And they will do whatever bare minimum is required to fulfill the required duties to retain that money.
And second, the chance that this medicine is some sort of explosive is minuscle compared to the chance that this is actually some sort of medicine required to keep you healthy and/or alive. And since the brainiac working at security there (remember, bare minimum) usually can't offer the intelligence required to discriminate between absolutely necessary medicine and feelgood stuff, his standing order is to let everyone in with medical supplies.
No, that doesn't make sense. Yes, a terrorist would probably use that venue (or some of the other glaring holes in airport security). But what for? Why bother trying to blow up a plane when there are so many other things that are by heaps less well secured?
The whole airport anti-terror security is just a money making scam.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
19 guys that weren't from Iraq?
Nice math.
Actually, I laughed. I think only you didn't get it, which according to the general rules of society, makes you wrong. And a dick. Congrats.
I think there's a story about ITS and its passwords in the book "Hackers" by Steven Levy http://www.stevenlevy.com/index.php/other-books/hackers I can't remember for sure though... I haven't read it in a while...
Here is Southern Ontario, we have two problems: tigers and elephants. The former eat our pets and can be dangerous to children in backyards. The latter wreaks havoc on our lawns.
...
...
I sprinkle pepper on the lawn and have some special rocks that I put in front of the house.
Both these procedures keep tigers and elephants away, and so far, they have been 100% effective
Yes, security theatre does work
2bits.com, Inc: Drupal, WordPress, and LAMP performance tuning.
Scenario 2: My wife puts camera in one coat pocket, Ipod in second, cell in third along with the collapsed purse, and walks right through security.
Makes. Me. Crazy.
At the local High School, here in rural south Georgia where just about everybody has a pickup that could scale Mt. Everest without so much as breaking a sweat, the parking lot is in the middle of a field whose elevation change can be measured in microns. Just an island of asphalt with a sea of grass lapping at its black beaches. There one two-lane asphalt road leading up to the parking lot, similarly drenched in fields.
There is no seawall, no fence, no border of any sort. Except where the road meets the lot, however. Here there is a small aluminum swinging gate which is faithfully unlocked and opened half an hour before school starts and ends, and locked back half an hour before school starts and after school ends.
It is there, of course, to keep students from skipping class by driving off campus...
It depends on where you are, how quickly police can get to you, etc. Don't forget that there are large parts of the country where the nearest cop may be an hour away. Or both of them might be busy handling another situation.
This happened outside of Denver a few months ago. Scumbag with long criminal record broke into a not-quite-empty house, and continued struggling with homeowner even after he was (allegedly) repeatedly told that he could just walk away -- he said the homeowner would shoot him in the back.
The homeowner eventually managed to reach one of his guns. The intruder no longer had to worry about hypothetical situations. The homeowner doesn't have to worry about the intruder's true intentions. He doesn't have to worry about the law either since Colorado law gives broad protection to homeowners.
IIRC the news said it did take the police about an hour to arrive. This situation might not be common, but it does happen.
I'm -not- saying that guns are always a good idea. In fact, I agree that most urban and suburban residents would probably be better off without them. But you can't make broad statements. Millions of people live far from police assistance, millions of people have specific threats, etc.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
One thing you don't realize when you see it on television is just how big the garden is, and how far away the fence is.
But that's by the by. As I was walking around the boundary fence, I noticed a security guard, armed with what appeared to be a shotgun, hiding behind a bush. What was even stranger, he was attempting to, but failing, to hide from me, armed with what was obviously a digital camera and nothing else.
I continued walking around a bit, looking at him. He continued to edge around the particular shrub; again, trying, and failing, to keep out of my view.
It was so patently absurd that I felt like taking a photo of the scene, but given that the guy was carrying a shotgun and this was the White House, I thought it might be prudent to ask first.
So, I called out to the guy "excuse me, but do you mind if I take a photo"?
The reply comes back "no, don't take one". And he tries even harder, and fails, to hide himself.
This is despite the fact that anybody with a pair of binoculars, or a long lens camera, would have easily spotted the bloke from several hundred yards away. The Secret Service must, of course, know this, and probably had two other armed guards I hadn't spotted watching me.
For the life of me, I still don't understand what this guy was trying to achieve hiding behind the shrubbery. Look, everybody expects there to be guards in the White House gardens, some of whom you'll see, some of whom you won't unless you try something insanely stupid. But this whole hide-and-seek routine made absolutely no sense at all.
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
Applying for a work visa in the USA requires male applicants between 16 and 40 to fill out a supplemental form that asks for details of prior military experience (either as a combatant or a civilian), and any nuclear, biological or chemical weapons experience. There are too many problems with this retarded fucking system to count, here are a couple to get you started:
1. This is the 21st fucking century. What, are women incapable of understanding all that nucular stuff? Females aren't a threat?
2. Anyone over 40 is not even worth questioning?
3. Even if you are part of the tiny demographic that are even questioned, does Immigration think undesirables are going to tell the fucking truth on the application form?
sustainable living
The local District Court is where (alleged) criminals appear after arrest and in subsequent stages. They've been increasing security for a few years. At one stage they had security scanners at the front door but not other doors, leading to a situation where you could go in another door, through a little known but public set of stairs and corridors and be inside the security cordon with no checks at all. Now they fixed that, but the checking gets packed up at about 10:15 (at the latest) after court starts for the day. Most crims don't actually have to be there at 10:00 as there case probably won't get called first. So if they hang around until 10:15 they avoid the search. Crazy. Mind you I did hear of the security guys balling out a uniformed cop the other day for ducking under the barrier rather than going through the scanner. Nice to see them being even handedly inefficient.
I went to a Cubs game in April 2002, and the search they did on purses involved sticking what appeared to be the barrel of a baseball bat into the purse and stirring it a bit.
No clue what they were actually hoping to achieve there.
Also, Amtrak's security has seemed to rely entirely on checking ID (because the TSA tells them to, apparently) every time I've traveled by train. Not sure exactly how that's supposed to achieve anything.
Comment removed based on user account deletion
i find it frankly insulting that the op compared hitler with hussein.
When a support admin threatened to permanently kick him off of the system, he replied "That's OK. I won't be alive tomorrow."
Hmm... Elevated threat level, warnings of possible suicide attacks in the next day or so, and a fundamentalist muslim kid warning that he intends to die roughly in that time frame.... Sounds like something worth investigating (if only because we've got a kid that seems to be threatening to kill himeslf ... terrorism or no).
Being a Canadian, I call the Canadian 1-800 terrorism tip line (remember ... less than 6 months since 9/11) and find that it's been disconnected.
I then turn to US sources, and try to leave information in various places. Then I turn to the local US Consulate and leave an urgent message. After about 24 hours of trying various routes (both Canadian and US), I finally get a callback from a completely disinterested consular official who pretty much has the attitude of "explain to me why I shouldn't hang up on you".
Less than 6 months after 9/11, an orange threat level, and a suicidal fanatic on my site, and I'm fighting to explain why a US official should even take a report from me. "call us with any tips you might have" ... Yea, right!
That was the last time I took post 9/11 security fanaticism seriously. (other than as a threat to my civil rights).
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
Egypt does security theatre routinely. The antiquities sites all have metal detectors on the entrances. They are all turned on and the guards make visitors walk thorugh. The alarms go off for maybe a third of the visitors - coins, belt buckles etc., nothing bad. The attendants never check visitors who set of the alarms. They treat the detectors like some magic amulet that wards off evil; no human intervention needed.
I used to work at a major telco, and as I was logging in to one of their legacy systems through a terminal, I noticed that the password field didn't show the usual **** stars, but rather stayed blank. Intrigued, I marked the text field with my mouse to see what happened, and discovered that yes, there appeared to be text there. I copied it, and there was my password in plaintext! What they had done was simply to make the password text the same color as the text field... I had a good laugh about that one.
for great justice
Apparently, aside from an astonishing level of clerical and managerial chaos which affected every level of the Reich, the reality of SS intelligence, at least in Berlin, was completely at odds with the perception. The offices responsible for monitoring the population and for doling out punishments for those expressing anti-government sentiment or for being friends with jews or for generally not heiling with enough vigor; that office was staffed with only a handful of over-worked clerks surrounded by mountains of un-processed 'reports' filed by nosey neighbors and crafty tattle-tales trying to get in good with the reich for one reason or another. --But the perception was entirely different, and the effect was that the population effectively policed itself into the condition history has made infamous.
The imagination is the most fearsome weapon. Provide a few displays of violent public oppression, and then no matter how wide and large your enforcement net is, the public will imagine something even bigger and meaner. --Thus the mere suggestion that you might be watched and swatted is enough to keep the population in line.
On the one hand, I find it comforting to know that no matter how bad a police state appears, it's true condition is arguably going to be far less than perceived. But on the other hand, the fact that people willingly turn each other, become informants when it is not necessary, work to create hell on earth by becoming their own worst enemy, is truly depressing. --But even in this there is hope; knowledge of the reality spread widely and openly enough should logically be all that is necessary to prevent a horror.
-FL
Truth is not something that most businesses can live with. Public systems such as school boards and schools themselves also could not survive if they were transparent.
Security, when done right,makes people accountable. And just as that flashy new security system can detect shop lifters or information thieves it can also be used in a court to show black people being searched disproportionately by store security employees, detect illegal workers or perhaps document the level of sexual harassment that a boss is pushing on an employee.
So it comes down to good security being a real hazard to the businesses that install it.
No 42: How Not To Be Seen
(Association invoked by your use of the word "shrubbery".)
I'm not a coward by any name.
NOBODY expects that knives fashioned out of soda cans !
Religion is what happens when nature strikes and groupthink goes wrong.
in summary:
Most americans drive automatics, and many would actively avoid having to drive stick
Most europeans drive manuals, and many would actively avoid having to drive a manual
Both ways have advantages and disadvantages and it's not quite important enough to have world war III over. Please don't debate this further here
my password really is 'stinkypants'
So all those reformed addicts and families of those that died through their drug lifestyles, those that work in rehab centers and to campaign against the proliferation of drugs in our communities. Those people are doing it to keep the price high?
... that too would end the "war".
I'll grant you there may be some elements of the higher echelons that are purely evil and wish to profit from the destruction of peoples lives that hard drugs leads to, but such pure capitalist are a small element I warrant.
If all drug dealers, runners, growers were shot on site
Pardon my ignorance.
Dude - if you have figured out how to clone yourself, you should let the world know about it in a big way - not post it in an un-related article like this!
*** Where are we going? And what's with this handbasket?
My company had a problem with people from other companies parking in our car park, meaning there wasnt enough spaces for our employees. Their solution? Make everyone who works here register their vehicle details with reception, and provide everyone with badges to display in their car window. The problem? Nobody patrols the car park to check the badges, so the people who illegally parked before are still doing it, meanwhile we jump through hoops for no reason.
Launch each 'sig'.
It's interesting that autos have an expensive price premium in Europe - In the U.S. it has gotten to the point where a manual commands a significant price premium, if you can even get it.
retrorocket.o not found, launch anyway?
In November 2007 there was a shootout at my local shopping center during an attempted jewelery heist. The center management decided to post security guards at all entrances, ostensibly to prevent such incidents from happening in the future.
What's wrong with this picture?
Did it work? Perhaps. There have been no further heists. Much like in the years preceding this incident. The werewolf deterrent in my fridge also appears to be working...
i-name =twylite [http://public.xdi.org/=twylite], see idcommons.net
IIRC the client didn't check the password but told the server how long the password was. So you could just tell the server the password is one char and then brute force it
At work: To "improve security and enhance employee safety" my employer installed turnstiles at the building entrances that open when you wave your ID badge at it. It's basically to prevent "tailgating" (unauthorized person(s) entering behind authorized ones) by requiring that people go through one at a time and requires that each person has a valid ID badge. The security theater aspect is that there is no check to ensure that the badge being used actually belongs to the person using it. I also have to use the badge to open doors. Between the front door and my desk I have to use my security badge 4 times (door, turnstile, door, door) and the first three readers are within 20 feet of each other. I feel safer!
At home: We live in the suburbs on a busy street near the center of town. Our dog just died and we're planning to get a new one at the end of the summer after vacations are over and we're back on a routine and able to devote the time to train the dog. My wife announced that she doesn't feel safe without a dog and wants to install an alarm system. We've lived here for over 9 years wihout any incident, we're ten feet from the second busiest street in town, we're at an intersection, and there are street lights. We are a terrible target. An alarm system won't make us any safer because we're already very safe, but it will make my wife feel safer. Pure security theater.
In my view alarm systems (home and car) can actually make people less safe because the best way to get around the alarm is to commit the crime while the owner is present.
DD
"Can I finish? Can I finish?
Last year Japan immigration introduced fingerprint scans and face photographs for all foreign entrants to the country for "terrorism prevention". The only terrorist acts ever committed in Japan were by Japanese people (who aren't scanned when returning to Japan).
The real reason is to satisfy their paranoia that a high percentage of crime is committed by foreigners, which statistically is untrue; and to capture the odd illegal immigrant.
Believe me, Japan is not the golden land for immigrants or hot target for terrorists.
Furthermore, one of my friends flew from the UK to Japan via Germany. At Frankfurt the security directed him through another security gate which checked for forbidden goods. The 500 ml jar of expensive honey he'd bought as a gift at Heathrow duty free had to be binned because of the liquids restriction. Totally insane.
The policy of forcing users to change their passwords monthly does not effectively counter any real-world threats, and creates additional threats. Instead, force users to pick a strong password and never change it unless there is suspicion of compromise.
By the way, have you read how incredibly difficult chemists have stated that it is to actually mix explosives on a plane? It requires beakers, ice and precision and the chances of making a mistake and not being able to take down the plane are quite high.
I live in Florida, we are allowed to stand our ground.
We have the right to have guns on our property without registration.
If you come onto my property, I can shoot you. ONLY survivors talk to police.
We can't take them everywhere, but we can have them in our cars.
That is why car jackers look for rental cars not local cars.
I would prefer an airline that hands out knives.
I trust 200 armed citizens against 5 nut jobs,
more than 200 unarmed sheep against 5 nut jobs.
I am proud to be a citizen and not a subject.
NFS still does assume UIDs are trustworthy. Keep in mind, Sun did NFS and NIS roughly together, and they use the same RPC mechanism. But it is very much a relic of the "trusted LAN" era. If you've got switches that allow arbitrary machines to connect, and DHCP servers that give arbitrary machines address information, NFS is probably not for you.
/etc/passwd away. Even easier if NIS is up, because I can get the entire passwd file from the NIS server.
Even with root squash, there's still no security. That just means I need to switch to someone else's UID before I can read their files--and that's just a quick vi
The great thing about the various attempts to add security to NFS is, they don't work with everything. The only redeeming feature of NFS is that every UNIX-a-like can at least operate as an NFS client. If you now have to do PKI and token management, why not install a good distributed file system instead? Maybe something with aggressive-but-useful client-side caching with server invalidation?
(Wanders off to play with OpenAFS some more....)
yeah, that'll protect my data.
The story sounds slightly unlikely. The ARPANet was so small then that everyone knew almost everyone else. There were no malicious people on the net. Also, ITS had, SFAIK, no internal security, and anyone could create his own account (and then access others' accounts). So, passwords would have added nothing.
ITS also had a feature where someone could eavesdrop on someone else's session, to offer help. I don't think it required the consent of the eavesdroppee.
In case it needs to be said, this was a research machine. Production work was done on machines with passwords.
Contemporaneously with this, at a college a few miles up the river, an undergrad was using the DARPA funded PDP-10 to implement a simulator with which to create the first BASIC interpreter for a micro, which he then sold. There was a rumor that he used so much time that DARPA complained. Using a government computer for private commercial gain is a big no-no. That kid later said that he skipped his CS lectures to attend management classes, which explains a lot about the company he co-founded. A few years ago he bought the college a new CS building.
The USS Constitution, the 200 year old wooden warship docked in Boston Harbor, is protected by a security cordon including metal detector, X-ray, and divers checking under the ship.
It was a fearsome weapon in 1800. However, if you smuggled sufficient gunpowder abord and fired its cannons now, the ship would probably split apart.
Nah, if he were stoned, he would have thought it was funny.
Also, the suggestion of pretzels would have made him hungry.
"The cup is in turn designed for holding hot or cold liquids, and has an open rim and closed base." --US Patent #5425497
- You can have anything in your carry-on bag up until the point you pass through security. So you could easily fill a maximum-allowed-size bag with dynamite and set it off in the middle of the line to security, probably killing as many people as if you blew up a plane and probably disrupting traffic even more.
- If you don't want to be in the line when the bag blows up, find a nice elderly couple and ask them to look after your bag while you go to the bathroom. If you look like white middle class, there is little risk they will refuse.
- Arrange with 20 other people to each bring in the allowed amount of liquids and mix it to a sizeable amount of explosive after getting through security. Or -- equally effective, and a lot easier -- to a poisonous gas.
- Many synthetic cloths are highly flammable and develop dense, poisonous smoke when burning. So just take off your jacket and set fire to it.
And many more. A problem is that the security measures are mainly reactive -- they handle only the things that have been tried before, and it is not difficult to come up with new idea. And when that happens, they just add new measures, but tehy can never stop everything.
I'm not saying that all security should be dropped, but the measures that are most invasive and annoying should be. I don't mind sending my back through X-rays etc. and walking through a metal detector. But please let me keep my shoes on and belt on and have a deodorant and a laptop computer in my bag without having to dig them out.
You seemed to have missed the point of my original post. I didn't say that (say) rehab center workers would be upset by legalization--I was referring to those who make large profits from the illegal drug trade.
"Not an actor, but he plays one on TV."
How about the campaign that the NYPD started on the New York City subway system over a year ago? Apparently, entering the subway system alters ones constitutional rights and makes it ok for the police to illegally search your bags with no need for probable cause. You either submit to random searches of your bags or you are not allowed to ride the subway. Nevermind the fact that cops seem to be randomly placed in random subway stations on random days checking random people's bags... If I were a terrorist I would simply leave the station and walk a few blocks to the next one. Unless they have cops searching everyone who gets on the subway at any station along the line, this is all either theater or an agenda with ulterior motives (catching other types of criminals/contraband on the subway?). My fiance had her diaper bag searched when she was taking our toddler to the park, but when someone tried to steal her purse one night on the subway the cop _watching the whole thing go down_ told her that she "looked like she could handle herself".
So you leave the keys in your unlocked car outside your unlocked house at night? What was your address again? Keep in mind that not telling me represents security through obscurity.
The point being that although no security is impenetrable, that's never been the point of security measures. Security measures exist to raise the difficulty of penetrating them to the point where the cost outweighs the reward. Where they fail is when an unforeseen approach reduces that difficulty to the point where the reward is worth the effort. Where they become security theatre is when the effort of creating the security measures actually outweighs the penalty if the measures were penetrated (spending $15 to keep $10 safe) and/or where the measures taken don't actually increase the difficulty of penetrating them significantly.
Years ago I worked at the computer labs at a university, and the administration instituted a policy forbidding users to use the 'chfn' command to change their "Real Name" on the UNIX systems used by the students for email. This was done ostensibly for security reasons, but when you asked what specific security concern this would mitigate you got yourself a bad reputation. I'm given to understand that the new head of the department had received an email from one of the students who had changed his "Real Name" to Mickey Mouse, and that he'd been offended.
Now around this time I happened to notice that the hostnames of the lab PCs from which the students would access the UNIX machines were all based on their location (the lab they were in and the number of the station, printed on the monitor). So if you walked into a lab and happened to notice a pretty girl you wanted to stalk, you could log into the UNIX system and if she was checking her email the list of who was online would tell you her name based on what workstation she was sitting at. When I raised that as a possible privacy concern, I was pretty much ignored.
Gun control laws -- especially in "Gun Free Zones" implentations -- are the ultimate security theater.
Let's assume for a moment that the "Gun Free Zones" were literally that: places no firearm went. Well, the the post office shootings of the early '80s would never have happened -- government buildings have been weapons-free zones for ages. And the Columbine school schooting -- well, not only was that a Gun Free Zone, but both shooters were not old enough to legally carry or own firearms!
When you look logically at the "more guns mean more killings" argument it falls apart with astonishing speed. Have you ever heard of a mass shooting at a gun show? What about at a gun range? The availability of weapons in either of those places is very high -- but somehow it's the places that the firearms aren't supposed to be that are at risk.
Extend this logic just a half-step further and gun control laws of all stripes start looking stupid. I will accept gun control when the advocates for it can tell me why criminals -- people who by definition break the laws -- will respect gun control laws while they completely ignore laws against drugs, theft, and murder.Do you like Japanese imports?
They look up the doctor's name in their list of doctors (often on a computer! amazing!), and call the number that their system lists. At this point, if the doctor's name is fake, they already know you're full of shit. If it's real, they'll have verification from the doctor or their administrative staff shortly as to whether or not that prescription was actually given out by that office. It's happened to me on prescriptions with no potential for abuse (once on an inhaler, and another time on some medicine for altitude sickness)-- I can only imagine how thorough they have to be with abuse drugs.
But when you want to LEAVE our birthing center, you better have a key.
Of course, the fire alarm disables the lock so you can imaging a kidnapper pulling the alarm then exiting. I think if you want to escape unnoticed this wouldn't work, and if you tried to use the 'confusion' of an alarm to your advantage, we have many fire drills so there is little confusion--everyone knows what to do.
And unless you are already out at the street when they call a code pink (kidnapping), you are not getting away. We practice code pinks and believe me, no one can 'sneak' out of our building once the announcement is broadcast. We do not rely on technology (beyond the PA) to pull this off, it is 200 human observers with assigned strategic positions all looking for anyone entering, leaving, or even driving in the parking lot.
The Feds in the US are paying for chain-link fences around aiports. There can be several miles of bob-wire topped, 10ft high chain-link,which is all but transparent to a set of $20 bolt cutters, but in many places it is just a 4ft high barrier. These come with electronic gates, that stay broken and hence propped open most of the time.
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
The hospital where my kids were born at had one of those fancy RFID tag systems where a tag is attached to the umbilical stump. During the mandatory hospital tour, when they made a big deal about this state-of-the-art security, how they do kidnapping drills all the time, etc, I wondered to myself, "It's a little plastic tag. Why couldn't the baby-napper just snip it off?"
Fast forward a few months to when my first child was born. Part of the discharge procedure is, of course, to remove the RFID tag, which the nurse unceremoniously did with a small wire cutter. When I made light of how easily the security system might be defeated, the nurse assured me that a kidnapper would never have a wire cutter. I would have asked how she could be so sure, but I really just wanted to go home at that point.
It wasn't until after having my second child that I realized the true security measure: "Newborns are a royal pain in the ass." I'd have 12 kids if there were some way to just pick 'em up after 9 months or so.
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
Secure password policies. My workplace introduced this policy not long ago and it's clearly a bit of security theater. Sure, done properly it will work. But the reality is that when you are requiring a high level of complexity... high number of characters, capitals or special characters, people will start to write them down when they previously wouldn't have. In these cases, we now have effectively LESS security, as that password is potentially more available to intruders. It is an even easier method of breaking into a system than it is using a dictionary or brute force attacks, especially when a typical scenario would only allow an attacker a short period of opportunity to try and crack a password. This isn't to say that all strong password requirements are a bad idea, requiring just a single capital letter or a single number in the password would probably work just fine, but the notion that deploying a complex set of password rules will increase security is flat out wrong.
The same goes for applications requiring seperate credentials from those used to initially log on to the system. When you start to introduce even MORE usernames and passwords into the mix, it is going to greatly increase people's tendency to write them down.
Using a single set of credentials for everything and requiring only a minimally complex password, locking out the account after a set number of attempts would be the best solution, but of course in a large corporation the voice of the front line staff is rarely heard.
I saw in INTA building (the Argentina version of USDA) some door that have a card reader to get it, but the traffic is to intense in the morning that is always left with a stone working as a doorstop.
Like the password written in the keyboard.
DNA in your Linux: DNALinux
My kids' doctor doesn't mess with any of this faxing BS. He just calls their prescriptions into the pharmacy.
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
Incredibly off topic, but your sig had me thinking. For computers, KiB are computationally convenient; multiplying by two is easier than multiplying by 10.
Cynical Idealist
Price decreased. Quality increased.
You are far better off buying alcohol these days than the bathtub gin and moonshine of Prohibition times.
As for "working
It's a cost benefit analysis a couple of thousand GBP is worth a few nights in jail, it's not worth the risk of summary execution.
I'm trying to think of when I've encountered security that wasn't theater.
* mechanical locks of all kinds
* car alarms
* antivirus software
All of these are not only ineffective (theater), they're usually at least as bad as the disease they attempt to prevent (lost keys, carrying keys, false alarms, automatic download and execution of useless resource-hogging insecure code...).
Actually, a friend I know has a situation like that. They use it on their freezer (which they keep packed full). Since there's no latch to keep it closed, they just use the lock/key to keep it closed.
Cynical Idealist
Same here. I think my favourite vector is a coat. Just hide your bag of chips (I've actually managed to get a full bag of chips in on many occasions) in your coat, and carry it in (you're too warm). Besides, most places in my area just don't care.
Cynical Idealist
Yes, I can verify that your story is close to correct.
:LOGIN GUMBY. Mainly it just set your homedir since there wasn't much difference between being logged in and not being logged in. You could type the command :PASS (or was it :PASSWORD -- I no longer remember) and send a password, but some wag added that command and the response "You're sending a password HERE?" That was probably Guy Steele). So that was ITS. Oh yea you could read anybody's mail by doing :PRMAIL GUMBY (or :PRMAIL RMS), or I think it was GUMBY^R.
The command interpreter ("shell") for ITS was the debugger(!). You could give it commands either as shortcuts (control characters) or in long form, with a colon and the command name. So you could log in as GUMBYU (altmode was a special character -- if you only had an ASCII terminal you could use escape) or via
Now if you came in from a remote machine not in the lab you did have to log in, but that was only because the server you talked to implemented that. It looked a lot like DDT, the "shell" but really wasn't -- it only implemented a few commands, one of which was a login command that required a password. If you authenticated then you were given a DDT with the homedir already set. By the time I started using the system in late 1979/early 1980 that authenticating server already existed.
Note this is all before the arpanet switched over to TCP in 1984. We used an older protocol called NCP.
Too many people don't understand they have a legal right to take photographs and record video in public places, and that it's protected under the First Amendment of the Constitution.
The practice of street photography has a long tradition in New York City and its purpose varies from hobby and artistic expression to memory making and journalistic documentation. But the freedom to photograph and film has long been taken for granted and challenged in the wake of 9/11.
Know your rights and what to do when approached by law enforcement.
My name is Kim Lengle and I pitched this story to several College Current producer during a pitch session of Jon Alpert's Documentary class at the Columbia University Graduate School of Journalism. I was told that you had a similar story that couldn't be aired.
My story has first hand accounts and shows myself and my partner being kicked out of public places for trying to record video.
Watch the video.
As this guy clearly escapes with video footage, and I've seen countless others do the same, it's pretty clear that this isn't any real form of security at all.