Email or username:

Password:

Forgot your password?
68 comments
Anke

@tevruden Video Description: Zoomed in view of a combination lock with a digital numpad. The camera pans right a little to a door made of metal lattice. In the front garden behind the door a guy is laughing.
The person holding the camera, also laughing, reaches through the lattice and pushes down the handle on the inside to open the door. They then walk left, past the combination lock, around the end of the wall the door is in, where there's nothing stopping them from entering the front garden.

Wurzelmann

@Anke

thank you very much, I appreciate it. ๐Ÿ’œ

@tevruden

mudbungie

@tevruden and most of the review is about the keypad!

StarkRG

@tevruden This is why you don't skimp on the pen testing budget.

StarkRG

@simonbp @tevruden Using higher dimensional physics like that isn't a fair assessment of security infrastructure embedded in 3-space.

Chloe Raccoon

@tevruden @patterfloof Had a customer move into a shared office building for a short while. Electronic door entry system. How many combinations did I claim it had to the building management? 2. Clean/dirty marks were on 1, 6, 8, and 9. "there's thousands of combinations" they said. I entered 1968, door opened. I was going to try 1986 otherwise... They agreed they need to clean the pad weekly....

Miah Johnson

@chloeraccoon @tevruden @patterfloof I had a doctor with one of these and I regularly forgot the code and the dirty/clean keys and no timeout meant I usually got in within a few tries.

patter

@miah @chloeraccoon @tevruden I used to live in a block of flats with a keypad for entry. Sometimes I'd remember the number, sometimes just the position & order to press, and sometimes get it wrong if I thought of the number mid-press

Chloe Raccoon

@patterfloof @miah @tevruden I will let you imagine how fun I find these with my dyslexia and dyscalculia...

PhDog ๐Ÿ‡ฎ๐Ÿ‡ช

@chloeraccoon @tevruden @patterfloof
I was traveling and forgot the keypad code to the door of my building. It was a street party night and some kid, falling down drunk, saw me struggling, lunched in front of me, punched in the code the first try, gave me thumbs up and stumbled off.

In Search of a Better World

@chloeraccoon @tevruden @patterfloof

There is a common mechanical type of keypad where the actual combination doesn't matter as long as you hit the numbers. I mean, the order of the number doesn't matter. Say the combination is officially 2134 then 1234 also works, as does 4321, etc. As long as those four digits get pressed in any order, it works. My last four workplaces have had this type of lock. I used to prank co-workers who didn't know this with the "wrong" number.

C++ Wage Slave

@chloeraccoon @tevruden @patterfloof
A chemist's shop near us uses the code 1066, or certainly used to. I saw a young man in managerial clothes type it into the #keypad from the other side of the shop. Cover your hand, man โ€” there are controlled drugs in there!

Chloe Raccoon

@CppGuy @tevruden @patterfloof Where as when I see one, and if I know someone high up is a football fan... well, lets just say it's amazing how many locks use 1966 as their code...

(((H. N.)))

@chloeraccoon @tevruden @patterfloof@meow.social
And thanks to much cheaper thermal cameras, wiping the keys down isn't all that's needed.

(I recommend putting your hand over all the keys for a bit after entering the number.)

And yes, I just got this thermal camera and it blows me away how well this works.

Thermal image of a pocket calculator's keypad. Touching keys 1, 6, 8 and 9 has left them at a slightly higher temperature than the rest.
Chloe Raccoon

@hn3000 @tevruden @patterfloof I have a seek thermal camera that slots into the bottom of my phones.. I mostly use it for checking the windscreens work when buying new mondeos... ;)

(((H. N.)))

@chloeraccoon @tevruden Mine's an Infiray P2 Pro, which also goes into the USB-C at the bottom of my phone. Bought it to debug some electronics project.

Checking windscreens on cars sounds interesting, too. How does a problem manifest? Are you looking for cracks or bad fit?

(Oh, googled it -- they have heated windscreens, I never had that in a car.)

Chloe Raccoon

@hn3000 @tevruden my seek is old enough it's usb microb, I use a microb to c adapter and it works ok. And checking for dead lines *nods* at ยฃ800 a replacement windscreen, I want to check before I buy! youtube.com/watch?v=8kdnCRbnZ2 (yes the passengerside isn't working 100% ;)

billy joe bowers - hates nazis

@tevruden

"We regret to inform our customers that very sophisticated hackers have infiltrated our system, despite our state of the art security"

bws

@tevruden we need to buy more scanners to fix this!

billy joe bowers - hates nazis

@tevruden

This is like a physical world model of "secret questions" when you sign up for an account.

Ives

@tevruden Iโ€™m not convinced that ppl who work in #infosec are laughing as hard as these guys are

SCRUMschau

@tevruden
It looks like a PIN pad, but it is just a pad to ring/call the people in this house. Type the Apartment number for calling them.

It is a phone, not a lock ๐Ÿคท

Martin

@scrumschau @tevruden
I donโ€™t care.
Iโ€™m laughing tears ๐Ÿคฃ

lily

@scrumschau@mastodon.social @tevruden@nonexiste.net these can do that but it can also unlock the door if you enter a code

DELETED

@scrumschau @tevruden These devices usually allow the resident to unlock the door for their guest by pressing a key on their phone once they answer the call. It's an access control device.

The Tired Horizon

@tevruden I'm reminded of security at my workplace. Its exactly that in places. Just walk around.

SuperMoosie

@tiredhorizon

They changed works door code at the start of covid. Never bothered to remember it as work from home.

So been walking in by the open warehouse roller door since.
@tevruden

Andrew Davies

@tevruden I didn't realise this was a video and spent way too long staring at the "picture" trying to figure out what's so funny. It's probably a good thing I'm not an infosec professional.

mxk

@tevruden reminds me of that great talk about hacking the PS4 (I think), detailing the security architecture, just to then explain, that none of it matters for the hack.

uis

Relative to other security fields infosec isn't as terrible youtu.be/IH0GXWQDk0Q

Heinzenstein

@tevruden
Just when I thought, this was dumb enough, it gets even dumber.

Bernd

@tevruden I would almost bet money that this gate was constructed specifically to demonstrate the ridiculousness of some IT "security measures".

adorfer

@tevruden that's todays concept of an MVP: You show some kind of effort. And if there are complaints: ask for a more decent budget.

a photo of a sidewalk under an old railway stations roof, brick-wood wall building behind. the sidewalk is barred of with fence, just ending at the gras, easy to walk around. photo position is from the side angle from the greens.
Photo of a a fence door is held shut but a cheap transport strap. the strap has the clamp/lever on the outside. it's is weathered.
a photo of a farm road, compacted sand. , between grocery-field. the road is blocked by a fence element aprox. 3m wide, 1.7m high. suppred on 3 rubber cartwheels, whith no visible lock or any other arresting method in place.
a photo of a gravel access road towards a commercial/industrial building. single story, large doors. there is an fence door on the way, but to the left are movable fence elements, not interlocked, and to the right the barrier is about 40cm high.
Maverynthia๐ŸŒฑ

@adorfer @tevruden

I kinda get a feeling some of these are just to keep cars out/skateborders off the sidewalk. Or in the case of the tie-down strap, just to keep the gate from swinging open.

Kinky Kobolds

@tevruden Security theater on a public TV budget.

Florian

@tevruden lol if the point is that you just have to laugh so hard to stave off the existential dread of how bad htings actually are, that is #accessibility, as well :P

Michal Bryxรญ ๐ŸŒฑ

@tevruden Sometimes? Feels? Which companies would actually keep caring about security if you'd tell them it does not influence stocks value?

Pseudo Nym

@tevruden

I can't even call that a "back door" as there is no door, or wall even, of any kind, around back.

Andrea Franceschini ๐Ÿดโ€โ˜ ๏ธ

@tevruden This was the bike shed padlock installed by the block manager where I used to live. Suffice to say, the bikes kept getting stolen even when tied to the metal railings inside and the block manager couldn't figure out how. With the bikes, the chains and locks would also disappear. It took me showing them this padlock and the fact that the metal railings could be unbolted, lifted to slide the chains out, and bolted again in less than a minute.

Security is a box-ticking exercise.

elophant

@tevruden
One of the best real-life examples of fence post security I have ever seen

@infosec_jcp ๐Ÿˆ๐Ÿƒ done differently

@tevruden

Hmm, the budget for the side ' firewall ' wall, TBD, est. FY27Q2 , the new phone dialer keypad to ring the 1-4 apt's for door entry with the password ( added FY24Q1 ) of ' your voice laughing is your password ! ๐Ÿ˜‚๐Ÿคฃ ' worked โ˜‘๏ธ, and the welder mesh on adding more mesh to the front door will be added in FY28Q4, โ˜‘๏ธ?

aetios
@tevruden What you found is out of scope. won't fix
Artificial Stupidity

@tevruden or, as they say, "locks are for honest people"

Go Up