Recently in Physical Security Category

At work the doors at the elevator lobby on each floor (other than the first and the cellar) started being propped open. I never saw any official notice that this was an authorized action rather than a rogue one. Scuttlebutt around the office was that someone had put in a suggestion to have the doors propped open. The doors were propped each morning and then unpropped at night (our floor doors are only alarmed at night).

The suggestion box. A method whereby a person can take a few minutes to write an anonymous bag of excrement, light it on fire, ring the doorbell and run away without consequence. Better yet, the suggestion box goes to the CEO, so the victims of the suggestion have to spend hours coming up with a reason why the suggestion sucks and they risk appearing resistive to change.

No one could quite agree on the reason for the doors being propped open. I believe the real suggestion was "the doors are heavy and when I'm carrying a laptop its difficult to open the door." The other theories were funny but for whatever reason, I found myself very annoyed that the elevator bell could now be heard clearly from my office. The loud cell phone talkers who once gathered in the elevator lobby, now disturbed my work as well.

I had my own list of reasons the elevator door should not be propped open. I never bothered to put in my own suggestion that the elevator lobby doors shouldn't be propped. Instead I just waited for the next inspection by fire marshall and let him do the dirty work. The doors are no longer propped.

Source: Washington Post

A former computer systems administrator for the Naval Research Laboratory pleaded guilty today to a federal charge stemming from the theft of nearly 19,000 pieces of computer and office equipment.

Most of the equipment has been recovered by NCIS. The system administrator is likely to get 12-18 months in prison under sentencing guidelines.

How much would it suck to go to jail for a 486 you stole in 1997?

It seems to me that there is a big physical security problem when you can walk with that many computers.

Smash and grab thefts performed on parked cars have been in the news more recently. People purchase GPS, ipods and satellite radio units and leave them in their car. This allows thieves easy access to resell-able items.

This week, we received notice that one of the other parking garages in our office park had been hit.

AAA World magazine has a good article on that issue this month. (page 33)
Obviously, you bought these gadgets to use them. You need to take it with you or keep it out of plain site. The problem with hiding it, is you still have that suction cup mount on the windshield advertising goodies inside the car. Do you really have time to take that down too? What about the obvious residue of the suction cup ring? That advertises as well. That seems like too much to deal with to me. At a minimum hide the valuables.

With GPS devices, use the PIN lock if one is included. This protects your important addresses. The thief may not be interested in all the Ci-Cis Pizza locations in the U.S. but he might want to see what toys your have at home since he knows you'll be at work.

Record the serial number, original cost, and save the receipt. This could aid in recovery or with insurance.

These kinds of thefts are on the rise in commuter parking lots, malls, and other garages. Take heed and avoid being a victim.

I just saw that CourtTV (CourtTV is TruTV as of 1/1/2008) had a pen testing show called Tiger Team that aired a couple of times last week. GrumpySecurityGuy calls it "It Takes a Thief" with a security twist.

Don't go in expecting this show to be about a Red Team in a dark room somewhere running zero day attacks while the Symantec Security NOC is soiling themselves because green lights turn to red on a big board on the wall. It doesn't look like we're going to see Chloe say "its ok we've got the Cisco Self-Defending network”. The episodes I've seen have had the team attempt to penetrate small very secure businesses. You don’t need to bust through a firewall or wait for a phishing reply when you can just hand someone a USB key and ask them to print out a document from it.

The team is has a social engineer, a computer security guy and a physical security guy (if I remember the introductions correctly). In the first caper they take down security at a high end car dealership. In the second episode they go after an elite exclusive Jewelry design shop. Both episodes were a heck of a lot of fun.

Preview:

Hopefully we’ll be seeing more of these episodes. I don’t see any upcoming episodes in the program guide data. I also couldn’t find the episodes on the CourtTV website. I had to bittorrent them (kids don’t try that at work).

I was home last week when a couple of guys knocked on my door. I hate it when people ignore the no solicitation sign that is at the entrance to our community.

They were wearing Honeywell shirts and said they were in the neighborhood offering to upgrade five people to the latest greatest alarm system for free.

I talked with them a bit about what the alarm system could do, and they did talk a good game. But the situation seemed kind of hinky to me. Isn't that just what a bad guy would do to try and find out what security protections I have.