Pointer Corporation
     The Information Technology Architects
How Secure is "Secure?" - Part 2

During last month, I attended two seminars in the Los Angeles area regarding data security, or better yet, its absence in many system architectures currently in production around the world.  One speaker even went as far as showing us various techniques for breaking into supposedly secure systems, with the ultimate goal of warning us about securing systems we develop.

Without going through any details of what this particular speaker shared with us, I was just thinking about three different experiences I personally had over the past several years:

Experience #1

It was September 1977 and I had just started my graduate studies towards an M.S. degree in computer science (and I won't mention the name of the university, for the reason that you'll find out in a moment).

One of my first complaints about the logistics of that particular school was that the students' parking lot was too far from the classrooms, while the faculty parking lot was right next door.

Obviously, I did not have a faculty ID card, so getting to their parking lot was out of the question.  Right?

Wrong!  While casually observing the faculty driving into their convenient parking structure, I happened to notice that some of them didn't show their ID to the parking attendant; they just waved at the him and he would open the parking gate for them, apparently since he knew them in person.  So I said to myself:  "How can I pretend to be a faculty member?"  (and I wasn't the kind of person who would even think about acquiring a false ID card.)

The solution?  I decided one day to change my outfit and, instead of the regular T-shirt most students wore in those days, I put on a white shirt and a dress tie.  I then drove up to the faculty parking lot and, without opening the window, just waved at the attendant.  He nodded his head in approval and opened the gate for me.

For the next 20 months that I was in graduate school, I wore a dress shirt and a tie to school and always parked in the faculty parking lot.

Experience #2

About 15 years ago, I had a database development contract at a major corporation in Southern California.  The computer room at their building was so secure that you needed to use a magnetic ID card and also sign-in at the door, before entering the computer room.

So one day, just out of my curiosity, I asked one of the systems operators what would happen if he forgot to bring his badge from home?  Would he have to go back home and get it, ask a manager to come and sign for him, or what?

His reply, to my amazement, was "None of the above!"  He said, instead, that there is a 2nd entrance to the computer room through the men's room, and that door in unlocked!

Experience #3

Last week (August 2004), I was at another client location with secure entrance, magnetic badges and touchpad entry locks, etc.  Once inside the facilities, however, I noticed that the freight elevator went up to the secure floor, but without any security locks.  I actually tried it one day and was able to use the freight elevator and get inside the secure floor, without requiring a badge or using an electronic touch pad.

End of story.

 

For further information, please refer to our feedback page.