Entries Tagged "physical security"

Page 7 of 25

Walls as Security Theater

Interesting essay on walls and their effects:

Walls, then, are built not for security, but for a sense of security. The distinction is important, as those who commission them know very well. What a wall satisfies is not so much a material need as a mental one. Walls protect people not from barbarians, but from anxieties and fears, which can often be more terrible than the worst vandals. In this way, they are built not for those who live outside them, threatening as they may be, but for those who dwell within. In a certain sense, then, what is built is not a wall, but a state of mind.

The essay goes on to talk about the value of walls as security theater.

Posted on December 2, 2011 at 5:30 AMView Comments

Moving 211 Tons of Gold

The security problems associated with moving $12B in gold from London to Venezuela.

It seems to me that Chávez has four main choices here. He can go the FT’s route, and just fly the gold to Caracas while insuring each shipment for its market value. He can go the Spanish route, and try to transport the gold himself, perhaps making use of the Venezuelan navy. He could attempt the mother of all repo transactions. Or he could get clever.

[…]

Which leaves one final alternative. Gold is fungible, and people are actually willing to pay a premium to buy gold which is sitting in the Bank of England’s ultra-secure vaults. So why bother transporting that gold at all? Venezuela could enter into an intercontinental repo transaction, where it sells its gold in the Bank of England to some counterparty, and then promises to buy it all back at a modest discount, on condition that it’s physically delivered to the Venezuelan central bank in Caracas. It would then be up to the counterparty to work out how to get 211 tons of gold to Caracas by a certain date. That gold could be sourced anywhere in the world, and transported in any conceivable manner—being much less predictable and transparent, those shipments would also be much harder to hijack.

[…]

But here’s one last idea: why doesn’t Chávez crowdsource the problem? He could simply open a gold window at the Banco Central de Venezuela, where anybody at all could deliver standard gold bars. In return, the central bank would transfer to that person an equal number of gold bars in the custody of the Bank of England, plus a modest bounty of say 2%—that’s over $15,000 per 400-ounce bar, at current rates.

It would take a little while, but eventually the gold would start trickling in: if you’re willing to pay a constant premium of 2% over the market price for a good, you can be sure that the good in question will ultimately find its way to your door.

Any other ideas?

Posted on August 25, 2011 at 12:43 PMView Comments

Attacking PLCs Controlling Prison Doors

Embedded system vulnerabilities in prisons:

Some of the same vulnerabilities that the Stuxnet superworm used to sabotage centrifuges at a nuclear plant in Iran exist in the country’s top high-security prisons, according to security consultant and engineer John Strauchs, who plans to discuss the issue and demonstrate an exploit against the systems at the DefCon hacker conference next week in Las Vegas.

Strauchs, who says he engineered or consulted on electronic security systems in more than 100 prisons, courthouses and police stations throughout the U.S. ­ including eight maximum-security prisons ­ says the prisons use programmable logic controllers to control locks on cells and other facility doors and gates. PLCs are the same devices that Stuxnet exploited to attack centrifuges in Iran.

This seems like a minor risk today; Stuxnet was a military-grade effort, and beyond the reach of your typical criminal organization. But that can only change, as people study and learn from the reverse-engineered Stuxnet code and as hacking PLCs becomes more common.

As we move from mechanical, or even electro-mechanical, systems to digital systems, and as we network those digital systems, this sort of vulnerability is going to only become more common.

Posted on August 2, 2011 at 6:23 AMView Comments

Duplicating Physical Keys from Photographs (Sneakey)

In this demonstration, researchers photographed keys from 200 feet away and then made working copies. From the paper:

The access control provided by a physical lock is based on the assumption that the information content of the corresponding key is private—that duplication should require either possession of the key or a priori knowledge of how it was cut. However, the ever-increasing capabilities and prevalence of digital imaging technologies present a fundamental challenge to this privacy assumption. Using modest imaging equipment and standard computer vision algorithms, we demonstrate the effectiveness of physical key teleduplication—extracting a key’s complete and precise bitting code at a distance via optical decoding and then cutting precise duplicates. We describe our prototype system, Sneakey, and evaluate its effectiveness, in both laboratory and real-world settings, using the most popular residential key types in the U.S.

The design of common keys actually makes this process easier. There are only ten possible positions for each pin, any single key uses only half of those positions, and the positions of adjacent pins are deliberately set far apart.

EDITED TO ADD (7/26): I seem to have written about this in 2009. Apologies.

Posted on July 26, 2011 at 1:28 PMView Comments

Physical Key Escrow

This creates far more security risks than it solves:

The city council in Cedar Falls, Iowa has absolutely crossed the line. They voted 6-1 in favor of expanding the use of lock boxes on commercial property. Property owners would be forced to place the keys to their businesses in boxes outside their doors so that firefighters, in that one-in-a-million chance, would have easy access to get inside.

We in the computer security world have been here before, over ten years ago.

Posted on July 14, 2011 at 6:38 AMView Comments

U.S. Presidential Limo Defeated by Steep-Grade Parking Ramp

It’s not something I know anything about—actually, it’s not something many people know about—but I’ve posted some links about the security features of the U.S. presidential limousine. So it’s amusing to watch the limo immobilized by a steep grade at the U.S. embassy in Dublin. (You’ll get a glimpse of how thick the car doors are toward the end of the video.)

EDITED TO ADD (6/1): It was a spare; the president was not riding in it at the time.

EDITED TO ADD (6/13): Here’s a video of President Bush’s limo breaking down in Rome.

Posted on May 26, 2011 at 1:57 PMView Comments

"Operation Pumpkin"

Wouldn’t it be great if this were not a joke: the security contingency that was in place in the event that Kate Middleton tried to run away just before the wedding.

After protracted, top-secret negotiations between royal staff from Clarence House and representatives from the Metropolitan Police, MI5 and elements of the military, a compromise was agreed. In the event of Operation Pumpkin being put into effect Ms Middleton will be permitted to run out of Westminster Abbey with her bodyguards trailing discreetly at a distance. Plain-clothes undercover police, MI5 officers and SAS soldiers stationed in the crowd will form a mobile flying wedge ahead of her, clearing a path for the fugitive future princess to escape down.

Prince William will then have a limited time, the subject of tense negotiations between Clarence House and security chiefs, in which the path behind Ms Middleton will be kept open for him to go after her, after which the mobile protective cordon will close again at the Abbey end due to lack of manpower and the Prince will have let his bride slip through his fingers.

If Wills reacts fast enough, however, he will be able to chase after his fleeing fiancee for just under half a mile.

I wonder what security would have done if she just took off and ran.

EDITED TO ADD (5/5): The double negative in the first sentence has confused some people. To be clear: the article quoted, and Operation Pumpkin in general, is fiction.

Posted on May 4, 2011 at 12:15 PMView Comments

1 5 6 7 8 9 25

Sidebar photo of Bruce Schneier by Joe MacInnis.