|
|
|
|
|
|
by logfromblammo
3162 days ago
|
|
|
You can pick office furniture locks with a binder clip and a paper clip, which you can often find in the unlocked portions of the office furniture. The paper clip is permanently disfigured in the process, but the binder clip can be put back unharmed. I know, because I have actually done this occasionally, to remind myself to never leave anything valuable at the office. It can take less than 60 seconds to go from empty-handed to an opened lock. A few more seconds to re-lock it with your makeshift pick. Cheap locks might as well not exist to a professional attacker. They barely exist for an amateur motivated by curiosity or boredom. Door locks are a bit more difficult, and may require more sophisticated tools, but those are left unlocked more often, for the extremely ironic reason that the employees that have greatest use for them typically don't have the keys. The only keyed doors that ever get locked are upper management offices, the office supply closet, and wherever it is they keep the sodas and snacks for visiting customers. As with online security, companies are only willing to pay for the illusion of security. Genuine physical security is difficult, expensive, and wears heavily on employee morale. |
|
|
A lot of our security--both network and physical--is based on the illusion of security. One of the most important things that penetration testing does is to make organizations aware of the issues, to put the bug in their ear to remind them that security is important, and shouldn't be an afterthought. We see lots of organizations make material improvements to their security as a result of red team exercises. We also see a lot of organizations that don't. It's disheartening when that happens, but I like to think I help make a difference. The next data breach might be mitigated by our recommendations, or even prevented entirely.