Proving Voltaire Right: Security Blunders Dumber Than Dog Snot

No ratings

Presented at 19th USENIX Security Symposium 2010 by

Roger Johnston

Security Keynote Voltaire famously said (sort of) that the main problem with common sense is that it is not all that common. Security is certainly a case in point. As vulnerability assessors, we repeatedly encounter security devices, systems, and programs with little or no security (or security thought) built in. We witness well-designed security products used stupidly, ill-conceived security rules that make security worse, organizations with security cultures beyond pathological, and security programs heavily mired in Security Theater, groupthink, bureaucracy, and wishful thinking. This talk gives examples of common design blunders, easy-to-exploit vulnerabilities, poor usage, and sloppy thinking associated with various electronic devices involving physical security, including locks, tags, tamper-indicating seals, GPS, RFIDs, biometrics and other access control devices, and electronic voting machines. Common blunders in how organizations think about security and how they deal with the Insider Threat, IT vulnerabilities, and vulnerability assessments will also be discussed. I'll conclude by proposing some reasons why common sense and security are so often alien to each other and suggest possible countermeasures?some of which involve examining what cyber security and physical security could learn from each other.