Providing the necessary environment

This shot was taken in Hagenberg in front of the bank. Just think about possible security implications out of this situation. Do you see any mistakes made?

I've marked some major vulnerabilities in the next picture. The weakest link is the tilted window. It's just a matter of seconds to open such a window. The next mistake is the design of the entrance. An attacker doesn't need any preparations like a ladder to get onto the canopy of the building where the window resides.

[Edited on August, 12th] Thanks to a friend of mine who made me aware of the simplest of all attack points. I first thought that trying to batter the front door would alarm to police and there would not be practical. But indeed, there ramp to the door is so big that you could even drive your car/jeep into the bank. Inside there is an ATM, which could be pulled out with the help of the car. Therefore it would not take too much time to steel the ATM and the money inside. 

One of the easiest and inexpensive ways to lower the risk of such an attack would be to put some concrete posts in the middle of the access road. Although this would not prevent some big cars to break in, it would be a first step to make this site more secure. Thanks to Hector for this hint.

Secured by a plate

Yesterday, while travelling home from Koeln, I noticed a hot dog stand at the departure platform in the central railway station. I thought about the fact, that it's not easy to secure this small hot dog stand and how they managed to do this. You can see the booth in the next picture.

After one minute of thinking, I noticed a little plate at the top of the window. It was so obvious, why should someone break into a hot dog stand, if there's nothing to get?

(Written on the plate: "Intrusion unprofitable, no cash available.").

Keep the door opened

The best security mechanisms are useless if there's no one who cares. This picture was also taken at the airport in Frankfurt. Apparently, the person responsible for the room was too annoyed in opening the door every time he enters the room.

The room on the photo filled with toilet accessories, as you can see on the next picture.

At first, it doesn't look like a big vulnerability, but it's the first possible entry to a social engineering attack. Someone could take some papers, the appropriate clothes and a broom could pretend to be an employee. Perhaps this could lead to further intrusion to the airport. And as you can see, you could enter the room without being asked what you are doing.

Perhaps the airport is starting an awareness campaign for the stuff sometime to improve the understanding of the security implications by leaving non-public rooms open and unattended. 

Security Cage

This picture was taken by a friend of mine at the airport in Frankfurt. The security cage, positioned right near the entry to the airport after arriving from the plane, should prevent people from entering a restricted area. But as long as it is not energized, it will just help to prevent cats and dogs from entering, but not trained people. I suppose it's just a matter of seconds to climb the cage, as there is no fence at the top.

Video Surveillance

This video camera had been found in Hagenberg at the University. Apart from the question whether video surveillance makes sense or not, it does not make sense to install it this way - the power jack accessible right near the camera itself.

Public display panels in the subway

I guess, all the people in Vienna might know the green VOR-panels in the subway stations.

I'm wondering, why nobody ever had used it for their own purposes of publishing information. Most of the panels have bad or no security at all.

First of all, the locks that are used offer no real security. Second, no matter how (un)secure the locks are, the implementation is - let's say - not the best. Here are pictures of two panels.

Both are locked, but in the first picture you will notice that it was locked BEFORE the panel was closed.

In the second picture the bolt from the lock is loose so that the panel can't be locked at all.

Don't abuse this information but have a look at it, when you cross the Vienna underground station the next time. Perhaps, someone from VOR will notice this and will fix this issue.

What's the basic idea behind SecurityPitfalls.org?

The basic principle of Security Pitfalls.org is easy - most of you might have passed high security places where doors have been left open or might have noticed a small sheet of paper with the password written down, right near the computer. These situations are security pitfalls - where security is too high so that people just ignore it or where no one ever cared about security in risky areas.

SecurityPitfalls.org is a community project where we work together and collect such situations in forms of photos, stories or movies. Just send it to incoming {at} securitypitfalls.org and we will post your experiences you want to share with other people.

Whats the goal of this project?

First, it's increasing awareness at home and in companies in all security relevant areas ranging from IT-aspects to physical security. Second, we create a common repository for stories to tell, which can be particularly usefull in discussions with unaware clients and friends. Third, it's just pretty much fun. :)

So, let's share our experiences. When you are passing a door to an 'interesting place', just secured with lisle or when you are entering a building where everyone has to wear IDs but you just passed without passport - take a photo with your camera or mobile phone, send it to us with some background information and share it to the world!