May 2010 Archives

Open day at a youth hostel

By Tom on May 30, 2010 10:49 AM | No Comments | No TrackBacks
Flo submitted the following security pitfalls from a youth hostel in Linz, Upper Austria. In the following picture you can see how the building looks from the street.

Unattended_Service_Entry_07.JPG

Taking a look around, he discovered the first issue. There was a back entry which was opened and would make a perfect entry point for an attacker. The entry to the stairs leading to the door, was secured by 1.5m high railings. Without a doubt, an easy to surmount obstacle.

Unattended_Service_Entry_01.JPG

On the back side of the building, or what somewhat could be called a backyard, Flo discovered the next entry point. There was a service entry for a building attached to the youth hostel. 

Unattended_Service_Entry_02.JPG

The entry opened up access to a variety of rooms, not part of the normal housing. Flo did not enter the corridor, as this would have not been allowed in terms of the Austrian legislation. Another point that caught Flo's attention were all the containers and garbage around. Assuming that, like in other hostels already described on this blog, access codes to rooms were set using a specific algorithm, old code numbers could give access to rooms in the hostel and a free night.  


Unattended_Service_Entry_04.JPG

Thanks to Flo, for his contribution to the project. 
« April 2010 | Main Index | Archives | July 2010 »

Search

User ranking

User     Reported Pitfalls
Flo4
Norb4
Berni2
Sup2
Ali1
Churchy1
JG1
Nuuz1
Trixi1
vmorbit1

Idea behind SecurityPitfalls.org

SecurityPitfalls is an educational, supportive and fun project and depends strongly on the community that drives this project. For further information visit the article What's the basic idea behind SecurityPitfalls.org

About this Archive

This page is an archive of entries from May 2010 listed from newest to oldest.

April 2010 is the previous archive.

July 2010 is the next archive.

Find recent content on the main index or look in the archives to find all content.

Categories

Monatsarchive Archives

Send in your photos and stories

SecurityPitfalls.org is a community project where we work together and collect situations where security fails, primarily for educational purpose, as source for discussions and presentations and fun. Send your photos (digi cam/handy), stories or movies to incoming {at} securitypitfalls.org and we will post your experiences you want to share with other people.

Recent Comments

  • Tom: I agree, the risk is quite low, but it seems read more
  • churchy: i wonder if it actually would make sense to spend read more
  • Flo: nice one :) read more
  • Tom: In addition, you could perform some dumpster diving exercises. :) read more
  • fl0: Hoi, additionally you could try to get hold of the read more
  • philipp: A link to the original blogpost of Schneier would be read more