During the night, journalist Tommaso Cerno did a short trip to the airport of Rome and shared his  experience on the web. The problem? There was no security at all. The screening lines and the security areas are freely accessible, doors secured by access codes or code cards are open, homeless people are taking a nap in the interior. Tommaso filmed the his tour through the airport and published it online: 

http://espresso.repubblica.it/multimedia/home/22897704.

It would be an easy task to smuggle weapons or drugs into the airport during night. The only risk would be that one of the homeless people could find it before the next day and take it away, so Sebastian Klipper.

One day when he wanted to open the safe with his 4 digits code, it just responded with the message "BATTERY ERROR!". Hence, he made is way down to the reception, asking for help. The friendly receptionist went upstairs with him to have a look at the safe. After demonstrating the problem, the receptionist positioned right in front of the safe started entering a code and said: 

"Enter, 0, 0, 2, Enter, Enter."

Open! That's it and after the receptionist left, Sebastian Klipper knew the master code. Sometimes the easiest way to circumvent the security system is, ask friendly for help.

Now, the question is, how much value does access to this room have? 

First of all, you can steal paper, but that shouldn't leave too much damage to the company. Secondly, an intruder could wait for some important documents printed out. As this room is locked during the day, it could be an interesting place for getting information. Another source of information is the key itself. Even if an attacker can't get much value out of the information in the room, she could try to copy the key or just take notes about the cuts of the key. This can enable the attacker to duplicate it or use in combination with some other keys to rebuild the master key of the university's locks.

So the key lesson of this story: never leave your keys unattended - and never leave it on the doors. :) Thanks to Berni for sending in this story and the pictures. 

Update (7/2/2010): Churchy added another security issue that wasn't mentioned in the blog posting above. An attacker could use the printer's network cable to get access to the network. This could be interesting especially in situations where you just have access to a secured WLAN that is separated from the internal LAN.

A system that might look pretty secure for a hostel, at first, ...

Actually, these access codes are retrieved from the doors of my rooms "40" and "35" where I have slept in. "CX90" and "CI15" are the id from the floor where the rooms are located, whereas the last part is set to the last room on the floor "48" or "38". Some of my friends have slept in room 32 and got room code "C15Z32". 

As you see, the codes are not very hard to guess and offer no security for the backpackers sleeping in there. As there was no locker available, you just could hope everybody was so friendly not to steal anything while you've been out for a few drinks.

Therefore, if you have access codes in place, they should never be guessable and of course, they should be changed from time to time, so that, in case somebody publishes the codes or gets access to these codes, your company still remains secure. 

I haven't thought too much about ATM security before, but it doesn't look very trustworthy, does it?

Have you already recognised the issue in this picture?

It's really impressive, that you can still leave your keys at your bike in Austria, but I wouldn't recommend that. :)

One year later, at nearly the same spot, at the same time, at the same event - people haven't learned anything. 

As long as nothing happens, all seems to be fine, but don't get upset, when someone steals your bike.

The original e-mail in German:

Is this really working? Can't add anything more to this - check it out yourself. 

(c) by Cheezburger Network (Failblog.org) - pls contact them, if you want to use the image in further documents

But, indeed, after 5 minutes of waiting, no one was showing up and the blue sign on the desk saying "Be right back." seemed to be there for a reason. I took a second, closer picture of the working place, noticing that all the screens were not locked and paper sheets were lying on the desk. 

Apart from the possibility that an attacker could exploit this situation to try to get access to the systems, it may have been enough for an attacker to study all the information presented to him by the paper sheets and the computer screens.

Therefore, companies should raise awareness for such problems and insist their employees to always lock the computer desktops when leaving the working place and to hide important working papers when there's the possibility that attackers could get advantage by reading them. 

After opening he found the LanSwitch of the whole floor unprotected and unlocked. Of course, Norb didn't actually connect to the switch, but an attacker could gain access to the whole network, install a sniffer and collect usernames and passwords from all students living in the dormitory.

Additionally, there was a surveillance camera installed in the room, which was recording the entrance, but not the area around the central LAN switch. 

A clever attacker wouldn't start opening the car right away, without investigating further, thus finding out that it isn't locked at all.

The obvious problem in this situation is of course the unlocked car or poorly closed door. However, a much greater problem can cause the free accessable contents of this car. People tend to have keys in their cars, f.e. to the garage. Sometimes there are USB sticks for the radio that have also data from their work stored on it. Or, more simple, an attacker can find old invoices that he can use for social engineering attacks. From a corporate espionage point of view, it's an invitation to install bugging devices to gather information.

I think, the main problem here is, that just a few minutes of unthoughtfulness can have long-term affects on the security of a whole company or household. So, when you leave your car open and unattended, be aware of the possible outcomes. Especially for all private people, who are reading this blog, don't be paranoid, just be aware. :)

Thank you very much to Sup for sharing his experiences he made in a chemical company. It's a very great example of how companies should NOT design their entrance areas.

Unbelievable, but true: This chemical company has a non-locked entrance door. The anteroom is neither staffed nor camera monitored. There is a plate with the information that this would be the status quo for the next few weeks. Nothing easier than that for visitors - they can issue an identity (visitor) card (!!!) themselves. All that you need is directly placed on the desk (even blank cards to fill in). After that you can try to open the next (main) door by lockpicking (I guess it is not so easy to use the given electronic possibility) or you'll wait until the next friendly person gets out of the main building and holds the door open for you.

Great thanks to Churchy for submitting this nice programming mistake. Unfortunately, this is not a singular case and the one or the other will find himself trapped into the same sort of problem. But don't bother, Churchy is explaining the pitfalls.

A common way to protect web forums or blog comment areas from unwanted spam without the need of manually checking all new messages before publishing them is to include captchas. Captchas are intended to be readable by humans only, thus preventing automated bots from submitting forms with spam content. However, a mechanism intended to rise the security level can also suffer from flaws that make the mechanism useless. A german news site seen in the first picture lets users post comments and includes a captcha. The first pitfall is obvious.

 

 

The letters and numbers in the captcha can be read easily. They look exactly like typed letters, are perfectly ordered, do not include optical noise, always have the same background, have the same size and are not rotated at all. No OCR software should have any problems in reconstructing the contents of the image. However, the second and probably even worse pitfall lies in the way the images are generated. Have a look at the source code of the site:

 

 

Who would need to find a way to reconstruct captcha images, if all you need to know is already waiting in the source code, easy to be parsed using regular expressions? Maybe the shown web site is not quite popular and submitted spam can easily be removed again by an admin, but why would you want to include a security measure that does not add any real security value at all? However, as flawed as the shown implementation might be, it may protects against bots that to not target this specific site (and flaws) but just randomly submit forms on any web site they find. Or, as Ted Humphreys would have said: Whether this solution is appropriate depends on the risk you are facing. :-)

Can you guess the right combination?

What about this one?

In the first picture the numbers are 1-6-8-9. Of course, someone could try out every combination, but there are combinations that are more likely than others. Perhaps you have guessed them already, the most common ones would be 1986 or 1968, perhaps depending on the age of the admin or the company. :) The second one is easier and the most likely combination is 1234.

There are also some very interesting comments to the blog entry. One user said, that on some keypads you don't have to try out all the possible combinations. Just press all four numbers at the same time. After pressing a few times within a short interval the keypad will get confused and will think that the correct combination was given.

Another user states that most of the locks just check the last four numbers. Therefore, by pressing the combination 123412314231243121342132413214321 an attacker would just need to press 33 times instead of 96.