Proving Voltaire Right: Security Blunders Dumber Than Dog Snot

Abstract: 

Voltaire famously said (sort of) that the main problem with common sense is that it is not all that common. Security is certainly a case in point. As vulnerability assessors, we repeatedly encounter security devices, systems, and programs with little or no security (or security thought) built in. We witness well-designed security products used stupidly, ill-conceived security rules that make security worse, organizations with security cultures beyond pathological, and security programs heavily mired in Security Theater, groupthink, bureaucracy, and wishful thinking.

This talk gives examples of common design blunders, easy-to-exploit vulnerabilities, poor usage, and sloppy thinking associated with various electronic devices involving physical security, including locks, tags, tamper-indicating seals, GPS, RFIDs, biometrics and other access control devices, and electronic voting machines. Common blunders in how organizations think about security and how they deal with the Insider Threat, IT vulnerabilities, and vulnerability assessments will also be discussed.

I'll conclude by proposing some reasons why common sense and security are so often alien to each other and suggest possible countermeasures—some of which involve examining what cyber security and physical security could learn from each other.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@conference {267239,
author = {Roger G. Johnston},
title = {Proving Voltaire Right: Security Blunders Dumber Than Dog Snot},
year = {2010},
address = {Washington, DC},
publisher = {USENIX Association},
month = aug
}
Download

Presentation Video

Links

Paper: 
Paper (HTML): 
Slides: