Comments on: What the Designers of Bank Vaults Should Learn from the Field of Computer Security http://pragmattica.wordpress.com/2009/03/19/what-the-designers-of-bank-vaults-should-learn-from-the-field-of-computer-security/ Just another WordPress.com weblog Thu, 05 Nov 2009 14:43:13 +0000 http://wordpress.com/ hourly 1 By: Anonymous http://pragmattica.wordpress.com/2009/03/19/what-the-designers-of-bank-vaults-should-learn-from-the-field-of-computer-security/#comment-168 Anonymous Sun, 14 Jun 2009 11:47:27 +0000 http://pragmattica.wordpress.com/?p=31#comment-168 This biggest vulnerability with this safe is if thieves find the code. The safe in the diamond heist had a lock with 100^4 combinations, yet they got video footage of the code being entered. If the thieves got that on your idea there would be no other security. with a security by obscurity method there would at least be other safeguards in place. This biggest vulnerability with this safe is if thieves find the code. The safe in the diamond heist had a lock with 100^4 combinations, yet they got video footage of the code being entered. If the thieves got that on your idea there would be no other security. with a security by obscurity method there would at least be other safeguards in place.

]]> By: Anonymous http://pragmattica.wordpress.com/2009/03/19/what-the-designers-of-bank-vaults-should-learn-from-the-field-of-computer-security/#comment-124 Anonymous Fri, 24 Apr 2009 00:26:03 +0000 http://pragmattica.wordpress.com/?p=31#comment-124 Nothing is hidden or secret about the way a simple tumbler vault vault works...just like a computer algorithm....the only thing a thief is missing is the correct key/combination. Now you say that keys locks can be 'picked' and tumbler locks can be 'the equivalent of picking, like with the stethoscope in the movies', but the same can be said for computer algorithms. Point in case - WEP encryption for wireless routers. hackers learned how to intercept data traveling between host and client and decrypt the password (pick the lock)! Nothing is hidden or secret about the way a simple tumbler vault vault works…just like a computer algorithm….the only thing a thief is missing is the correct key/combination. Now you say that keys locks can be ‘picked’ and tumbler locks can be ‘the equivalent of picking, like with the stethoscope in the movies’, but the same can be said for computer algorithms. Point in case – WEP encryption for wireless routers. hackers learned how to intercept data traveling between host and client and decrypt the password (pick the lock)!

]]> By: bnsmith http://pragmattica.wordpress.com/2009/03/19/what-the-designers-of-bank-vaults-should-learn-from-the-field-of-computer-security/#comment-123 bnsmith Thu, 23 Apr 2009 02:10:25 +0000 http://pragmattica.wordpress.com/?p=31#comment-123 I suppose that if a hacker managed to jam the computer or if the computer itself crashed, there would be no alternative but to drill through the wall of the vault. It would be a time consuming and expensive proposition, but still better than the computer security equivalent. If you lose the password for a Truecrypt volume, for example, it might take a billion years for the brute force attack to work! I suppose that if a hacker managed to jam the computer or if the computer itself crashed, there would be no alternative but to drill through the wall of the vault. It would be a time consuming and expensive proposition, but still better than the computer security equivalent. If you lose the password for a Truecrypt volume, for example, it might take a billion years for the brute force attack to work!

]]> By: Jpdemers http://pragmattica.wordpress.com/2009/03/19/what-the-designers-of-bank-vaults-should-learn-from-the-field-of-computer-security/#comment-122 Jpdemers Wed, 22 Apr 2009 06:54:34 +0000 http://pragmattica.wordpress.com/?p=31#comment-122 Better hope the computer in the vault never fails! What struck me about the Antwerp Diamond District vault was the idiotic practice of turning off the lights at night, thereby blinding the video surveillance system. Better hope the computer in the vault never fails!

What struck me about the Antwerp Diamond District vault was the idiotic practice of turning off the lights at night, thereby blinding the video surveillance system.

]]> By: Salil http://pragmattica.wordpress.com/2009/03/19/what-the-designers-of-bank-vaults-should-learn-from-the-field-of-computer-security/#comment-120 Salil Mon, 06 Apr 2009 19:35:29 +0000 http://pragmattica.wordpress.com/?p=31#comment-120 I have an Infosec background myself, and I'd be more wary of the communications channel you describe as a vulnerability, given the "traditional" dependence on off-the-shelf protocols for that sort of thing. Imagine a hacker who can't break into the safe, but can jam the code up so well with an exploit that he can effectively hold the contents of the safe hostage. I have an Infosec background myself, and I’d be more wary of the communications channel you describe as a vulnerability, given the “traditional” dependence on off-the-shelf protocols for that sort of thing.

Imagine a hacker who can’t break into the safe, but can jam the code up so well with an exploit that he can effectively hold the contents of the safe hostage.

]]>