Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Privacy Security Your Rights Online

Stupid Security 81

Posted by timothy from the just-ask-penn dept.
Buck Mulligan writes "The folks at Privacy International are holding a stupid security contest to discover the "world's most pointless, intrusive, annoying and self-serving security measures." Nominations can be submitted by email: stupidsecurity@privacy.org. My vote goes to the Ronald Reagan 'Free Trade' Center in Washington, where you have to show your driver's license to visit the food court. (Having a driver's license proves that you aren't dangerous!)"
This discussion has been archived. No new comments can be posted.

Stupid Security More

Stupid Security

Comments Filter:

  • How about ... (Score:3, Redundant)

    by a2800276 ( 50374 ) on Tuesday February 11, 2003 @07:53AM (#5278430) Homepage
    this [slashdot.org]

    • Re:How about ... (Score:1, Insightful)

      by Anonymous Coward
      How can something be modded redundant if it's the first post to say it?

  • Stupid Security (Score:4, Funny)

    by Captain Large Face ( 559804 ) on Tuesday February 11, 2003 @07:59AM (#5278448) Homepage

    How about...

    Using a one million bit key and claiming it's uncrackable on Slashdot?

  • Signature via fax (Score:4, Insightful)

    by DrSkwid ( 118965 ) on Tuesday February 11, 2003 @08:15AM (#5278486) Journal
    & also "Company Letterhead via fax"

    I've encountered both of those as some sort of "security"

    • Some years ago I went to a branch of my bank in the middle of nowhere. I didn't have my card for some reason so they got me to sign something and faxed it to my 'home' branch for verification.

      Seems close enough to safe to me.

      Rik

  • I got one. (Score:3, Interesting)

    by TripleA ( 232889 ) on Tuesday February 11, 2003 @08:23AM (#5278513) Homepage
    US web-vendors that requires international customers to e-mail or fax in a copy of their ID and credit card. Mailing a picture of the card kinda defeats the purpose of the secure, encrypted order form.
    • Mailing a picture of the card kinda defeats the purpose of the secure, encrypted order form.

      How's that? I mean it would seem like an ID complements a secure, encrypted order form. The encrypted page just means that no one else can get your transaction. It has nothing to do with authenticating you. Every legitimate buyer is going to have access to their ID and credit card. At least if you are going to approve stolen CC #'s make sure that they stole the whole card, and not just a number out of a hack database someplace.

      -Brent
      • Well, the picture of the card is not sent via encrypted email, so it's not secure at all. Anyone sniffing up that mail will have the customers complete CC#, as well as a lot of additional info on the customer (if the ID is sent in the same mail).

        • Re:I got one. (Score:3, Interesting)

          by bmetzler ( 12546 )
          Well, the picture of the card is not sent via encrypted email, so it's not secure at all.

          Oh.

          I missed the email part. I just saw fax and mailing, and thought that it was a physical copy that they actually wanted to receive. Obviously email a graphic isn't a very good idea, considering it's probably easy to photoshop a CC image to begin with.

          -Brent

  • (Chemical) labs at universities (Score:3, Informative)

    by tsa ( 15680 ) on Tuesday February 11, 2003 @08:39AM (#5278577) Homepage
    I find it strange that there is (almost) no security at all in many chemical labs at universities in Holland where I've been. Anyone can walk in and pick up some chemicals, some of which are very dangerous if you don't know how to handle them. Of course people who work there can always take anything they want, but people who just happen to be there are not (much) resticted.

    • Re:(Chemical) labs at universities (Score:2, Informative)

      by Anonymous Coward
      That's not poor security so much as criminally poor chemical handling. Chemicals should be separated according to class, acids with acids and bases separate. Flamables away from the oxidizers etc... They should be in the proper cabinets and locked. And lastly anyone who works in a lab should keep everyone who doesn't need to be there out. No exceptions.
    • Reminds me of when I was at college (WUSTL). Some buddies stole HN03, H2S04 and HCl from the lab so they could make nitroglycerin. DISCLAIMER: IANAChemist, so I have no clue if they really needed those three for that.

      Anyway, they wound up dropping acid on beetles. Of course, somebody knocked over one of the bottles, and it ate away a 6 ft^2 area of the carpet all the way to the concrete. before somebody got some baking soda to dump on it.

      (voluntarily self-modded -1:OT by "No Karma Bonus")
      • Some buddies stole HN03, H2S04 and HCl from the lab so they could make nitroglycerin. DISCLAIMER: IANAChemist, so I have no clue if they really needed those three for that.

        HN03 - Nitric acid. Need it, check.
        H2S04 - Sulfuric acid. Need it, check.
        HCl - Hydrocloric acid. Nope, don't need it.

        The third ingredient you need is glycerine which I believe you can get at your local drugstore. It's insanely simple to make. You just mix the glycerine, nitric, and sulfuric acids and you get nitroglycerine as an oily liquid on top. The acids need to be very concentrated though.

        You just have to mix it insanely carefully. The sulfuric acid generates heat. Heat is bad when you are making nitroglycerine. Very very bad. Even if you try to keep it cold the sulfuric acid tends to generate hot-spots. Did I mention hot-spots are bad? Very very bad. Don't try this at home. It will most likely blow up in your face.

        IANAChemist either, for all I know it may blow up just because it doesn't like the color of your shirt.

        -
    • some of which are very dangerous if you don't know how to handle them Actually, I'd be more worried about some of the ones who KNOW how to handle them. ;-)

  • Airport questions (Score:5, Funny)

    by Col. Klink (retired) ( 11632 ) on Tuesday February 11, 2003 @09:54AM (#5278942)
    I guess they've stopped doing this, but the airline ticket agents asking if you're a terrorist always seemed pretty stupid to me.
    • My favorite airport questions are "Did you pack your bags yourself?" and "Have your bags been out of your control?" But the all time favorite one I got from British Airways was "Have you accepted any gifts from strangers?"

      Are there any kids who went to a public school in the 70's who remember the Redlight-Greenlight movies? I know I must have seen one every friday in the cafetorium from K through 4th grade. I won't even look at strangers after seeing those movies. Nevermind accepting presents from them.

      • I once had a 3 hour wait at the airport so I actually answered correctly on thoses questions. I had left my bags at a paid train storage area, and in the storage area of the train. The person at the desk just looked at me and said to answer that I had packed them and they had been in my control.

    • My friend (who is Australian but of Indian decent) recently re-entered the country from a vacation Down Under. At the airport, the guards put him through all sorts of questions. Among them was "How did you get your Green Card?". When my friend, a professor of Mathematics, replied that he got it through an Outstanding Researcher program, the guard asked him "So, are you an outstanding researcher in mathematics?". My buddy, groggy from a double-digit-hour flight, replied "Well, I guess I am." The guard then asked him "What's the Pythagorean Theorem?" to test him. My friend couldn't believe his ears. This question was supposed to determine whether my friend really was a mathematics professor? Every kid who went through high school math knows that one!

      I feel safer already knowing we've got such intelligent guards monitoring our borders...

      GMD

      • On a related, but different note, I once went into CompUSA with my girlfriend. She was wearing her university's Computer Engineering t-shirt. Upon seeing this, the mo working there said, "Oooh, computer engineering. Quick! What's RAM mean?"
    • Airline ticket agents since 9-11 in Canada have been asking me a doosy: "Is there anything in your bag of which you are not aware..."

      Huh? How the he11 would I know?

      Good thing the last few time I've flown, it's been on a charter. I bring my own flats of beer. Note to the community: Don't drink lots of beer on a 4 hour flight in a plane with no 'facilities'.

  • Network Solutions takes the cake (Score:3, Insightful)

    by ip_vjl ( 410654 ) on Tuesday February 11, 2003 @09:58AM (#5278971) Homepage
    How about the "Fax us the change request on company letterhead" for making changes when you don't have the admin password.

    Like nobody could possibly fake that.

    --

    When transferring a domain to another party, I had to have the form notarized, then fax it in.
    What's the point of the notary seal (embossed) when I'm going to fax it?

    • Like nobody could possibly fake that.

      Yeah, I actually had to create my company letterhead when they asked me to do this (can you tell I don't communicate much by snail mail?).

      What's the point of the notary seal (embossed) when I'm going to fax it?

      The notary also signs it, but faxed signatures are being derided elsewhere in this thread...

  • Identification (Score:3, Informative)

    by david duncan scott ( 206421 ) on Tuesday February 11, 2003 @10:03AM (#5279005)
    Having a driver's license proves that you aren't dangerous!

    No, of course not, but showing a DL makes you somewhat accountable -- would you rather chase "Caucasion male between 5'6" and 6', with brownish-blondish hair and average build", or "John Smith, 123 Maple Sreet, Clevland OH"?

    Sure, credentials can be forged, but at least you've raised the bar.

    • But I doubt they're actually keeping your driver's license on file, or making a photocopy, or anything like that.

      Probably you just flash your ID, and a bored guard looks at it, and waves you on in. Meantime, your jacket full of jellybean-explosives...
    • That is, if they even look at the driver's license. I can't remember a time when a security guard even read my name! So it's more of a check that I have a driver's license.

      The other thing is that they're not likely to remember anything on the license more than a minute later.

      Besides, the guys who hijacked the planes on 9/11 didn't use fake ID. A suicide bomber doesn't care as much about hiding his identity.

      All this fake security depresses me.

      • You're right about 9/11, of course, but suicide bombers are the extreme case. A truck bomb could certainly flatten my house, but I still lock the dead-bolt at night because I'm also concerned with ordinary criminals. I lock my car even though a moderately-skilled thief could still take it, because there are also even less skilled thieves who will be stopped unless I leave the keys in the ignition.

        As for what security guards will remember, you never know. Ask one of them sometime. Some of those guys are ex- or off-duty cops, and cops often have remarkable memories. Furthermore, there may be a camera in the ceiling overhead.

      • Besides, the guys who hijacked the planes on 9/11 didn't use fake ID.

        Agreed. I always thought one of the stupidest rules they came up with after 9/11 was "Only ticketed passengers past security".

        HELLO! The hijackers had tickets! This is just part of the mentality to show that they're Doing Something! Anything(tm)...
        • That's not the point of those requirements.

          Since they became a lot more through about security checks after 9/11, the "Only ticketed passengers past security" rule was designed to lighten the load on the checkpoint personnel.

          Before 9/11 - two passengers + four friends = 20 minutes. After - two passengers = 45 minutes.

    • No, of course not, but showing a DL makes you somewhat accountable

      I take it then, the policy of showing a driving licence (What if I don't drive?) has drasticly reduced the theft of pork pies and people punching each other in the dinner line?

      (Some people need to get a life and stop invading others privacy for there own power games)

      • Well, I wasn't addressing the issue of whether any security was needed at the food court, just whether or not this was at all an appropriate form of security. My guess (and only a guess) is that other parts of the place may be business offices and other areas visted largely by appointment (I have no idea what goes on at a "Free Trade Center", but I doubt that it's a flea market.)

        As for not driving, I know Maryland has ID cards for those who don't drive, and I'm sure other states do as well. "Drivers license" is generally short-hand for "driver's license or other state- or Federally-issued photo ID". Even non-drivers have the option to write checks at the grocery store.

    • Re:Identification (Score:3, Insightful)

      by parliboy ( 233658 )
      You've circuitously explained the real problem. The true state of security is such that I would get in with a DL that says, "John Smith, 123 Maple Sreet, Clevland OH"
      • Again, all you've done is raised the bar. Hell, the true state of security is such that I could probably get in by driving a truck through the front door. Does that mean we shouldn't bother with locking the doors at night?

        Besides, I'll lay money that there is, in fact, a John Smith living in Cleveland, and a Maple Street.

    • Eh. Except that in context, what are the chances that whomever is checking IDs in the food court is going to remember that that dude (rather than one of the fifty people before or after him) is John Smith, according to his driver's license.

      Not to mention, one assumes that you were already in the building. Do they figure that the food court is a particularly attractive target?

  • JavaScript (Score:4, Insightful)

    by SoCalChris ( 573049 ) on Tuesday February 11, 2003 @11:31AM (#5279736) Journal
    JavaScript on web pages that won't allow you to right click. Very stupid "security", and highly annoying too! Not to mention that it is super easy to get around...

    • Re:JavaScript (Score:3, Funny)

      by sporty ( 27564 )
      super easy to get around...


      The early 90's are calling. THey want their phrase back.

      Sorry, couldn't help it :)
    • Yes, and client-side validated forms. Wow, I registered the "*@comcast.net" email address. I didn't work as I expected, but I have it registered it to me nonetheless.

  • XP explorer (Score:3, Informative)

    by octalgirl ( 580949 ) on Tuesday February 11, 2003 @11:56AM (#5279917) Journal
    When you use Explorer, which used to mean you would see everything about your computer in one fell swoop, clicking or double-clicking on My Network Places does nothing. You now have to right-click and Explore again if you actually want to get there. It seems it's because some users were getting into Network Neighborhood accidentaly and noticing there were other computers out there, possilby not locked down properly. But really, making someone right-click again, that is not better security, it's reduced functionality.
  • They used to have you turn on the laptop computer so they can see something on the screeen. As is you could not remove the hard drive and replace it with a weapon.


    Going into the JFK Federal building in Boston, one of the security guards told me that they had it because of the Oklahoma bombing. Yes, if they had Timothy take the truck through the metal detector, they would have caught him.

  • As if somebody who was able to find my CC number and my full name would be stumped trying to figure out this bit of top-secret information.

    "What's your mother's maiden name?"

    "31337h@ck3rm0m"

  • Drivers licence discrimination (Score:2, Funny)

    by Anonymous Coward

    you have to show your driver's license to visit the food court.

    Heh
    Being blind this _really_ anoys me. The number of places that won't accept anything other than a drivers licence as a form of identity.

    Before now I've had to explain to people _why_ I don't have a drivers licence!

  • The VISA application for the US (Score:3, Interesting)

    by aWalrus ( 239802 ) <sergio AT overcaffeinated DOT net> on Tuesday February 11, 2003 @01:49PM (#5281008) Homepage Journal
    Have you guys ever seen one of those things? There's this form you have to fill when you request a VISA for travelling into the US. I think it's the same for most foreign countries. In Mexico, at least, it has about 10 checkboxes that look something like this:
    - I am a member of a violent terrorist organization yes / no
    - I am trafficking drugs/weapons/any sort of illegal substances into the US yes / no
    - I am an active member of a hate/racist group involved in violent attacks of minorities yes / no
    - I engage in satanic rituals.... etc. etc.

    I'm not kidding you. This is the sort of things the form actually asks. I guess there may be a legal precedent as to the need for these questions, but it's funny as hell anyway. Or maybe it actually works for stopping extremely stupid hatemongers / drug dealers from travelling into the country.
  • the password prompt that pops up on system startup, which can be safely ignored.

  • Stupidest security... (Score:3, Interesting)

    by velcrokitty ( 555902 ) <.moc.sregor. .ta. .etibelg.> on Tuesday February 11, 2003 @02:17PM (#5281282) Homepage

    My favourite as of late is applying to security-minded companies, and embedding an image in my email from a server that I have access to. I can watch it as my cover-letter is passed from one department to another. I get to see what systems they are using, and I've found that a lot of companies have their IT department running one version of OS with a Google browser, while HR runs another version of OS (usually XP), and internal managers or reviewers running yet again another OS...

    Sillies. You want security, don't claim to be a security firm and yet allow people to view your internal operations... Sillies...

  • ...to prevent terrorism.

    (YOMV, but I suspect it will ultimately cause more.)

  • The Passport Bureau (Score:2, Interesting)

    by Anonymous Coward
    I'm utterly serious. I went to renew my passport, and they wouldn't accept as ID either my birth certificate or learner's permit (Current and valid non-driver ID in the state of NY - good as a driver's license for any legal identification purpose!).

    What they DID accept was my recently expired college ID. WHAT???

    And if you want to call and complain to the passport office, it's a toll number!

  • I worked for Georgia Tech in college, so I was technically a state employee. As such I had to go through a standard application that included these gems:

    Are you or have you ever been a member of the Communist? yes/no
    Have you ever advocated that violent overthrow of the government of the state of Georgia? yes/no

    Besides being useless screening tools, the first is irrelevant, and the second, well, what the hell would you do if you did violently overthrow a state government?

    On another note, I've worked at two companies where you could not change your Windows network password; only an Administrator could do that. Both required frequent password changes, and the protocol was to send a clear text email to a sys admin with your new password.

    The last place I worked allowed you to change the Windows password yourself (and required a new one), but there was no mechanism for changing the VSS password. Again the mechanism was to send your new password in clear text to the guy that administered SourceSafe.

    And what about using proprietary VPN solutions that require a Windows machine to connect to Unix boxes? Talk about a backdoor. Now you are relying on the impregnability of Windows 98/NT/2000 to keep people from accessing your network.

    I worked for another company that required you to shut off your machine every night (can't just logout) for security purposes.

    The list for this topic is sadly quite long.

    • I recall some campus rules where I study (they were ultimately changed :). They went something like this (I am -not- kidding):

      • Computer-monitors should be turned off when Internet is not being used.
  • but it's a result of stupid bureaucrats nonetheless.

    Graduate students in the computing lab at Oxford University have swipe card access to the building 24 hours a day. University regulations stipulate that anyone who could be working alone must take a first aid course; consequently, all graduate students in computer science are required to attend this course.

    The first aid course in question is basic CPR.
  • Terrorists want to create maximum impact from their actions, so they target areas where large numbers of people will be congregated. Sure, there are no state secrets in the cafeteria, but that's not what terrorists are after. By exploding a bomb in a very crowded place at lunchtime, they create the terror they are looking for.

    I was a visitor at M$ corporate campus recently, and everyone has to "badge in" to the lunchrooms (guests must be escorted). The rule is "no tailgating" - one person, one badge swipe.

  • Cardiff Airport (Score:3, Funny)

    by rpjs ( 126615 ) on Tuesday February 11, 2003 @10:32PM (#5285085)
    This was a few years ago, back in 1999,so may well have changed (probably got stupider). Here in the UK we still don't need to show ID when checking in for domestic flights (a couple of airlines require it since 9/11, but it's not required by the government). However when me and my girlfriend flew from Cardiff to Belfast in June 1999, after having gone through the gate, before boarding the plane we had to show our boarding passes to a plain-clothes policeman who wrote down our names. No doubt this was because of the ongoing unpleasantnesses in Northern Ireland, and the police were taking it seriously enough that when the guy in front of us objected he was pulled from the line and eventually was last onto the plane bearing a very pissed-off expression.

    The thing is though, is that the *only* ID they asked for was the boarding passes, with no corroboration that the names on them were our real names. Presumably the South Wales Police have come to an understanding with the IRA and UVF who've agreed that their guys would never dream of buying airline tickets cash and supplying a false name, or with a fake/stolen card.

  • How about... (Score:3, Funny)

    by aztektum ( 170569 ) on Wednesday February 12, 2003 @12:07AM (#5285482)
    Patriot Act?
  • At my first community college, there were several rules that you could not create new accounts, you could not shut down remote systems, you could not format hard drives, etc. . .

    Now, these may seem like normal rules at first glance, and most people at the school didn't find them odd. However, I was working in the IT department at the time and I know that these rules were only added after it was pointed out to the lead Network Administrator that the Computer Management Console was openly available to all accounts.

    Funny thing is, the Computer Management Console remained open for the next few months.

    ->Fritz
  • Yeah... right!

    Like reading a EULA has ever convinced someone to that they shouldn't install the software from the pirated CD they have.

    I think MS should do usage statistics to determine how many people actually scroll down the EULA or just click Agree.

    1 x 10^(-1000000)
  • MS Bob had this wonderful security feature.. you could set it to lock your computer so nobody else could use it.

    Only, that wasn't terribly user-friendly, so if you entered the wrong password three times in a row, Bob figured that you must have forgotten it, so it asked you if you wanted to change it.

Slashdot Top Deals

"May your future be limited only by your dreams." -- Christa McAuliffe

Close