RE: Security demonstrations

["Murda Mcloud" <murdamcloud () bigpond com>]

How about for physical security as well-eg lock bumping. (Shaping a key to
bump the barrels)

http://www.youtube.com/watch?v=hr23tpWX8lM

Anyone can do this.

Also, check out ways to defeat those number key pad locks. That is spray
some ink on them that only shows up under UV light and after a few hours of
people coming and going, grab your UV light and you will be able to see
which numbers have had the ink rubbed off. Voila, you know the four or five
numbers required for the 'PIN'. This works on locks that allow any combo of
the four or five digits to grant access.

People forget about physical access all too easily and you know what they
say, "If you have physical access it is all over," 
Okay, maybe people don't say that but it sounds right.



> > -----Original Message-----
> > From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
> > On Behalf Of David Glosser
> > Sent: Thursday, March 13, 2008 6:14 AM
> > To: Byron Campbell; security-basics () securityfocus com
> > Subject: Re: Security demonstrations
> >
> > the google hacking stuff at http://johnny.ihackstuff.com/ghdb.php.......
> >
> >
> > ----- Original Message ----
> > > From: Byron Campbell <ibsoup () gmail com>
> > > To: security-basics () securityfocus com
> > > Sent: Wednesday, March 12, 2008 3:33:47 PM
> > > Subject: Security demonstrations
> > >
> > > I'd like like to do quarterly security demonstrations at work.  The
> > > idea is to keep it simple yet meaningful. The first demo I'm thinking
> > > about doing is SideJacking, along the lines of what Robert Graham did
> > > at BlackHat.
> > >
> > > I'd be interested in hearing about other meaningful security
> > presentations.
> > > Byron Campbell