this post was submitted on 20 Oct 2023
211 points (100.0% liked)
chapotraphouse
13535 readers
57 users here now
Banned? DM Wmill to appeal.
No anti-nautilism posts. See: Eco-fascism Primer
Gossip posts go in c/gossip. Don't post low-hanging fruit here after it gets removed from c/gossip
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I have a security background and it's largely all theater. Locks are just to keep out people who believe in them. All those badge swipes and things are about tracking access, not securing things. Matter of fact, most mag locks and electronic doors, by law, have to fail open for safety.
Learn to hack, learn to quadcopter.
A little while ago our company wanted to get rid off local administrator rights, but as developers we kind of need those (like installing the software we develope and other unimportant things), so they installed some crappy software that wraps the user access control and I guess gives them more control over what can be run
It breaks every couple of weeks, but luckily you can use that same software to disable and bypass it by running the control panel as admin
Every windows PC that has a USB port can be hacked into locally. Boot into windows install USB, open elevated command prompt, change the ease of access button's target location to be an admin command prompt instead of the ease of access settings, reboot, click the ease of access button, change the admin password in the admin command prompt, enter the password and you're in.
And let's be honest here, even Fort Knox is only ever as secure as the people who operate it.
Generally speaking, an operation is only as secure as the people who function within it and these people tend to be the most vulnerable points in a chain of security.
What I'm trying to say here is that you don't have to be a good hacker to be a good penetration tester and one of the most fruitful areas for "hacking" is always going to be social engineering.
Calling people up and just asking for their passwords is a time honored tradition.
Hello yes this is ur bank calling
I re-watch this at least once a year religiously just because it's the best worst best good bad movie, and is so ridiculous and weirdly not all at the same time.
I always wanted to try being a pen tester because me and my friends used to like to sneak and I liked to schmooze. I would always be the one to distract the cashier or whoever.
That also happened at a time where most people in the gov and leo really didn't understand tech yet. Not that it's much better now, but the sort of people who were chasing and abusing Kevin couldn't figure out how to program their VCR. #FreeKevin
"Mr. Clinton, listen to this for a sec." [impossibly beautiful rendition of The Internationale performed in whistling]
"I understand. AmeriKKKa must burn."
Realizing that judges are, by and large, have no qualifications at all, of any kind, whatsoever, really helps you on your way to realizing that society is silly and you shouldn't take it at face value.
Everything always fails at "guy who doesn't get paid enough to give a shit"
Who watches the watchmen themselves?
Also, lockpicking is pretty easy, and a lockpicking kit is really cheap
Yeah, most commercial non-deadbolt locks are really fucking cheap. A lockpick gun will get you in most doors relatively quick. Most security, keypad, and fire boxes are all using one of a handful of keys. Same with the old crown vic police cars, actually. Also, golf carts.
If you live in an apartment with coin operated laundry, you can buy a key for the coin box really cheap too.
I've been so tempted to do this for years, but I'd be so afraid they'd notice the missing income and figure something was up.
I would also recommend casing the joint real well too. There could be a camera. It could be thwarted with a well placed laundry basket though.
I lived in an apartment with laundry, and I found out that if you push the quarter "slider" in reeeeal slow, sometimes it would kick on and I could gank my quarters back
Does this mean that passing a strong-ish magnet over them would typically make them open?
Fail open means that fire code requires an unobstructed path of egress; You can't be locked in a building in an emergency. So mag locks are powered all the time in order to maintain the lock and then you remove power to open the door. This way if power goes out the door opens. In most major Corporate buildings, if you go into the fire panel room, you will find a relay that can simply be pulled out and will remove power to every maglock in the area. Or you can pull the fire alarm, cut the power, etc. Most big buildings also have a little lockbox aka a knoxbox outside their front door with a set of keys inside and some have a switch inside to kill the locks as well. They do have tamper switches though.
I can't remember using a magnet to neutralize a maglock, but I wanted to.😅 It would have to be a big one and honestly it would be easier to just slap something with a bit of thickness on the maglock when the door is open to prevent it from getting a solid "seal'. It'll give the appearance of being locked, but a good yank will let the door open right up. Often you can also just slide a piece of paper on a coat hanger between double doors or under a door to trip the PIR (passive infrared) sensor used to auto-open for people exiting. It shouldn't work, but those PIR are cheap as hell and often very oversensitive.
You can also spray a condensed gas through a door with a PIR on the other side. Only really secure building I worked in was for one of those Billy Budd type people who were really good at some niche technical thing and just hired enough people to be able to focus on the part that they found fun. His shop was in a squat brick building with steel doors that you had to press a button on the inside to open. There were well built steel edges to the door so that a hangar or some other means of attack could not be slipped around.
Yes! It wasn't consistent, but we were able to get that working with canned air a few times. Double doors worked best where you could get closer to the PIR above the doors. Holding the can upside down worked best, iirc.
Awesome to hear this actually working! I wonder if holding it upside down works best bc it grabs the coldest fraction of gas and causes the biggest temperature differential for the PIR?
That's my thinking. Most of the PIR aren't very impressive and they're just looking for that temperature change, it doesn't matter which direction. I actually wonder if maybe the paper trick works when it does because it moves the air flow from air conditioning around.
Not a clue tbh, the maglock uses an a pretty strong electromagnet on one side, metal plate on the other. Not sure what it would take to interfere enough once they're seated properly. Preventing that is your best bet and is often their downfall.
I used to work in a room at a place that violated this regulation. It was a laboratory, too. Those probably catch fire more often than office cubicles.
Lol yeah, that probably deserves a call to OSHA. Or in some libertarian place where that's not the fire code.
I seriously considered it at the time, but it was before I was radicalized and I was afraid of rocking the boat.