Comment On Securing The Server Room

Back in school, we used to go practice in our all new music classes with doors to protect the instrument that were supposed to be theft-safe.

The doors were.. but the thing around it was old and we could easily use that credit card (that we called the Student-Id card) trick.

What is it about G.R.G. that attracts WTFs?

It's surprising that the minions didn't have him arrested for breaking into the server room. Real minions would have been all over that.

I guess you just can't get good minions these days...


WOTD = minion

I was half expecting the code to be: 1 2 3 4

wilkeson:

I was half expecting the code to be: 1 2 3 4

Or to be written on a post-it under a keyboard ..

Now, we know that GrG work for a University.

People - people - people; we could be talking about WTFU here... what makes you so sure that those computers didn't just store a bunch of WTF assignments, and TB upon TB of porn?

lizardfoot:

It's surprising that the minions didn't have him arrested for breaking into the server room. Real minions would have been all over that.

This may have been superseded by another Real Minion Law: they won't notice the gaping security hole until it's been compromised by an enemy, even if a friend tries to point to out.

I was expecting the key to be 1 2 3 4

while G.R.G. and the maintenance man were attempting to bypass the combination lock, they simultanteously got the impression that they were being watched. They kept turning around to see if anyone was there, but all they saw were the shadows.

Unbeknownst to them, a ninja programmer dressed in black pajamas, snuck in by crawling 350 feet along the ceiling tiles. When they turned around to look for the 'presence', the nija lowered himself to the exposed keyhole, altered his body's physiology and squished himself through to the other side just before G.R.G. turned back to the lock.

Unfortunately, the temperature in the server room was so high that the blast of hot air forcing its way through the open keyhole caused the ninja to sublimate, leaving only the black pajamas as a clue that anyone had ever been there.

Upon pushing the door in, the emty pajamas were pushed aside and never noticed.

BTW: if it was really that hot in the server room wouldn't G.R.G. have noticed hot air coming through the hole while he was examining the buttons (presumably close up) for wear?

Roughly as secure as half the apps I see every day...

Captcha: dreadlocks

IHaveNoName:-(:

I was expecting the key to be 1 2 3 4

Hey! I have the same combination on my luggage!

No you don't. You are a big fat son-of-a-captcha-posting liar!

Probably druish too.

1-2-3-4? Amazing! That's the same combination on my luggage

* oops, after reading all the comments I see somebody beat me to that joke, well at least I'm the first person to quote it properly (minus the 5).

The math department in our university had a lab with a bunch of top-of-the line Macs for running Mathematica (this was the shiznit back then), guarded by a similar 4 button cipherlock.

In the first week of class, we were told about the lab, but not given the combination. Rather, we were told that the combination was 4 unique digits...

Aparently, 24 possible combinations was enough to keep the art students out.

Back when I was working for a large, three lettered fortune 100 company, we had a "secure" datacenter. The elevator took you down to a lobby, the lobby had a keycard to the NOC, and the NOC had a keycard to the datacenter.

The first week I worked there I asked, "How do you get a rack down the elevator?"

The answer was that there was a single door between the datacenter and the loading dock, which was usually propped open since the dock wasn't air conditioned.

To their credit, the management eventually fobbed the door. All this required was a slightly longer walk to the other side of the datacenter through an equally unlocked door and pushing it open. However, since the hallways were quite long, no-one really knew about it except all the people they locked out when they fobbed the door, which also were usually the types that couldn't get down the elevator.

For the "Secure Cage Area", they did indeed extend the wall up above the ceiling. However they cut quite large holes in the wall to run trunks through some day, and the floor was nowhere near secure.

Things might have improved in the three years since I worked there, but then again, maybe not.

I could go for a nice COGNAC with a twist of captcha right now.

1-2-3-4? Amazing! That's the same combination on my luggage

* oops, after reading all the comments I see somebody beat me to that joke, well at least I'm the first person to quote it properly (minus the 5).

Actually:

One, two, three, four? [, five?]
That's amazing. I've got the same combination on my luggage.

Oh, the stories of secure data centers. At a client site, they'd just finished putting in those fancy-schmancy four-digit code locks. The super-special ones that light up the digits in a random order on the keypad everytime you want to use it. One evening I needed to do something in their data center, so I parked in the lot, and walked in through the back door which was propped open, through the "back lobby," next propped open door, through the call center, next propped open door, down the hall, next propped open door, into the data center.

Look, Ma! No fingerprints!

Not quite as good as the time I had to do work in a bank on the weekend, so they gave me a key and the alarm code...

Stanley Szoctziczsky:

IHaveNoName:-(:

I was expecting the key to be 1 2 3 4

Hey! I have the same combination on my luggage!

travisowens:

1-2-3-4? Amazing! That's the same combination on my luggage

Luggage ? You mean you actually go out the IT room ? You must be joking, right ? What you possibly want outside ?
Food ? Bah, order in. Social life ? I have a whole bunch of friends at WoW.
And the most amazing things happened just a few weeks ago: I finally saw one of those cable-pulling gnomes! Pointy ears and aveything!

poochner:

Oh, the stories of secure data centers. At a client site, they'd just finished putting in those fancy-schmancy four-digit code locks. The super-special ones that light up the digits in a random order on the keypad everytime you want to use it. One evening I needed to do something in their data center, so I parked in the lot, and walked in through the back door which was propped open, through the "back lobby," next propped open door, through the call center, next propped open door, down the hall, next propped open door, into the data center.

Look, Ma! No fingerprints!

Not quite as good as the time I had to do work in a bank on the weekend, so they gave me a key and the alarm code...

That's not hard to believe at all -- when I got my mortgage, I met the mortgage lady at my local bank after hours.

She unlocked the door and we walked in. No alarm beeped. I asked her about it.

Her response was, "pfft. Anything of any value in this place is locked with stuff much more secure than that glass door I just unlocked."

I didn't bother mentioning that giving a potential thief free reign of the bank to do all the work and spend all the time he liked hooking up explosives or cracking the safe itself wasn't a very good idea. I was there to get my mortgage.

I've always found people using 1066... easy to remember and apparently not obvious :S

lizardfoot:

It's surprising that the minions didn't have him arrested for breaking into the server room. Real minions would have been all over that.

You assume that the minions found out.

Minions return: door is locked, the maintenance guy isn't going to say anything (why would he?), you sure as heck aren't going to say anything... how are they going to know?

AngryRichard:

The math department in our university had a lab with a bunch of top-of-the line Macs for running Mathematica (this was the shiznit back then), guarded by a similar 4 button cipherlock.

In the first week of class, we were told about the lab, but not given the combination. Rather, we were told that the combination was 4 unique digits...

Aparently, 24 possible combinations was enough to keep the art students out.

It was the department's basic competency exam. "Our lab, which you'll need to use if you hope to graduate, is kept locked all the time. We won't open it for you. The password is 4 unique digits. Here's your first assignment. Have fun."

IHaveNoName:-(:

I was expecting the key to be 1 2 3 4

No, this was the -secure- server room. The combination was actually 4 3 2 1.

CAPTCHA stinky: No, I take a shower once each week, whether I need it or not.

Years past, I arrived first at my office early one morning. As usual, I unlocked the front door and walked in. It was only after I had gotten inside and placed my lunch in the refrigerator that I realized I had just unlocked my office's front door with my house key.

I tried about 5 keys on my key ring. Any key that fit into the lock, it turns out, would unlock the lock.

The locksmith was called rather quickly after the CEO arrived that morning....

wilkeson:

I was half expecting the code to be: 1 2 3 4

Amazing! That's the same combination a have on my luggage.

IHaveNoName:-(:

I was expecting the key to be 1 2 3 4

Pha, it might be 1 2 3 5. The next generation almighty secure password. ;-)

AngryRichard:

The math department in our university had a lab with a bunch of top-of-the line Macs for running Mathematica (this was the shiznit back then), guarded by a similar 4 button cipherlock.

In the first week of class, we were told about the lab, but not given the combination. Rather, we were told that the combination was 4 unique digits...

Aparently, 24 possible combinations was enough to keep the art students out.

Haha, awesome.

Of course to art students 4! is just a loud four.

I'm not sure what you would call that, not security through obscurity, maybe security through artistic apathy? Or security by intellectual calibre?

Anonymous:

Years past, I arrived first at my office early one morning. As usual, I unlocked the front door and walked in. It was only after I had gotten inside and placed my lunch in the refrigerator that I realized I had just unlocked my office's front door with my house key.

I tried about 5 keys on my key ring. Any key that fit into the lock, it turns out, would unlock the lock.

The locksmith was called rather quickly after the CEO arrived that morning....

Could be that someone bumped the lock (look up lock bumping on google or youtube). IE someone had broken in and now any key would work in the lock.. could have been that way from the get go I guess, but I doubt it.

Most deadbolts used by businesses and homes are susceptible to bumping.

Anonymous:

Years past, I arrived first at my office early one morning. As usual, I unlocked the front door and walked in. It was only after I had gotten inside and placed my lunch in the refrigerator that I realized I had just unlocked my office's front door with my house key.

I tried about 5 keys on my key ring. Any key that fit into the lock, it turns out, would unlock the lock.

The locksmith was called rather quickly after the CEO arrived that morning....

Last year on a Tuesday morning the FedEx guy told me that
he came in the day before (a holiday) and wandered around
looking for someone to sign for a package. He ended up in
my office watching my screen saver for a while (I run
Linux). The electronic door lock had not been programmed
for the holiday, so it was unlocked from 9:00 to 5:00.

I'm reminded of the lock in the care home where my grandma used to live. They had a poem posted above the keypad that was something like,
Nine trees on a hill
Three dogs barking
Eight boys playing violent video games
(or something roughly like that)
It kept in the people they wanted to keep in, anyway.

4 character passwords from a set of 10 characters really isn't that secure. Trying 1000 passwords is trivial for a patient person, if the door is out of sight so they have enough time. Even if it locks them out for a few minutes after some number of bad tries, a patient person could get in after a few nights of work.

Anonymous:

Years past, I arrived first at my office early one morning. As usual, I unlocked the front door and walked in. It was only after I had gotten inside and placed my lunch in the refrigerator that I realized I had just unlocked my office's front door with my house key.

I tried about 5 keys on my key ring. Any key that fit into the lock, it turns out, would unlock the lock.

The locksmith was called rather quickly after the CEO arrived that morning....

The "secure entry" on the apartments where I live had the same feature. Now they've got an electronic keyfob system that goes on the fritz every now and then, so people just keep the back door propped open.

just for future reference:

these Simplex locks ship with the combination 2+4 then 3. try that first. 90% of the time, nobody bothered to change the combination. if that's not it, you can download a chart with all of the available combinations on it. it only takes about 15 minutes to go through them all.

a side effect of this: don't trust anything important to only a Simplex lock.

CAPTCHA: alarm.

The Fox:

I'm reminded of the lock in the care home where my grandma used to live. They had a poem posted above the keypad that was something like,
Nine trees on a hill
Three dogs barking
Eight boys playing violent video games
(or something roughly like that)
It kept in the people they wanted to keep in, anyway.

4 character passwords from a set of 10 characters really isn't that secure. Trying 1000 passwords is trivial for a patient person, if the door is out of sight so they have enough time. Even if it locks them out for a few minutes after some number of bad tries, a patient person could get in after a few nights of work.

hmm, someone needs to understand their powers of numbers.
4 positions with 10 possibilities actually make for 10000 different combinations (0000 - 9999).

Remember it is number of digits raised to number of places. so it is 10^4. If there were only 5 digits possible in a sequence of 5 it would be 5^4 = 625 possibilities. This of course assumes you allow repeats of a digit within the sequence.

mike5:

wilkeson:

I was half expecting the code to be: 1 2 3 4

Amazing! That's the same combination a have on my luggage.

I don't get the joke. My luggage combination is 7593, but you don't see me blabbing about it everywhere.

KattMan:

The Fox:

I'm reminded of the lock in the care home where my grandma used to live. They had a poem posted above the keypad that was something like,
Nine trees on a hill
Three dogs barking
Eight boys playing violent video games
(or something roughly like that)
It kept in the people they wanted to keep in, anyway.

4 character passwords from a set of 10 characters really isn't that secure. Trying 1000 passwords is trivial for a patient person, if the door is out of sight so they have enough time. Even if it locks them out for a few minutes after some number of bad tries, a patient person could get in after a few nights of work.

hmm, someone needs to understand their powers of numbers.
4 positions with 10 possibilities actually make for 10000 different combinations (0000 - 9999).

Remember it is number of digits raised to number of places. so it is 10^4. If there were only 5 digits possible in a sequence of 5 it would be 5^4 = 625 possibilities. This of course assumes you allow repeats of a digit within the sequence.

Oops...
$me->slap('what was I thinking!');

I read somewhere once (can't find it now) that someone had found out how to crack a particular car's combination door-lock. It turns out that it would allow the correct code to be entered in the middle of a bunch of wrong numbers (ie, if the code was 1234, typing 987123456 would work. He produced an optimized sequence of about 300 numbers that, if typed in correctly (it would only take a few minutes), would be equivalent to trying every combination. Quite interesting stuff.

Not Zygo ;-):

mike5:

wilkeson:

I was half expecting the code to be: 1 2 3 4

Amazing! That's the same combination a have on my luggage.

I don't get the joke. My luggage combination is 7593, but you don't see me blabbing about it everywhere.

Haven't you ever seen Spaceballs?

Could be that someone bumped the lock (look up lock bumping on google or youtube). IE someone had broken in and now any key would work in the lock.. could have been that way from the get go I guess, but I doubt it.

Most deadbolts used by businesses and homes are susceptible to bumping.

uhm what? Bumping a lock doesn't mean that any key can open a lock once it's been bumped.. Maybe you're the one who should look it up on google o_O

iToad:

CAPTCHA stinky: No, I take a shower once each week, whether I need it or not.

If it's only once a week, the latter part of your comment does not apply. :P

Re: Securing The Server Room
2007-04-25 17:07 • by Not Zygo ;-)
mike5:
wilkeson:
I was half expecting the code to be: 1 2 3 4


Amazing! That's the same combination a have on my luggage.


I don't get the joke. My luggage combination is 7593, but you don't see me blabbing about it everywhere.

*sigh*

1 2 3 4 is a common default which most people who don't bother to change it is because they DON'T realize the importance of changing it.

I'll give you the benefit of the doubt and assume you're having a brain-dead day. :P

See? That's what I've always said: Letting employees walk around armed with pens is a major security breach.

I don't get the joke. My luggage combination is 7593, but you don't see me blabbing about it everywhere.

For everyone assuming this fellow has no sense of humor, or is Spaceballs-impaired ... ha-ha! :D

He publically states his luggage combo, and then says ".. but you don't see me blabbing about it". Very clever, excellant trollmanship! :D

Anonymous Coward:

Re: Securing The Server Room
2007-04-25 17:07 • by Not Zygo ;-)
mike5:
wilkeson:
I was half expecting the code to be: 1 2 3 4


Amazing! That's the same combination a have on my luggage.


I don't get the joke. My luggage combination is 7593, but you don't see me blabbing about it everywhere.

*sigh*

1 2 3 4 is a common default which most people who don't bother to change it is because they DON'T realize the importance of changing it.

I'll give you the benefit of the doubt and assume you're having a brain-dead day. :P

Ooooor, he made another joke so subtle you failed to get it. I'll have to go with this solution. Well done. Well done.

Anonymous:

Years past, I arrived first at my office early one morning. As usual, I unlocked the front door and walked in. It was only after I had gotten inside and placed my lunch in the refrigerator that I realized I had just unlocked my office's front door with my house key.

I tried about 5 keys on my key ring. Any key that fit into the lock, it turns out, would unlock the lock.

The locksmith was called rather quickly after the CEO arrived that morning....

Our landlord rekeyed our door, and gave us the strangest key I've ever seen -- it looked like a bump key -- it was probably cut 5-5-5-5 or whatever the terminology is. Less than a month later, he rekeys our door again, saying one of the other units had been broken into.

That's right, not did he do the lamest rekey I've ever seen, he keyed every lock in the complex the same way.

AngryRichard:

Apparently, 24 possible combinations was enough to keep the art students out.

For a keypad with 10 digits, and a 4 unique-digit key, there are either 210 or 5040 possible keys, depending on whether ordering is important.

If ordering is important (ie. 1,2,3,4 is a different passkey from 4,3,2,1), then the number of possible keys is: 10 perm 4 = 10!/6! = 5040

If ordering is NOT important (ie. 1,2,3,4 is the same passkey as 4,3,2,1), then the number of possible keys is: 10 choose 4 = 10!/(6!*4!) = 210



Addendum (2007-04-27 18:48):
edit: "4 button cipherlock", meaning four digit keypad, not 10. Sorry for the noise.

Unknown!:

See? That's what I've always said: Letting employees walk around armed with pens is a major security breach.

Yeah, it just leads to sexual harassment suits.

Oh wait, you said pens...

In many places, hitting the fire alarm opens every electronic door. That way, the firemen won't be locked out from the fire they are there to extinguish.

do it right:

while G.R.G. and the maintenance man were attempting to bypass the combination lock, they simultanteously got the impression that they were being watched. They kept turning around to see if anyone was there, but all they saw were the shadows.

Unbeknownst to them, a ninja programmer dressed in black pajamas, snuck in by crawling 350 feet along the ceiling tiles. When they turned around to look for the 'presence', the nija lowered himself to the exposed keyhole, altered his body's physiology and squished himself through to the other side just before G.R.G. turned back to the lock.

Unfortunately, the temperature in the server room was so high that the blast of hot air forcing its way through the open keyhole caused the ninja to sublimate, leaving only the black pajamas as a clue that anyone had ever been there.

Upon pushing the door in, the emty pajamas were pushed aside and never noticed.

BTW: if it was really that hot in the server room wouldn't G.R.G. have noticed hot air coming through the hole while he was examining the buttons (presumably close up) for wear?

The changeable lock cylinders in most doorknobs/deadbolts/etc (I've seen them for padlocks too) are generally about 2" long, and connect into the lock body's latching mechanism through some form of tab or pin setup. Taking out the cylinder leaves that connection system completely exposed, such that it's painfully easy to open the lock, but the gap does not extend through the door.

for an example, <a href="http://www.jmlock.com/ProductImages/ks/KS_406_med.jpg">this</a> image shows the two pins that merely need to be twisted to open the lock.

ChadN:

AngryRichard:

Apparently, 24 possible combinations was enough to keep the art students out.

For a keypad with 10 digits, and a 4 unique-digit key, there are either 210 or 5040 possible keys, depending on whether ordering is important.

If ordering is important (ie. 1,2,3,4 is a different passkey from 4,3,2,1), then the number of possible keys is: 10 perm 4 = 10!/6! = 5040

If ordering is NOT important (ie. 1,2,3,4 is the same passkey as 4,3,2,1), then the number of possible keys is: 10 choose 4 = 10!/(6!*4!) = 210

It was a keypad with four keys, though. And the combination had four unique digits. So, it was some permutation of 1-2-3-4.

ChadN:

AngryRichard:

Apparently, 24 possible combinations was enough to keep the art students out.

For a keypad with 10 digits...

...which is why the post you're replying to specified a keypad with 4 digits. I'm guessing what really kept the art students out is that they didn't read the question either.