Hi

I came across this funny post @ Schneier’s Blog. It displays two images as shown below where the pin numbers on the keypads have mysteriously disappeared… : P

This is classic example of information leakage. For the first one, the combination must be 1234 where as for the 2nd one it can probably be 1986 or 1968. If the person using the key pad is an elderly person, you can try 1968 first.

This actually shows how pity the physical security is being implemented. Wish this is not the doors for any datacenter server room. Even if the user has a diff combination other than that mentioned above, some locks depending upon the make have some buggy codes embedded within like say, pressing all the 4 digits together can force the keypad think that the right combination has been pressed and it will welcome you by opening the doors ..: )

Lessons to learn: Security consultants include this in your audit part. Check if the numbers have wore out or something. Enforce the policy of changing the password monthly.Don’t use simple guessable passwords like 1234 or 4444 etc.

Similar Posts you might be interested in:

• Lessons to learn from Twitter Admin
• Attackers Exploit Web Application (Service) Flaw to break into the Mail Accounts
• Fly home safely with gunpowder