Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

Re: Perl Security Testing

by karlgoethebier (Monsignor)
on Jul 24, 2017 at 18:34 UTC ( #1195903=note: print w/replies, xml ) Need Help??


in reply to Perl Security Testing

"...a normal or guest user on your machine, with access to Perl scripts..."

My 2 ˘: A guest/user with access to my machine was considered as a severe security risk in the company i was with. It was strictly verboten. We were advised to log out always. No open terminals with root access, no papers with passwords on the desk etc. Many attacks etc. are internal. Not a Perl problem. But in daily business things look a bit different. It's not very convenient to be so strict. And that's the real problem.

Best regards, Karl

«The Crux of the Biscuit is the Apostrophe»

perl -MCrypt::CBC -E 'say Crypt::CBC->new(-key=>'kgb',-cipher=>"Blowfish")->decrypt_hex($ENV{KARL});'Help

Replies are listed 'Best First'.
Re^2: Perl Security Testing
by Your Mother (Bishop) on Jul 24, 2017 at 18:38 UTC

    Social engineering is almost(?) always the greatest risk. At my last workplace we were required to close the door on someone behind us, no matter how close, so they would have to use their own key card to get in. It is VERY HARD to close the door in the face of a fellow employee you know even though they might have been fired that morning for all you know.

      It is VERY HARD to close the door in the face of a fellow employee you know even though they might have been fired that morning for all you know.

      Yes, it is very hard. Where I'm, now, even the head of security sometimes holds the door for fellow employees.

      One place I used to work had revolving doors so only one person per card "swipe" could get through.

      (There was also a door for handicap access at the main entrance. It was activated by the security guard.)

        Sometimes things get absurd. I our data center we had the usual separation units with key cards, finger prints, video etc. And this units have sensors under the floor that check if someone is inside. And the sensors have a threshold. Some day a guy that looked like John Coffey in "The Green Mile" checked in. But he couldn't check out - probably because of his weight. The security guys needed about an hour to get him out.

        Best regards, Karl

        «The Crux of the Biscuit is the Apostrophe»

        perl -MCrypt::CBC -E 'say Crypt::CBC->new(-key=>'kgb',-cipher=>"Blowfish")->decrypt_hex($ENV{KARL});'Help

      We had the same problem when they tried implementing that policy at my $job--. Management "solved" the problem by installing what they called "fast lanes" that all the employees had various alternate derogatory names for instead (they were anything but fast). The lanes were basically a sensor for your badge, two glass panels that met in the center and slid open left and right when a badge was scanned, and motion sensors to make sure only one person walked through. The problem was the sensor would get it wrong all the time, people would frequently have to do things like push equipment carts through (setting off alarms), and you could only scan in if you weren't logged as inside any company building and scan out if you were inside THAT building. Massive problems all the time, alarms always going off, if security wasn't present such as anytime after 5:00 there was no way to get in a building if the system wasn't working (as if people weren't already upset about working late).

      One day when the entire system had crashed (that happened quite a bit), there was a blue screen of death on the LCD on top of the badge scanner noting that it was running Windows CE. All the Software Engineers who had experience doing embedded projects based on both Linux and Windows CE for the company of course had a good laugh saying things like, "well, that's your problem right there." My immediate manager at the time, who was awesome, jokingly said things like, "I wonder which executive's brother-in-law owns the company that does these fast lane things," and, "I'm pretty sure this 'security' talk is all a ruse and they are just starting to log lists of all the employees who dare to not work a 45+ hour work week every week."

      On the plus side, a few of us did become pretty good friends with one of the security people, who after you got a beer or two in him would lament that, "yep, my job is pretty much ridiculous... but hey, if this is what somebody wants to pay me for."

      Just another Perl hooker - My customers appreciate that I keep my code clean but my comments dirty.

      Just pretend its a bathroom door

      Also report the guy to OSHA guy, walking face first is dangerous

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1195903]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (5)
As of 2019-09-18 01:13 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    The room is dark, and your next move is ...












    Results (219 votes). Check out past polls.

    Notices?