Title: History of Physical Security
Speaker: Schuyler Towne
This was a great entertaining talk. This guy enters my pantheon along with Joseph McCray (conspicuous in his absence this year) as a must-attend for entertainment and information.
This talk was about the history of lock technology from year ~1500 onwards. Actually he did mention ancient Egypt, but mostly ~1500 onwards. Up to a point, locks were “security by obscurity“. Once you knew how the lock worked, it was easily defeated.
Then in England some guy invented a lock that is more along the lines of a modern lock with the tumblers and whatnot that demand a specific key to unlock and where knowing the design doesn’t help you as you need the specific key to open it. These of course are also defeat-able but the security-by-obscurity approaches were as trivial as: if you knew where to poke a stick into the lock you could open it. There was a long period in which there was no advance in physical security. People got smug or didn’t want to be told that their locks were insecure and this created a climate which stifled advancement.
Advances then resumed around the end of the 1800′s. The summary of this talk and its relevance to our business is: this is another “metaphor” talk. It is about locks (physical locks) but security-by-obscurity and its weaknesses is quite relevant to information security as well.
Any Schuyler Towne talk is highly relevant to any software engineer at a vulnerability assessment company particularly if they are out of coffee (as they were when I attended the talk) because he wakes you up and entertains you and gives you a bit of cognitive inertia that you can carry forward into the next boring-but-informative talk and thereby get more information out of it.