Security B-Sides Vegas 2011 Review: History of Physical Security

Conference: B-Sides
Title: History of Physical Security
Speaker: Schuyler Towne

This was a great entertaining talk.  This guy enters my pantheon along with Joseph McCray (conspicuous in his absence this year) as a must-attend for entertainment and information.

This talk was about the history of lock technology from year ~1500 onwards.  Actually he did mention ancient Egypt, but mostly ~1500 onwards.  Up to a point, locks were “security by obscurity“.  Once you knew how the lock worked, it was easily defeated.

Then in England some guy invented a lock that is more along the lines of a modern lock with the tumblers and whatnot that demand a specific key to unlock and where knowing the design doesn’t help you as you need the specific key to open it.  These of course are also defeat-able but the security-by-obscurity approaches were as trivial as:  if you knew where to poke a stick into the lock you could open it.  There was a long period in which there was no advance in physical security.  People got smug or didn’t want to be told that their locks were insecure and this created a climate which stifled advancement.

Advances then resumed around the end of the 1800’s.  The summary of this talk and its relevance to our business is:  this is another “metaphor” talk.  It is about locks (physical locks) but security-by-obscurity and its weaknesses is quite relevant to information security as well.

Any Schuyler Towne talk is highly relevant to any software engineer at a vulnerability assessment company particularly if they are out of coffee (as they were when I attended the talk) because he wakes you up and entertains you and gives you a bit of cognitive inertia that you can carry forward into the next boring-but-informative talk and thereby get more information out of it.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>