Security B-Sides Vegas 2011 Review: History of Physical Security

Conference: B-Sides
Title: History of Physical Security
Speaker: Schuyler Towne

This was a great entertaining talk.  This guy enters my pantheon along with Joseph McCray (conspicuous in his absence this year) as a must-attend for entertainment and information.

This talk was about the history of lock technology from year ~1500 onwards.  Actually he did mention ancient Egypt, but mostly ~1500 onwards.  Up to a point, locks were “security by obscurity“.  Once you knew how the lock worked, it was easily defeated.

Then in England some guy invented a lock that is more along the lines of a modern lock with the tumblers and whatnot that demand a specific key to unlock and where knowing the design doesn’t help you as you need the specific key to open it.  These of course are also defeat-able but the security-by-obscurity approaches were as trivial as:  if you knew where to poke a stick into the lock you could open it.  There was a long period in which there was no advance in physical security.  People got smug or didn’t want to be told that their locks were insecure and this created a climate which stifled advancement.

Advances then resumed around the end of the 1800’s.  The summary of this talk and its relevance to our business is:  this is another “metaphor” talk.  It is about locks (physical locks) but security-by-obscurity and its weaknesses is quite relevant to information security as well.

Any Schuyler Towne talk is highly relevant to any software engineer at a vulnerability assessment company particularly if they are out of coffee (as they were when I attended the talk) because he wakes you up and entertains you and gives you a bit of cognitive inertia that you can carry forward into the next boring-but-informative talk and thereby get more information out of it.

About M. J. Power
M.J. Power aka Mike Morton is a Founder & the Lead Developer at NT OBJECTives. He has considerable experience in software architecture including web applications, database, and Windows applications using C++, COM, C#/.NET and related software technologies. His software experience includes such diverse applications as advertisement layout software, dialup internet protocols, memory management software, DNA sequencing, workforce management web applications, and security assessment software. Connect with Mike on Google+

Leave a comment

Your email address will not be published.