[techtalk] Physical security example

[Magni Onsoien]

Kai MacTane:
> the point of all this? Sometimes, you don't need to consider what the worst 
> possibility is; you just need to consider what will actually be going on 
> under real-world conditions. Sure, there's a half-dozen sysadmin friends 
> who come over on a regular basis who *could*, the next time I leave them 
> unattended in the kitchen for five minutes, stick a boot floppy in the 
> drive, smack Ctrl-Alt-Del twice, and quickly change my root password to 
> whatever they wanted.
> 
> But I know that none of them even _want_ to. In many ways, relying on 
> people's complete lack of desire to harm your system can be a much stronger 
> security method than locking the whole thing up in a steel safe.

I agree so much with you. If I invite someone in, I trust them (or I
would probably not let them into my house). If in doubt I'd at least
never let them fiddle with my computer or be alone with it. Most of my
friends are sysadmins, so I have much the same feelings like you.

And I have one (or three (the other being no smoking and no bowling
(which covers Everything(tm)))) rule in my house: do not reboot any
computers without told so!

One guy - which I didn't know, he was a friend of someone I thought I
could trust (well, I do, I think they just met the same night) - once
was in a party at late night in our room. He was sitting in the living
room with my bf and some friends. Suddenly he went to the computer,
mumbeled something about playing and rebooted it! It had an uptime of
about 300 days so I was pretty serious about not rebooting it (it had a
load of 4 due to some zombie netscape procs that didn't die, but uptime
was more important). When I heard he was rebooting I got FURIOUS!

My friends said they had never ever seen me that furious before. I hit
the guy pretty hard some times and litterarily threw him out of the flat
(rain and cool outside? His problem. No shoes? His problem (even though
I threw them out later).) I could see his balls were in pain - and it
felt GOOD! It couldn't give me my uptime back, but at least he had
learnt that he should NOT reboot computers of other people.

Later I never saw him again, even though he was supposed to have classes
and lab with me. This was 2.5 years ago and last Friday, when I had a
party with friends (they won't reboot computers), someone told me that I
had scared him so much that he never went to classes when he saw I was
attending and he never got an account at the university computer system
because he knew I was an admin there (I follow admin ethics and wouldn't 
really do something to his account, even though I could threaten to do
nasty things with his files).

That actually felt REALLY good :)


Magni :)
-- 
sash is very good for you.