[sudo-discuss] I hax0red your d00r!
Andrew
andrew at roshambomedia.com
Sun Mar 24 19:21:39 PDT 2013
As far I'm concerned if you hack the door and then post about it on the
discussion list you are a real Sudoer :-)
We want the doors to be secure, but the goal of door access is to give more
people access not to keep anyone out. Obviously that would be a feature of
the system at some point, but keeping someone out of the space is more of
an organizational question than a technical one.
Theft and vandalism suck, and we want to avoid it, but the truth is that
there is no way to really make it 100% impossible for someone to
be malicious if they want to. I would hope that sense we run a pretty open
space there wouldn't really be a desire to say steal some valuable if they
could just come and use it whenever they wanted to. But that's no excuse
for poor security, I know..
tl;dr how much security and what kind it's very much an open question.
--Andrew
On Sun, Mar 24, 2013 at 2:11 PM, Lisha Sterling <lishevita at gmail.com> wrote:
> I am a happy girl, sitting in the hackerspace feeling all pwnie, which is
> like a bronie, only not at all. (But I do like unicorns!)
>
> I was given the password to the downstairs door on Friday. I came inside
> imagining that there would be other people up here. Alas. There was no one.
> I tried the downstairs password on the upstairs door. FAIL! (Mine, not the
> system's or the hackers that put it together.) I could not get in. In fact,
> I didn't even know the right URL to *get* in the door.
>
> So I sat my bee-hind down on a couch in the common room, got on the wiki,
> looked up "door access", found the server name for the inside door access,
> and went there. It took me a few tries to figure out the password, but it
> was not a hard one.
>
> The door lock is kinda sticky. You can get the right password on the right
> URL and hear the mechanism trying to do its thing, but the lock doesn't
> fully unlock. The trick is to push the door closed tighter while the lock
> turns.
>
> So, yup, I'm inside. Between bringing cookies and breaking into the space,
> I guess I should fill out the web form and start calling myself a real
> sudoer now. :p
>
> How secure do we need these doors to be? If we have people in the space
> MOST of the time, then there is a lower need for security. With an often
> empty space, there's maybe more of a risk of theft, vandalism or other
> nastiness.
>
> Security through obscurity is no security at all.
>
> - Lish
>
> --
> http://www.alwayssababa.com/
>
>
> _______________________________________________
> sudo-discuss mailing list
> sudo-discuss at lists.sudoroom.org
> http://lists.sudoroom.org/listinfo/sudo-discuss
>
>
--
-------
Andrew Lowe
Cell: 831-332-2507
http://roshambomedia.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sudoroom.org/pipermail/sudo-discuss/attachments/20130324/aa59a20f/attachment.html>
More information about the sudo-discuss
mailing list