Comments on: (un)-Safe Deposit Box Security Review http://cubist.cs.washington.edu/Security/2008/01/11/un-safe-deposit-box-security-review/ Fri, 16 May 2008 17:04:24 +0000 http://wordpress.org/?v=2.5.1 By: paul http://cubist.cs.washington.edu/Security/2008/01/11/un-safe-deposit-box-security-review/#comment-4470 paul Tue, 25 Mar 2008 20:07:47 +0000 http://cubist.cs.washington.edu/Security/2008/01/11/un-safe-deposit-box-security-review/#comment-4470 On the other hand, one might be leery of attempts to "update" safe-deposit security precisely because of the defense in depth that current procedures offer. Most banks, as far as I know, have procedures about who holds the bank keys, how signin is done and so forth, that would require collusion among at least two employees and possibly more. Whenever I hear about computerized locks, I wonder whether a lock has back doors, whether it fails open or closed, how easy it is to make duplicate passcards, whether the audit trail is vulnerable to simple countermeasures and so forth. That's of course no worse than the problems of the noncomputerized counterparts, but in so many institutions there's a tendency to trust computerized systems and eliminate some of the defense-in-depth. On the other hand, one might be leery of attempts to “update” safe-deposit security precisely because of the defense in depth that current procedures offer. Most banks, as far as I know, have procedures about who holds the bank keys, how signin is done and so forth, that would require collusion among at least two employees and possibly more.

Whenever I hear about computerized locks, I wonder whether a lock has back doors, whether it fails open or closed, how easy it is to make duplicate passcards, whether the audit trail is vulnerable to simple countermeasures and so forth. That’s of course no worse than the problems of the noncomputerized counterparts, but in so many institutions there’s a tendency to trust computerized systems and eliminate some of the defense-in-depth.

]]> By: Rob Bowman http://cubist.cs.washington.edu/Security/2008/01/11/un-safe-deposit-box-security-review/#comment-4274 Rob Bowman Fri, 21 Mar 2008 12:25:33 +0000 http://cubist.cs.washington.edu/Security/2008/01/11/un-safe-deposit-box-security-review/#comment-4274 I think one problem with this article might be how a safety deposit box is setup. implement a biometric identification system Safety deposit boxes are made for anonymous access. They by nature are supposed to be open to anyone who meets the security criteria. They are also very protected by law. Obtaining search warrants for them are not a routine matter. Often times they are granted AFTER you are arrested and rarely before. Cyberlocks Kudos on the Cyberlocks. You can find many instances of bank employees stealing from the safety deposit boxes. Although in an older bank that does not have up to date technology means these are actually MORE effective in my opinion. My father used a bank where if you lost your key, the only way to get it open was to locksmith it or drill it. One thing that I think was left out of the article was the Patriot Act. They can now inspect the contents of your box. It reminds me of the old crooked police quote "We find the suspect, then we find the evidence". I do not personally know of an instance when something was seized. Although one would have to think of the items you might put in a safety deposit box. . Family Heirlooms (not always legal) . Personal Information (secrets) . Very expensive Jewelry . Photos of teenage girlfriends (illegal) . Etc...... Do you want someone to know any of this? I guess the best place to keep something is to bury it, just like in the old days. Very nice article and well written. It was a privilege to read. I think one problem with this article might be how a safety deposit box is setup.

implement a biometric identification system

Safety deposit boxes are made for anonymous access. They by nature are supposed to be open to anyone who meets the security criteria. They are also very protected by law. Obtaining search warrants for them are not a routine matter. Often times they are granted AFTER you are arrested and rarely before.

Cyberlocks

Kudos on the Cyberlocks. You can find many instances of bank employees stealing from the safety deposit boxes. Although in an older bank that does not have up to date technology means these are actually MORE effective in my opinion. My father used a bank where if you lost your key, the only way to get it open was to locksmith it or drill it.

One thing that I think was left out of the article was the Patriot Act. They can now inspect the contents of your box. It reminds me of the old crooked police quote “We find the suspect, then we find the evidence”. I do not personally know of an instance when something was seized. Although one would have to think of the items you might put in a safety deposit box.

. Family Heirlooms (not always legal)
. Personal Information (secrets)
. Very expensive Jewelry
. Photos of teenage girlfriends (illegal)
. Etc……

Do you want someone to know any of this? I guess the best place to keep something is to bury it, just like in the old days.

Very nice article and well written. It was a privilege to read.

]]> By: chrislim http://cubist.cs.washington.edu/Security/2008/01/11/un-safe-deposit-box-security-review/#comment-4239 chrislim Thu, 20 Mar 2008 19:09:05 +0000 http://cubist.cs.washington.edu/Security/2008/01/11/un-safe-deposit-box-security-review/#comment-4239 Hi Ellen, I apologize for taking so long to reply. I found this article detailing some specifics about safe deposit box usage: http://www.foreignborn.com/self-help/banking/10-sd_boxes.htm I do not believe you can personally take the actual box out of the bank, but I may be wrong. From reading the article, there appear to be 4 possibilities as to why the box would be taken out of the bank: 1) Law enforcement authorities could have accessed it 2) The box may have been declared "abandoned" and the contents turned over to the government 3) The bank may have failed and been acquired by a different bank 4) There may have been a misunderstanding or mistake at the bank Hope this is helpful. -Chris Hi Ellen,

I apologize for taking so long to reply. I found this article detailing some specifics about safe deposit box usage: http://www.foreignborn.com/self-help/banking/10-sd_boxes.htm
I do not believe you can personally take the actual box out of the bank, but I may be wrong.
From reading the article, there appear to be 4 possibilities as to why the box would be taken out of the bank:
1) Law enforcement authorities could have accessed it
2) The box may have been declared “abandoned” and the contents turned over to the government
3) The bank may have failed and been acquired by a different bank
4) There may have been a misunderstanding or mistake at the bank

Hope this is helpful.
-Chris

]]> By: Ellen http://cubist.cs.washington.edu/Security/2008/01/11/un-safe-deposit-box-security-review/#comment-1725 Ellen Tue, 19 Feb 2008 15:54:58 +0000 http://cubist.cs.washington.edu/Security/2008/01/11/un-safe-deposit-box-security-review/#comment-1725 A relative died a couple of years ago. She had a safe deposit box. She banked at a couple of different banks. When she died her husband and another relative went to get the contents of a safe deposit box. They were told by the bank that the box had been check out of the bank some years ago. Said the box was never returned. Can this really happen? Do they really allow the BOX itself to be taken out of the bank? Thanks Ellen youreout@strato.net A relative died a couple of years ago. She had a safe deposit box. She banked at a couple of different banks. When she died her husband and another relative went to get the contents of a safe deposit box. They were told by the bank that the box had been check out of the bank some years ago. Said the box was never returned. Can this really happen? Do they really allow the BOX itself to be taken out of the bank? Thanks Ellen youreout@strato.net

]]>