One way of increasing security in this case would be to have pictures/posters of the student officers/employees prominently posted on noticeboards. If they have public duties these would serve a dual function of improving security and helping people find the correct person to talk to.

Spyder is referring to the book titled “1984″ by George Orwell, in which he depicted a futuristic (at the time it was written) dystopia in which the government exerted complete control over its citizens and privacy non-existent. It is a fascinating read that I highly recommend!

First, in my opinion this particular post does not give enough details outlining how one would actually go about attacking the HUB. Similarly, a while ago the BBC did a Newsnight showing how some Cambridge researchers were able to attack the “chip and pin” credit card systems in the UK. They told as much as they could but left out the important details that would have enabled anyone to execute the attack just by watching the show.

Second, any worthwhile criminal is already going to know all of this, and if they don’t, discovering it would only take a half day of observation and simple social engineering.

Finally, I believe that this information being made public does much more for the public in general through public awareness than it would benefit any criminal or would-be criminal.

However, I completely agree that anyone doing a security analysis, whether amateur or professional, should carefully consider the actions they take upon finding vulnerabilities in an important system. No fear! We did in fact discuss this in an ethics component of the course.

By the way, I think that the REAL security risk here is already present: the fact that a student (the SBM) walks around at night with the keys to all the doors. Trusted or not, that makes me more than a bit nervous.

What planet are you living on where in 1984 you were walking down a street being constantly videotaped/monitored? Did you work for the mafia?

Living in society today is worse than 1984. At least back then, you could still get gas below $3.00/gal

However, it seems you went with “security through obscurity”. And now that the obscurity has been lost, you might wish to take another look at your security.

Is it really the best thing to show that there are current establishments that have some issues that need to be looked at? I understand posting about future systems (ie. RFID cards, smart guns). But pointing out that the Husky Union Building contains the relevant information it does AND is possibly not secure as it should be?

For myself, this seems like something to (possibly) post a summary of for the public only (if even that), and limiting the full review to only your class. Then, follow up with speaking with someone (with the power to correct it) about the possible security risk.

However, the reverse side of that coin:
I would not like to give up my freedoms and live in 1984, be constantly monitored by video, or walk down the streets and see concrete barriers around buildings and along the streets.

That way, you have an bank enclave, an accounting office enclave, and an information services enclave where each entity is responsible for their own security. Then give away the commons, or at least provide the same basic level of security that currently exists. IE, instead of having surveillance cameras everywhere, you only have to have them around the enclaves, where all the good targets are located.

I think if you look at it that way, you’ll find that the natural inclination is to enclave off certain areas and that inside the HUB that has already happened.

If you don’t limit the scope of what you protect for common access or public areas, you’re no better off than people trying to secure the Internet, and we all know how effective that is. =)