Security at the bathrooms at our new offices is very tight.

It's on the ground floor, outside our office. We share it with the company on our floor that also leases us our offices (so it's not like we have much to do with it). It has an electronic keypad lock. Just like the one we have on our door.

Granted, the whole keypad silliness is rather prevalent in the Israeli hi tech industry. And a cow orker and I did figure out how to crack this particular brand of keypad from the outside. But that's not what I'm noding about.

Last week, they changed the code.

My guess is, too many people were coming in, some of them unauthorised personnel. InfoSec division determined that a breach of security had taken place, and that unknown factors now had control of our bathroom codes. Within 24 hours, proper emergency procedures had been executed, and the secret codes changed.

Of course, keypads are also vulnerable to attacks based on trying all combinations. This keypad is fully protected against such attacks -- after only two consecutive authorization failures, it freezes for 1 minute. Even if you really have to go in.

I wonder if I can convince SecPol that current operational procedures allow the enemy to conduct a cheap denial of service attack against our bathroom.

Log in or registerto write something here or to contact authors.