30
wonwon0
3y

Not a software bug but an organisational bug...

Employees holding the door to other people so they can come into a secured building without using their identity badges.

I look like an asshole everytime I refuse to let people I don't know in because most people let them in...

Comments
  • 7
    I worked at a company with that policy.

    Nobody followed it.

    Like man everyone heads to the building with the lunch place at the same time....
  • 2
    I'd be handed a formal warning if I did that (to someone I didn't know)
  • 9
    I have worked in government buildings that kept nuclear secrets. I would never let anyone in on my badge, ever. Also, the badge tracks when people entered and left for legal and safety reasons. Hey stupid people. The badge is not just for access, but to find your ass in the bathroom during a fire!
  • 1
    @Demolishun I mean, most folks aren't guarding nuclear secrets, they just want lunch at Stupid-Ass-Company.
  • 1
    Many companies do a security test once per year where they have someone walz in and see how far they can get into the office and how much stuff they can carry out without anyone stopping them.

    If they get stopped the next test will be done by a guy with a hard hat and a ladder saying "I'm here to fix some stuff, let me in"
  • 1
    Can be relatively easy to fix by allowing employees to exit only that part of the office that they used their badge to enter
  • 2
    That can be easily fixed with a physical barrier that lets trough one person at a time. If there is no way to let people trough there is no courtesy issue. Only the reception/sectors that verifies can let external people in.
  • 1
    @ctales exit trap is harder and people still feel that they need to let externals in.

    If I can enter with other people holding the door I can do my damage. Put some laptops in my backpack. Pull the fire alarm (this will negate exit verification) and leave the building.
  • 1
    @jiraTicket there are some interesting video's on Defcon about that.
    A lot of systems just transmit an ID and can be cloned in a second.
    Some companies use an elevator as the security barrier. There is a long episode on how this is just stupid (it's easy to get the fire emergency keys allowing you to override everything for example).
  • 0
    @N00bPancakes

    Let me reiterate for you:

    " The badge is not just for access, but to find your ass in the bathroom during a fire!"
  • 1
    @hjk101 Now I’m gonna look up some Defcon videos. Thanks.

    Off the top of my head I have no idea where I could even access any system that would output a code. But I bet it’s easier than I imagine.
  • 0
    @jiraTicket your welcome. Have fun!

    The badges and tags use RFID or similar approach. A lot can be read with NFC on your phone, other's need a reader that work on different frequencies. Ali express probably has them as do the access system resellers.
Add Comment