Part 1: Outdoor Security Lighting (The Attack)

Building exteriors are often well lit to keep out physical attacks and to enable CCTV footage without requiring infrared emitters on the cameras. Often times, these will use “electric eyes” to detect light, and when present, turn off exterior lights to conserve energy. Typically these sensors are made with a CdS cell (cadmium sulfide). They […]

Jackpotting Parking Meters: A Series

I usually spend quite a bit of time talking about security problems I’ve identified, and a little less time talking about solutions to those problems. I don’t often talk about quantifying risk or products that I’ve identified as being particularly secure. Today, this changes. I walked into a local antique shop hoping to find some […]

Lockboxes and Key Space Exhaustion

On a rare occasion, I’ll have a chance to check out a thrift shop or antique store and see what sorts of locks or security equipment they have for sale. I’ve wanted to check out those realtor lockboxes for some time, but didn’t want to spring $25 for minimal entertainment value. Today, I stopped in […]

Rekeying a Kwikset Deadbolt

I’ve been largely an information security-heavy person, I’ve decided that I need to start getting “physical” with physical security. I’ve bought a bunch of padlocks, picks, pins, tension wrenches, keys and the like. I’d love to show you how to lockpick, but I’m a novice at best and there are much better videos out there. […]

I read 500 SSL Certificates so You Don’t Need To

First things first: There is no such thing as a SSL certificate. There’s digital certificate key pairs, and then there’s the protocols: SSL and TLS namely. But I’m mentally unable to break the habit of calling them “SSL Certs”, so it made it into the title. The goal was to grab the Alexa Top 500, […]

Stop Using Security Questions

Please stop using security questions. Why security questions were designed with good intentions If you forget your password, a site can ask you a series of security questions. This allows you to recover your account while still potentially authenticating you with questions only you know. Account recovery options are always a great idea, but doing […]