tag:blogger.com,1999:blog-4088979.post1753809193712423223..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Attack Models in the Physical WorldRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger11125tag:blogger.com,1999:blog-4088979.post-66975751831146575192010-03-05T20:10:34.931-05:002010-03-05T20:10:34.931-05:00This is a great example of engineers being enginee...This is a great example of engineers being engineers, waaaaaayyyyy overthinking things. I have a tree removal service, I charge engineers double, because I have to put up with them over analyzing every facet of what I do. Ha!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-28072959215293012032009-08-17T18:35:46.617-04:002009-08-17T18:35:46.617-04:00I think this is a great example of security doing ...I think this is a great example of security doing what it should.<br /><br />As many posters have pointed out, the pipe is probably carrying some type of waste water, with little or no value. The impact is limited to the cost and effort required to repair damage and clean up the mess.<br /><br />The most likely threat is a clumsy driver hitting the pipe. I can't think of any other threat that is even remotely likely.<br /><br />The control put in place by the building management is perfect - it acts as both a deterrent (I don't want my car to hit that!) and a preventative (Clunk!). It looks as though it was probably cheap to install. <br /><br />As Richard says, there will already be detective controls in place - they're looking after people's cars for goodness sake.Andrew Stephenhttp://www.plinth.co.nz/noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-44028489596831078682009-08-17T10:12:59.691-04:002009-08-17T10:12:59.691-04:00Most of those issues could be solved by actually r...Most of those issues could be solved by actually running the drain pipe on the outside of the building - though it might ruin the aestethics. <br />Or, what if we run electricity through an open wire inside of it - it would deter potential users of metallic objects intent on damaging the pipe :)Paul Poputa-Cleanhttps://www.blogger.com/profile/09711003300912178091noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-35225107740286985602009-08-17T09:21:50.058-04:002009-08-17T09:21:50.058-04:00It's just a fun security brain exercise guys, ...It's just a fun security brain exercise guys, come on now.Grahamhttps://www.blogger.com/profile/02461268322077883324noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-42639552132419182792009-08-14T18:15:55.291-04:002009-08-14T18:15:55.291-04:00Whoops... I wrote a response talking about poor de...Whoops... I wrote a response talking about poor design, then saw the first poster beat me to it :|John Wardhttps://www.blogger.com/profile/10741149622435353727noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-15892952697003869552009-08-14T18:14:51.352-04:002009-08-14T18:14:51.352-04:00This comment has been removed by the author.John Wardhttps://www.blogger.com/profile/10741149622435353727noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-38013854937441760482009-08-14T12:52:54.642-04:002009-08-14T12:52:54.642-04:00Wow, so now we have answers ranging from "do ...Wow, so now we have answers ranging from "do a full risk analysis" to "it's just a drain pipe." This is a great post!Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-25051799085179795162009-08-14T12:20:07.736-04:002009-08-14T12:20:07.736-04:00threat? Attack? it's a drain pipe. The metal c...threat? Attack? it's a drain pipe. The metal cage is to protect against cars accidentally backing into it. I don't think anyone considered defense of their drainpipe. Unless the local culture changed and suddenly busting drainpipes became the thing to do, there's no reason to go further. Those other attacks are just not likely.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-23523079909338859472009-08-14T11:59:26.608-04:002009-08-14T11:59:26.608-04:00Ben, feel free to do the "full risk analysis&...Ben, feel free to do the "full risk analysis" then! This is a free blog and I reserve that level of effort for my employer.<br /><br />Also, I didn't do a "threat analysis." That would mean analyzing the parties with the capabilities and intentions to exploit a vulnerability in an asset. Instead I thought in terms of attack models, where I imagined how this asset could be attacked. <br /><br />I am also confident that it would be unacceptable for any of the attacks I listed to occur, regardless of any other "analysis" that is needed.Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-38931230196347210802009-08-14T11:38:42.718-04:002009-08-14T11:38:42.718-04:00It likely is just simple floor drainage for the ga...It likely is just simple floor drainage for the garage rather than sewage.<br /><br />How sad is it that I saw that picture and immediately knew which garage that is?Chttps://www.blogger.com/profile/11190408982875223521noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-29064707995672341602009-08-14T08:13:57.761-04:002009-08-14T08:13:57.761-04:00Funny - when I saw the picture I thought you were ...Funny - when I saw the picture I thought you were going to talk about design failure and cobbling things together as an afterthought. What idiot would run drainage (probably raw sewage!) through a parking garage outside of a wall? And then protect it with a cage, which, although is more expensive than the contents, is cheaper than repairing inadvertent damage I guess. <br /><br />LOL - my word verification is "beers" that must mean it is Friday! :)Anonymousnoreply@blogger.com