Follow lauxmyth on Twitter

Tuesday, March 30, 2010

Security Maxims: Feynman's Maxim

From Security Maxims
http://www.ne.anl.gov/capabilities/vat/seals/maxims.html

Feynman’s Maxim: An organization will fear and despise loyal vulnerability assessors and others who point out vulnerabilities or suggest security changes more than malicious adversaries.
Comment: An entertaining example of this common phenomenon can be found in “Surely You are Joking, Mr. Feynman!”, published by W.W. Norton, 1997. During the Manhattan Project, when physicist Richard Feynman pointed out physical security vulnerabilities, he was banned from the facility, rather than having the vulnerability dealt with (which would have been easy). [sic]

Many years ago, I read this book. Richard Feynman had a great analytical mind and was able to find methods to open the locked filing cabinets when he worked on the Manhattan Project at Los Alamos. They started as padlocks on rods and moved up to Mosler combination locks. (I should be clear about this. Sometimes he found bypass methods to take papers out of locked cabinets without opening the lock at all. Same difference really.) He used a remarkable set of problem solving skills often playing the people as much as the hardware.  Often it was a bit of both as he found he could quickly discover a partial combination from a lock when visiting a co-worker while the safe lock was opened. 

At one point he explains to a Colonel how he opened one highly classified safe and the order was given to not let Mr Feynman near your safe. The military guy did not take the advice from Feynman on how to eliminate this as a vulnerability for all people.

Read the book if you want some practical ideas on 'safe cracking'.  It is also one of the book which brought me into the trade.


--- --- --- --- ---
The contents of this post are released for non-profit or educational use in whole or in part provided this statement and the attribution below are kept attached.

Laux Myth ... Thoughts From a Locksmith
By MartinB, Found @ http://lauxmyth.blogspot.com/

No comments:

Post a Comment