Not long ago I had a real life run in with apparent versus true security. It happened when my 6 year old son accidentally locked his bedroom door while standing in the hallway. He had locked himself (and the rest of us) out of the room. Now, most bedrooms here in the United States have locks that can be picked with something as simple as as a thin flathead screwdriver. They’re not meant to be secure and don’t pretend to. They simply function as a way for the occupant to say “I’d like a little privacy please”.
For whatever reason, my son’s bedroom did not have this style of lock. It had an actual key lock, for which I did not have the keys. From the outside the setup looked impossible to defeat (short of destroying the doorknob). The hinges were on the other side of the door, and I don’t possess the skills required to align tumblers for the key lock.
The setup looked secure and tough to beat. My son had a karate class in an hour, so I was prepared to resort to a sledgehammer if needed, but then another option appeared – using a flathead screwdriver I could simply pry the door molding a half inch to the side and slide a credit card to release the latch. It took all of 20 seconds and was not destructive to the door or the lock.
There are obvious parallels between the setup on the door and the security of software. Often software claims (and looks) to be secure, even under the most cursory scrutiny it turns out to be a facade.
During pre-sales emails with potential customers, I often encourage them to test out Padlock’s security for themselves. If security minded software can’t stand up to even the occasional and friendly attack, how will it last in the real world?
Category : Blog
