back to article Never let something so flimsy as a locked door to the computer room stand in the way of an auditor on the warpath

It's Friday! And Friday means beer, bacon and basking in the glow of another's misfortune thanks to The Register's regular On Call column. Today's all-too-believable tale comes courtesy of "Nell", who was working as a network engineer in South Africa for a multinational computer company back in the 1990s. Nell and her team …

  1. Chris G Silver badge

    What is it

    About auditors and inspectors that makes them want a career as large walking sphincter?

    The father of one of my girlfriends many years ago was a bank inspector, a lovely man, I could imagine him as a kid explaining that he had to pull the legs off flies because he was counting them.

  2. Diogenes Silver badge

    Golden Rule of Audit

    Give them something reasonably easy to find and fix, otherwise they dig & dig & dig until they find something

    1. This post has been deleted by its author

    2. Justin Case

      Re: Golden Rule of Audit

      Also applies to clients.

    3. Evil Auditor Silver badge
      Thumb Up

      Re: Golden Rule of Audit

      As a seasoned auditor: you're mostly right.

      1. Doctor Syntax Silver badge

        Re: Golden Rule of Audit

        I'll take that with a pinch of salt.

      2. Jediben

        Re: Golden Rule of Audit

        Trust but verify

    4. Killfalcon Silver badge

      Re: What is it

      Auditing is a dreadful job. Imagine doing tech support, but every month you get to work with a new operating system and they're usually designed ad-hoc by drunkards, maintained by particularly thick monastic orders, and/or documented only in Bardic oral traditions.

      You're gonna hate everyone before long. Absolutely everyone.

    5. oiseau Silver badge
      Facepalm

      Re: What is it

      ...makes them want a career as large walking sphincter?

      Well ...

      Basically because being an asshole* is a proclivity they are born with.

      That's why the phrase assholes will be assholes was coined.

      Eons ago, at the very beginning of time.

      * a walking, talking anus of any size.

    6. Anonymous Coward
      Anonymous Coward

      Re: Golden Rule of Audit

      Like dealing with HMRC, present them with perfect accounts and they will dig and dig and dig.

      Make a simple but minor error and they'll gloat and walk away happy.

      1. RuffianXion

        Re: Golden Rule of Audit

        Why make an error yourself when HMRC are perfectly capable of making them themselves?

      2. John Brown (no body) Silver badge

        Re: Golden Rule of Audit

        "Like dealing with HMRC, present them with perfect accounts and they will dig and dig and dig."

        Whenever we do a company wide stock check, it's always been out by at least a few £1000's. A couple years ago we got a new head of stores who really knew his stuff and put new systems and procedures in place. Suddenly everything seemed to work much better, stuff moved to where it was needed, when it was need, everyone was happy. Come the next annual stock check, and it was correct to about £15 or so. Management decided that couldn't possibly be right and ordered that it all be done again the following week. This time it was £10 out. They finally accepted our new stores managed was actually that good and he got a bonus.

        1. YetAnotherLocksmith

          Re: Golden Rule of Audit

          Sounds suspicious...

          A company rewarding good employees?

          1. Nick Ryan Silver badge

            Re: Golden Rule of Audit

            That's true.

            Playmobil reenactment, or it didn't happen.

            1. STOP_FORTH

              Re: Golden Rule of Audit

              Count the pieces afterwards.

    7. Chozo

      Re: Golden Rule of Audit

      Real boats rock, show me a smooth running operation and I guarantee somebody is papering over cracks - Reverend Mother Gaius Mohiam

    8. Arthur the cat Silver badge

      Re: Golden Rule of Audit

      Back in the mid 80s we had an auditor who asked us to show him various randomly chosen bits of recently purchased equipment to prove they were genuine. The seventh item he chose was the DEC Fortran compiler for VMS, so we took him into the machine room, pointed at a "washing machine" disk drive with a transparent top, and said "it's there, going round very fast". Fortunately he didn't want further confirmation.

    9. Mark 85 Silver badge

      Re: What is it

      Probably some sort of internalized power trip? Nothing causes more panic amongst the worker bees' manglement than an auditor who suddenly shouts "AH HAH!". Weird in some ways as they always seem quiet, reserved, and almost no personality until that "AH HAH!" moment and suddenly it's a transformation like Superman or something.

    10. jake Silver badge

      Re: What is it

      Interesting. The posts with the SubjectTitle "What is it" by Chris G and "Golden Rule of Audit" by Diogenes seem to have their comment threads mixed up.

      Has anybody else noticed that when you withdraw a comment, and then attempt to re-post it the re-post disappears into the æther?

      [edit] This post, for example, was definitely posted under "What is it".

      1. STOP_FORTH

        Re: What is it

        I have noticed a few replies that appear to be in the wrong threads recently. I assumed it was just fat fingers. Also had a couple of posts which never appeared, I assumed I had forgotten to press submit after previewing.

        Like the ash!

    11. 's water music Silver badge

      Re: Golden Rule of Audit

      don't talk about audit club?

      wait, wut?

    12. Anonymous Coward
      Anonymous Coward

      Re: What is it

      my SWMBO describes Auditors as "people who dont have enough personality to be accountants".

      She is an accountant.

      1. Jediben

        Re: What is it

        Accountants are people who lack the imagination to be auditors.

        1. Joe W Silver badge

          Re: What is it

          By "imagination" you mean "mean streak"?

    13. BillG
      Happy

      Re: What is it

      "Local knowledge is priceless."

      In all things.

    14. Muscleguy Silver badge

      Re: What is it

      While ignoring that it was easier to count flies and multiply by 6. Since they can regenerate limbs that assumption is a very safe one. I expect you could do it by weighing the flies as well or getting them to fly past a counting beam, drawn by some nice smelly stuff on the other side.

      But then I'm thinking like a biologist, not an auditor. I was friendly with a girl at university whose father was Auditor General of NZ, very nice guy. But then NZ is that kind of place.

    15. NoneSuch Silver badge
      Holmes

      Re: Golden Rule of Audit

      One of our security guards is called Horst. He's 6'7", broad as a house and an amateur MMA fighter on his days off. Be thankful he hadn't been on duty that day to see them assaulting the door. The outcome would have been much different. That man intimidates me and I'm authorized to be there.

    16. shedied

      Re: What is it

      And then divide the total number of legs by 6, to get ... 0ne second, *that's* not a leg...

  3. chivo243 Silver badge
    Thumb Up

    jump over the print reception counter!

    The new code for "Back Door"

    I wonder what the auditors would have said if the security guards were like pub\bar bouncers, and enjoyed knocking their heads together for trying to break in? Would they have said "Good on ya guys, you stopped us!" I think not...

    1. Anonymous Coward
      Anonymous Coward

      Re: jump over the print reception counter!

      Used to work at a place where the guards were under orders to shoot anyone forcing entry. I don't remember seeing any auditors.

      1. Anonymous Coward
        Anonymous Coward

        Re: jump over the print reception counter!

        "Used to work at a place where the guards were under orders to shoot anyone forcing entry. I don't remember seeing any auditors."

        But the patio was extended at least 3 times in the last 10 years !!! :)

        Nuff Said.

  4. Rich 11 Silver badge

    Recalcitrant doors

    I once worked with a bloke from Northern Ireland who told a story about when he'd worked on an Army base as a consultant for their ICL systems. They had a couple of minicomputers in a secure server room in the centre of the building, visible from the adjacent workrooms through narrow wired-glass windows. It was kept locked tight when no-one was meant to be in the room, with only the duty officer having the keys. One night he got a call to say water could be seen pouring in from the AC gear on the roof and the DO couldn't be found, so he rushed over there to find two squaddies had ameliorated the issue in a non-technical but very pragmatic fashion: smash down the security door using a metal filing cabinet as a battering ram, then haul aside the kit they could move and put tarps and buckets over the top of the rest. After my mate had powered everything down and the late-to-the-scene DO had finished having a heart attack, everyone calmed down a bit and the squaddies started arguing about whether if they'd had their sidearms they could have shot the lock off instead. It's probably just as well they didn't get the chance to try that.

    1. BebopWeBop Silver badge
      Happy

      Re: Recalcitrant doors

      Nahh, hey had more fun and bragging rights, as well as something to winge about when they told their mates later.

    2. Pascal Monett Silver badge
      Coat

      Re: whether if they'd had their sidearms they could have shot the lock off instead

      That has been Mythbusted. Shooting a lock actually strengthens it because you are adding lead impediment to its proper functioning.

      A rocket launcher, on the other hand . . .

      1. Syn3rg

        Re: whether if they'd had their sidearms they could have shot the lock off instead

        That's why beaching protocol involves shooting the hinges with a shotgun.

        1. Anonymous South African Coward Silver badge

          Re: whether if they'd had their sidearms they could have shot the lock off instead

          Reminds me of the forth protocol (the book) when the forces need to enter the house, and a Wingmaster was used to punch the hinges out.

          1. Alan Brown Silver badge

            Re: whether if they'd had their sidearms they could have shot the lock off instead

            Going in the hinge side is why hinge bolts exist.

            If a door has these you can take the pins out all you wish, it's still not coming out of the frame.

            1. jake Silver badge

              Re: whether if they'd had their sidearms they could have shot the lock off instead

              That's why they train to ignore the hinge itself. My off-the-shelf model 870 loaded with "walmart" buckshot can easily take out the material most standard hinges are screwed into. Including most metal so-called "security" doors, which are only secure against fire (see the time and temperature rating) and not a determined individual bent on getting through.

        2. Stevie Silver badge

          Re: whether if they'd had their sidearms they could have shot the lock off instead

          Or, you know, drifting the pins out with an old screwdriver and a hammer.

          Our (inswinging) doors are made of metal. Shooting the hinges would probably result in serious injury to the shooter.

          Personally, I'd shoot out the window of the security guard post and go in that way, if I was reduced to shotgun-limited solutions.

        3. StargateSg7 Bronze badge

          Re: whether if they'd had their sidearms they could have shot the lock off instead

          These days we use Magnesium and/or Aluminum Powder based "Burning Noodles" which are 30 cm to 60 cm long and 2 cm diameter flexible plastic tubes filled with metal powder which you can wrap around any lock or doorknob, ignite it and then it burns FURIOUSLY melting through EVERYTHING METAL at 2000+ Degrees Celciu in mere seconds. Then you pour a dry powder extinguishing agent to ensure the safety of the local area to keep from any further burning.

          We've used this on as much as 4 inch (10 cm thick) Hardened metal plate and it works like a charm!

          ONLY Tungsten-coated and Aluminum Oxide Ceramic material (i.e. Sapphire-like) are immune from our little lock-burning gadgets since THOSE two protective items melt at around 4000+ Degrees Celcius!

          1. Korev Silver badge
            Joke

            Re: whether if they'd had their sidearms they could have shot the lock off instead

            Thanks for the info

            Love Osama xx

          2. Stork Silver badge

            Re: whether if they'd had their sidearms they could have shot the lock off instead

            Somewhat related: I remember a story about thiefs who overcame hardened steel locks by cooling then with dry ice. The steel goes brittle and it breaks with a whack from a hammer. My metallurgy teacher was happy that someone had paid attention

      2. jmch Silver badge
        Facepalm

        Re: whether if they'd had their sidearms they could have shot the lock off instead

        "Shooting a lock..."

        If the door opens outwards (ie towards you), and it's timber frame you can shoot the frame keeping the tongue of the lock in place in the frame. If the frame is metal and the door is wooden, you don't shoot the lock, you shoot out a semicircle in the door around the lock , weakening it enough to be burst open (your mileage may vary depending on sturdiness of the door and how many rounds you have available). Either way if a locked door opens towards you and you don't have a key, the weakest point is probably hinges and not the lock.

        If a door opens inwards the hinges are unavailable, and no amount of shooting will affect the lock, only possibility is breaking the door down / in.

        I know practically nothing about guns, but I should think it's common sense that shooting at a fairly solid metal object from close range is a bad idea

        1. Omgwtfbbqtime Silver badge
          Boffin

          Re: whether if they'd had their sidearms they could have shot the lock off instead

          I'd have tried to go through the wall beside the door.

          Secure door, good quality lock, 50:50 it's stud partition wall.

          Other alternative is through the suspended ceiling - did they wall off the room above it?

          1. jelabarre59 Silver badge

            Re: whether if they'd had their sidearms they could have shot the lock off instead

            I'd have tried to go through the wall beside the door.

            Secure door, good quality lock, 50:50 it's stud partition wall.

            Kind of like where dad worked in the 70's. The gate, with a guard shack just inside (at least on the US side) had a nice, impressive tall chain-link fence with barbed wire along the top. The fence ran just as strong and impressively about 50-100 yards into the woods, and stopped. Nothing past that point. For that matter, the Long Trail ran right past the Engineering building (the trail terminated at the Candian border).

            1. Flocke Kroes Silver badge

              Re: chain-link fence

              If you are too lazy to walk around a chain-link fence get a friend to stand behind you and pull on both sides to create a little slack then you rotate one of the wires. The wires are flattened helices. Each rotation moves the wire up (or down) a notch. Repeat until you have a big enough gap to get through - or you divide the fence in two.

            2. ICPurvis47 Bronze badge
              FAIL

              Re: Chain Link Fence

              Where I used to work, they made electrical control gear, and the contact tips were machined from Tungsten/Molybdenum round bar, about 30mm diameter by 2 metres long. These were stored in the Goods Inwards bar rack, just inside the roller shutter door. One Monday morning, it was discovered that the complete stock of bars had disappeared, so Security Department were asked to review the footage from the security cameras overlooking the back of the factory. At an early hour of Sunday morning, just as it was getting light, the old and decrepid Bedford van that was used for internal transport around the site was filmed backing into the open roller shutter, and some time later, exiting and driving across the site to where another van stood with its back end against the chain link fence from the outside. The Bedford was backed up to meet it, and the bars slid through, one at a time, into the outside van. The Bedford was then driven back to its normal resting place, and the outside van disappeared down the road. It was obviously an inside job, someone had remained behind in the Stores after closing time on Saturday lunchtime, and had simply opened the roller shutter from the inside. They must have previously obtained the keys to the Bedford, and laid low until no-one was around, and Security was lax enough that they wouldn't be seen.

          2. Zarno

            Re: whether if they'd had their sidearms they could have shot the lock off instead

            I remember a movie where the main character did just that.

            Faced with a super fancy locked door with keypad/iris/fingerprint scanner, etc etc, he just put a foot through plaster beside it and went through.

            My mind wants to say it was RED or RED2?

            1. Evil Auditor Silver badge

              Re: whether if they'd had their sidearms they could have shot the lock off instead

              Don't know about the REDs - removed from my memory for good. But certainly the aliens in Aliens knew that trick.

            2. Trollslayer Silver badge
              Thumb Up

              Re: whether if they'd had their sidearms they could have shot the lock off instead

              RED 2.

              I like those films.

            3. Tim99 Silver badge

              Re: whether if they'd had their sidearms they could have shot the lock off instead

              My previous El Reg RED plasterboard post.

            4. J. R. Hartley Silver badge

              Re: whether if they'd had their sidearms they could have shot the lock off instead

              "He just put a foot through plaster beside it and went through."

              Bil Herd from Commodore used to just punch through the walls. The mad bastard.

              1. MogKupo

                Re: whether if they'd had their sidearms they could have shot the lock off instead

                To be fair, he did repeatedly leave notes asking security to stop locking the door first...

            5. YetAnotherLocksmith

              Re: whether if they'd had their sidearms they could have shot the lock off instead

              Robert Redford in "Sneakers", vs the "unbeatable electronic lock". https://images.app.goo.gl/9nW4W1iRhE8wL1Hf7

            6. rototype

              Re: whether if they'd had their sidearms they could have shot the lock off instead

              Definitely RED, one of my favourite films.

          3. Anonymous Coward
            Anonymous Coward

            Re: whether if they'd had their sidearms they could have shot the lock off instead

            "I'd have tried to go through the wall beside the door.

            Secure door, good quality lock, 50:50 it's stud partition wall."

            I have seen that. Extremely secure door made of solid and hardened metal, some 20 inches thick. A frame to match. A 20" thick viewing window around 10" high by 40" long which took several people to move it.

            And walls made of standard studs overlaid with a single 1/2" sheetrock layer either side. A nuclear blast would have had a hard time getting through the door, but a stiff breeze, let alone a sturdy kick, would get you through the wall no worries.

            (Anon cause I could get in some real serious shit if I said where or when I saw this!)

            [EDIT I see from other posts this was common enough to make it into shoddy action movies. Security designers must be stupid the world over]

            1. Joe Montana

              Re: whether if they'd had their sidearms they could have shot the lock off instead

              "[EDIT I see from other posts this was common enough to make it into shoddy action movies. Security designers must be stupid the world over]"

              Unfortunately this is extremely common, both in physical and computer security... People only ever think about the most obvious routes of access and don't consider what other methods there might be.

              A few years ago i was talking to a developer of what's basically a database of customers with a web based frontend. One of the rules they had to comply with, was that anyone who accessed any customer record must be logged.

              So the web based frontend was designed to do just that, any customer record you viewed generated a log entry, and they were happy with this.

              What they didn't consider was that the data resides in a database, which resides on a disk, which is also backed up to a tape every day. You could access the data at any of these points and nothing would be logged at all.

              They also didn't consider where the logs were kept, some people had access to alter the logs.

              All of this meant that they actually weren't in compliance with either the spirit of the letter of the regulations.

        2. vir

          Re: whether if they'd had their sidearms they could have shot the lock off instead

          IIRC they make special breaching rounds for shotguns that are made of barely-held-together metal powder so they disintegrate on contact to prevent ricochets or the like.

        3. JJKing Silver badge
          Angel

          Re: whether if they'd had their sidearms they could have shot the lock off instead

          A small shark with a laser would suffice quite nicely.

        4. Crazy Operations Guy Silver badge

          Re: whether if they'd had their sidearms they could have shot the lock off instead

          "If the door opens outwards (ie towards you)"

          If it opens outward, then you have access to the hinge pins, a nail/screw/rod and a hammer (Or a solid, heavy bit of metal) would solve that problem right quick without causing too much damage.

          I remember working the weekend and dropping my ID badge in the data-center, everyone that could get me in would be gone until Monday. So I grabbed an Allen key and an old 3.5" hard disk and knocked the hinge pins out. Then I tapped them back in a few hours later without anyone even being aware of what I did.

          1. swm Bronze badge

            Re: whether if they'd had their sidearms they could have shot the lock off instead

            Tried that once and the pins came out but the door still wouldn't open because the hinges (without pins) still wouldn't clear each other.

            Making great grand master keys is easier and quicker.

            1. NorthIowan

              Re: whether if they'd had their sidearms they could have shot the lock off instead

              "Tried that once and the pins came out but the door still wouldn't open because the hinges (without pins) still wouldn't clear each other."

              I haven't tried taking out the pins. But as I was installing a new exterior steel door I noticed the hinges had small tabs sticking up on one side of them. I probably should look better, but eventually I thought they were to prevent the pop the pins out trick. The tabs would only engage the other side of the hinge when the door was closed. Safes often have something like that, but much more substantial.

              1. Jelder

                Re: whether if they'd had their sidearms they could have shot the lock off instead

                For outward opening secure doors, you are supposed to fit these little sticking out nubs to the door or the frame. In normal operation, they don't do anything, but if you pull out the hinge pins or grind off the hinges, it prevents you opening that side of the door.

                Been standard on fire doors for decades.

                1. YetAnotherLocksmith

                  Re: whether if they'd had their sidearms they could have shot the lock off instead

                  Nice to find someone observant at last!

                  As you say, every fire door in the UK should have hinges like that, to stop the door falling out if the frame burns a bit. Also stops anyone getting "clever" with the hinge pins.

      3. Dave314159ggggdffsdds

        Re: whether if they'd had their sidearms they could have shot the lock off instead

        Why do people cite mythbusters as if it's science rather than tv entertainment?

        In reality, it doesn't normally take much force to punch a lock through a door. Bullets can easily impart enough kinetic energy to do so. Mainly whether it will work is down to the door.

        1. upsidedowncreature

          Re: whether if they'd had their sidearms they could have shot the lock off instead

          Mythbusters: testing a hypothesis by experimentation. Maybe you can pick holes in the method, but it's still science.

        2. W4YBO

          Re: whether if they'd had their sidearms they could have shot the lock off instead

          "Why do people cite mythbusters as if it's science rather than tv entertainment?"

          Particularly bad in their later seasons. I like explosions as much as the next guy, but the careful experiment to boom ratio went way down.

          As far as gaining access to a "secure" area, I just got the skinny intern to drop through the drop ceiling panel after shimmying over the wall. Justified use of an intern, since he'd somehow changed the code on the lock in the first place.

          1. Anonymous Coward
            Anonymous Coward

            Re: whether if they'd had their sidearms they could have shot the lock off instead

            Going to Uni back in the day (before physics convinced me otherwise), I was a meteorology major. One weekend the barometer started dropping like a rock, and we had no way to get into the school's locked map room (faxed satellite pictures and such). Until one of us noticed that the transom above the door was wide open. Skinny guy lifted by strong guy, and 10 seconds later we were oogling some very pretty pictures of a monster storm developing.

        3. YetAnotherLocksmith

          Re: whether if they'd had their sidearms they could have shot the lock off instead

          Unlikely with a pistol, as it wouldn't hit hard enough. And a rifle would go right through most hardware, having the effect of messing it up, but probably not opening it.

          All depends on a huge number of factors. I've seen a US entry team put ~12 off 12 bore breaching rounds through a double door, then resort to kicking the crap out of it to get it open. Yes, the glass was already long gone!

    3. shifty_powers

      Re: Recalcitrant doors

      "Nuke it from orbit, it's the only way to be sure"

    4. ParksAndWildlife

      Re: Recalcitrant doors

      A friend of mine who was in the Santa Fe prison riot of 1980 https://en.wikipedia.org/wiki/New_Mexico_State_Penitentiary_riot discovered that the solution to wire in glass security windows is a fire extinguisher. No need for filing cabinets, until you get to the prison records room and carefully pile up all the records except the sex offenders and light the bonfire.

      1. YetAnotherLocksmith

        Re: Recalcitrant doors

        Wire glass is for fire protection, not security. And it shouldn't be used for that any more either, as it is bloody dangerous!

        1. Kiwi Silver badge
          Coat

          Re: Recalcitrant doors

          Wire glass is for fire protection, not security. And it shouldn't be used for that any more either, as it is bloody dangerous!

          I cannot see how it is any more dangerous than any other glass, and I suspect it may to some degree be safer.

          I've only ever seen it used to add extra strength to the glass to further delay prospective intruders (those people who try to come intruder window... Yes yes I know...)

          While i have seen it above internal doors in a few places I've generally seen it on exterior windows where it's not going to make the least bit of difference to a fire that's already under way.

          (As a troubled kid who needed some good firm guidance, I taught myself quite a bit about the properties of various types of glass and in what manner they broke through much "scientific study" - probably to the enjoyment of local glaziers...)

    5. macjules Silver badge

      Re: Recalcitrant doors

      So every comment about shooting the doors off, blowing the doors off, bashing through the wall, à la Ripley in Alien Resurrection.

      No mention of simply turn the water off?

      1. Flocke Kroes Silver badge

        Re: Recalcitrant doors

        Ripley needed acidic blood but Charlie Croker's gang got the door off fine using only '60s tech in the Italian job.

      2. werdsmith Silver badge

        Re: Recalcitrant doors

        No mention of simply turn the water off?

        If it’s from air con then it is humidity that has been extracted from the room and condensed and because of some fault it hasn’t been drained out by the intended route.

        1. YetAnotherLocksmith

          Re: Recalcitrant doors

          Exactly how big of an ac unit do you think they had for a flood of water?!

  5. Anonymous Coward
    Anonymous Coward

    Metal door

    Machine room protected by metal door, but we really needed to get into the machine room. Metal door bent by kicks. (We took turns) Bent enough to pop out of locks. (We really didn't expect that, just frustrated) Rebooted - we're happy. Facilities were unhappy (very) but then just replaced metal door with same type. Strangely status quo made everyone happy. The machine room was protected by a metal door. But we could get in should need arise.

    Don't underestimate coders with "... the superhuman strength that can only be achieved from a lifetime of" making shit work whatever it takes!

    1. Colintd

      Re: Metal door

      We had a mainframe room "upgraded" from high security key lock (which were good enough that I struggled to pick them) to an RF fob lock and one of those big magnetic latches. This was supposed to be for better security (with entry logs) for a high profile project. I demonstrated that I could open the new door either by flicking a mcb on the breaker panel (it was held shut with an active magnet, so fail open) or a really solid shoulder barge (once you opened up a small gap, the magnetic force drops off pretty sharply).

      The new system was quickly replaced by some good high security physical locks...

  6. GlenP Silver badge

    Wouldn't Happen Here

    I "inherited" a computer room with a full Chubb safe door when we moved into these premises. I'm not saying they couldn't get in but all a severe kicking would give them is very sore feet.

    1. jake Silver badge

      Re: Wouldn't Happen Here

      I've seen doors like that. So I went in over the ceiling or under the floor ... and once through the sheetrock wall next to the door. A buddy took out a cold chisel and mini-sledge (lump hammer to you Brits) and physically removed a couple cinder blocks once. He was even nice enough to repair it later (his Dad was a bricklayer and he earned pocket money as a teenager, helping him on weekends).

      1. Anonymous Coward
        Anonymous Coward

        Re: Wouldn't Happen Here

        Are you an auditor as well now Jake? What a varied life you've led, almost no job you haven't done.

        1. Anonymous Coward
          Anonymous Coward

          Re: Are you an auditor as well now Jake?

          You don't have to be an auditor to need access to a room.

          1. Anonymous Coward
            Anonymous Coward

            Re: Are you an auditor as well now Jake?

            You don't, but in a (since deleted) post above he claimed he was. You can't reply to deleted posts.

            1. jake Silver badge

              Re: Are you an auditor as well now Jake?

              For some reason my post appeared as a reply to the second post instead of the first. Not sure why, the Subject line showed it was Re: the first ... so I deleted it, and tried to re-post it where I intended it to go. It didn't go through. Yet.

          2. steviebuk Silver badge

            Re: Are you an auditor as well now Jake?

            The people that did the Hatton Garden robbery should of just said "We were doing an audit".

            1. not.known@this.address Bronze badge
              Headmaster

              Re: Are you an auditor as well now Jake?

              "should HAVE"...

              1. STOP_FORTH
                Joke

                Re: Are you an auditor as well now Jake?

                Well since they were from that London "should OF" is probably correct in the local dialect.

                (Why are double-decker buses so knowledgeable? Because they is all well red, innit?)

                Ahem.

                1. STOP_FORTH
                  Headmaster

                  Re: Are you an auditor as well now Jake?

                  "The blokes wot dun the Hatton......" would of been be'er as well.

                  I'll stop now.

                  1. David 132 Silver badge
                    Headmaster

                    Re: Are you an auditor as well now Jake?

                    The “geezers”, surely?

                    You may have stopped, but I have no such self-control.

                    1. STOP_FORTH
                      Headmaster

                      Re: Are you an auditor as well now Jake?

                      I did consider "geezers" but bottled it.

              2. steviebuk Silver badge

                Re: Are you an auditor as well now Jake?

                I forgot :p

        2. jake Silver badge

          Re: Wouldn't Happen Here

          When you've been a consultant in a field for as long as I have, you get called upon to wear many hats. Mayhap you'll find this out for yourself when you get a little older.

          1. Anonymous Coward
            Anonymous Coward

            Re: Wouldn't Happen Here

            Auditor's have to undergo a lot of training and get qualifications, generally not something 'you get called upon to do'. Maybe things were a lot more lax 'back in the day'.

            You're right, maybe when I'm older I'll truly understand, enlightenment they call it. Only then after a stint on VAX, and hanging of a pylon to bond fibre with my toes to save the Internet for future generations will I really understand the superiority of 'The Consultant'.

            1. jake Silver badge

              Re: Wouldn't Happen Here

              How much training is required depends on what you are auditing, for whom, and why.

              Yes, in the early days there was a lot of ad hoc stuff going on ... primarily because it didn't exist yet.

              Enjoy growing up. Hopefully you'll learn something along the way.

              1. Anonymous Coward
                Anonymous Coward

                Re: Wouldn't Happen Here

                Did you audit Enron by any chance?

                1. jake Silver badge

                  Re: Wouldn't Happen Here

                  Now you're just being an idiot. Goodbye.

                2. hplasm Silver badge
                  Happy

                  Re: Wouldn't Happen Here

                  "Did you audit Enron by any chance?"

                  They're still sticking the shreddings together from Enron, aren't they?

              2. Nick Kew Silver badge

                Re: Wouldn't Happen Here

                Looks like a case of split by language.

                From Jake's comments, I'd infer "auditor" doesn't mean the same in his language as in ours.

            2. BinkyTheMagicPaperclip Silver badge

              Re: Wouldn't Happen Here

              To defend Jake here, there's auditing, and there's auditing. There's a professional accredited financial audit where you can show all your financial details to the relevant authorities.

              Then there's audits which boil down to 'check this with a fine tooth comb to make sure nothing is wrong'.

              I've done consulting. It involved a fair bit of travel, a few nice hotels, and a lot of long hours and early mornings. I would not call it glamourous, or desirable.

              I once got told to go and do a security audit on a location. I was clearly not being told the whole story, it wasn't my primary area of expertise (I do know and administer networks, firewalls, and operating systems but I am not a penetration tester or security expert) , but I rocked up and did my best. Fortunately for everyone there was practically no external access to systems, and the one dialup system was highly specialist, not used for general access, and difficult to break into. A few systems needed a little patching but there was a limited attack surface.

              Giving the report to the MD that day in a plush office filled with oil paintings of themselves was a little bizarre, though.

              Later on I found the reasons behind the audit, and was glad I could offer them some reassurance their systems were solid. I was also extremely glad they didn't have any mini/mainframe systems, as my knowledge of those, never mind remote access capabilities, is very limited.

              1. Dave314159ggggdffsdds

                Re: Wouldn't Happen Here

                An 'it audit' often means nothing more than checking which users/locations actually go with which bit of kit. The first step in a deployment/rollout may be to 'audit' which user sits at which desk and what their usernames are.

                I have 'conducted IT audits for [major international bank]' on my cv. Looks a lot better than 'went from desk to desk collecting asset numbers'...

              2. Rich 11 Silver badge

                Re: Wouldn't Happen Here

                Giving the report to the MD that day in a plush office filled with oil paintings of themselves was a little bizarre, though.

                Was the MD named Donald?

                1. The Oncoming Scorn Silver badge
                  Pint

                  Re: Wouldn't Happen Here

                  I was thinking CJ.... or possibly this..

                  https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQq9OcyJOur83RppZOYSyBixeE1HfjQv80YaGNC9_9ZfkSJu6KN

                2. This post has been deleted by its author

              3. doublelayer Silver badge

                Re: Wouldn't Happen Here

                Just because some set of people who do something have qualifications, that doesn't mean that everyone else using the verb has those qualifications or that those qualifications are important. For example, penetration testing can be very well done and very useful, with lots of different attack vectors that can be tested by very experienced people in real world scenarios. You can also get a penetration tester who just tries a small number of really obvious things. That's why you have to choose one who knows what they're doing. In this case, the audit seems to have found some problems with security, who didn't do anything when they saw people breaking through a door. Yet they seem to have blamed the IT people, who did everything well as far as they knew.

                Computer room has a door? Check. Computer room door is locked? Check. Locked door doesn't unlock with unauthorized cards? Check. Door is sturdy enough not to be shoved open? Check. So I think they yelled at the wrong group. If they were supposed to test security, they did something potentially useful, but if they were there just to audit IT, they were wrong to try to break through a door.

                1. Doctor Syntax Silver badge

                  Re: Wouldn't Happen Here

                  "Yet they seem to have blamed the IT people, who did everything well as far as they knew."

                  Not an IT issue anyway. IT don't fit doors. That's Facilities/Buildings/Procurement or whoever was responsible for the fit-out of the building in the first place.

              4. werdsmith Silver badge

                Re: Wouldn't Happen Here

                Those kind of informal audits really wouldn’t involve breaking and forcing entry.

            3. The First Dave Silver badge

              Re: Wouldn't Happen Here

              "Auditor's have to undergo a lot of training"

              Good one! Made my day!

            4. Down not across Silver badge

              Re: Wouldn't Happen Here

              Auditor's have to undergo a lot of training and get qualifications, generally not something 'you get called upon to do'. Maybe things were a lot more lax 'back in the day'.

              Perhaps. Some of the ones from the well known firms doing that stuff could've fooled me. Or the training has been on, dunno say trimming shrubbery.

              Lot of auditors are effectively secretaries/project managers collating responses from staff to the questions and evaluating the evidence the staff has provided.

          2. Anonymous Coward
            Anonymous Coward

            Re: Wouldn't Happen Here

            When you've been a consultant in a field for as long as I have

            Must be annoying when it rains or when the cows come back. Ever thought about working in an office?

            Hey, it's Friday :)

          3. fruitoftheloon
            Thumb Up

            @Jake: Re: Wouldn't Happen Here

            JAke,

            likewise, I was a PM managing the replacement for dekstop PCs for HMRC [IRS for our cousins across the pond], I get to one of my sites [Birmingham airport], my crew are all sitting around instead of removing old PCs, turns out that the site facilities manager was on hols, and the key to the store where all the new PCs were stashed was in her [locked desk].

            I point out that we are not waiting days/whatever for someone to sort master keys for pedestal locks, so 30 seconds later, judicious use of leatherman tool and one now very broken lock is open.

            Senior HMRC jobsworth says 'you can't do that', I point out that I just have and tell them to get on with their work.

            Our regional PM was very happy about that...

            Cheers,

            Jay

      2. GlenP Silver badge

        Re: Wouldn't Happen Here

        I forgot to mention the 9" reinforced concrete walls and ceiling!

        The room was originally used for storing property deeds, etc.

        Glen

      3. error 13

        Re: Wouldn't Happen Here

        Done the same - over the suspended ceiling past the secure door, took about 45 seconds and left no trace.

        It did have a small raised floor too but I would have to have been desparate to try it. Don't fancy pushing a tile up from underneath nor what I might find on the way.

      4. Anonymous Coward
        Anonymous Coward

        Re: Wouldn't Happen Here

        Crickey Jake. You sound like a professional Data Breaker (best name I could think for it).

    2. Anonymous Coward
      Anonymous Coward

      Re: Wouldn't Happen Here

      In the early noughties I worked for a wholesale distribution company that was owned by a Ferengi, seriously somehow the boss was always able to acquire anything legitimately. He had heard of a deal involving Man Utd kit, and had managed to wangle his way into the middle of it to get a cut and had taken a delivery of a container of genuine Man Utd shirts.

      The next day following delivery there was a buzz from the intercom at the front gate. The receptionist looking out the window saw a row of blue flashing lights going up the street. We were clearly being silently raided. No sirens, just lots of cars with blue flashing lights. Dutifully she pushed the button that opened the 8 foot tall, 6 inch thick hydraulic security gate and it started to open. she then called the boss. A few seconds later the warehouse manager saw what was happening and pressed his button button to let them in. This however cancelled the previous button push, and the gate started to shut. There was no way the police were going to be able to stop the gate shutting, try as they might. The receptionist seeing that the gate had not opened pushed her button again and the gate started to open. The warehouse manager also thinking that the gate didn't open pushed his button, and the gate began to shut. This carried on for about 30 seconds, all while the police were pushing on the gate as hard as they could to open it. Slightly open, shut, open, shut. Eventually seeing the boss stroll across the car park to the gate both people stopped pushing their buttons and the gate stayed firmly shut.

      Whe he got there they were still trying to push the gate open while shouting at him, so he just stood arms crossed deliberatly looking at them like they were being stupid. It was probably about a minute later that things calmed down, and one of the police asked why he wasn't letting them in. "The gate has an anti forcing mechanism, each time you try to force your way in, it pushes the gate back to being closed, just stand back and wait" he lied. A collevctive groan on the other side of the gate was heard and everyone stepped back. The boss pulled his key fob out of his pocket and opened the gate. As the gate opened wide enough for a person to fit through it was funny to watch a dozen coppers trying to get through the gap as quickly as possible single file, whilst avoiding touching the gate.

      20 minutes later all the fuss had died down, and the police were on their way empty handed back to the station. They'd brought someone with them from Man Utd who was clearly supposed to confirm to them that the shirts were counterfit. Instead after 10 minutes of going over them and our purchase and invoice history repeatedly, he confirmed they were legit. At that point the boss pointed out to the lead detective that someone must have commited a crime that resulted in us being raided. The container must have been broken into en-route, it's contents inspected and the police informed that there was counterfit goods headed their way. He asked the detective quite loudly if he was on the pay roll, or was getting a back hander or if it was standard practice for the police to have people located at couriers who break into other peoples property looking for evidence of crimes.

      Nothing came of it, but we were raided a further 2 times in the same way whilst I was employed there. We came to the conclusion that either the police or the brand names must have people located at courier hubs who break into containers and crates looking for branded goods, reporting it back up the line to see if the source or the destination is an authorised distributor, and if not then assume it's counterfeit and prepare a raid. We also believe that even if the brand names know it isn't counterfeit, they allow the police to perform the raid under suspicion that it is, so like in our case, their representative can go through our purchase history to figure out how we managed to acquire legit goods outside of the normal supply chain.

      It was fun watching the police trying to force the gate open tho like a bunch of rabid ferrets for a few minutes.

      1. Terry 6 Silver badge

        Re: Wouldn't Happen Here

        There have been a few TV programmes in which Trading Standards and Police raid a store selling fake stuff. OK good. Except that it bothers me that such a massive level of resourcing is used on behalf of these major brands*, but no one is tracking down the rogue traders or the tea leaves who are breaking into local people's cars/homes.

        *If the public buy an "Armani" etc. shirt down the market they know full well its fake. So does everyone they meet -and it's no real loss to the brand owners either because these people would never in a million years be able to buy the real thing.

        1. Kubla Cant Silver badge

          Re: Wouldn't Happen Here

          If the public buy an "Armani" etc. shirt down the market they know full well its fake. So does everyone they meet -and it's no real loss to the brand owners either because these people would never in a million years be able to buy the real thing.

          I suspect the real reason why major brand owners are so assiduous in hunting down counterfeits is that there is often no real difference between the brand and the fake. Both say Armani on the label, and both are turned out in a sweatshop in Mexico or Turkey or Vietnam.

          1. Anonymous Coward
            Anonymous Coward

            Re: Wouldn't Happen Here

            I suspect the real reason why major brand owners are so assiduous in hunting down counterfeits is that there is often no real difference between the brand and the fake. Both say Armani on the label, and both are turned out in a sweatshop in Mexico or Turkey or Vietnam.

            The materials *are* better though - I've bought various things from them and some of them are still in good nick after being worn and washed some 20 years. I'd call that a good TCO :).

            1. Anonymous Coward
              Anonymous Coward

              Re: Wouldn't Happen Here

              Interesting - you don't specify whether you bought genuine or counterfeit??

              1. TomPhan

                Re: Wouldn't Happen Here

                Or a genuine counterfeit.

              2. Anonymous Coward
                Anonymous Coward

                Re: Wouldn't Happen Here

                Genuine, complete with annoying holograms and all the rest they insert to prove it's The Real Thing. Otherwise I would not have said I bought Armani. It was store bought, I don't think you should buy such things online.

                It depends a bit on your needs, too. I prefer reasonably classic clothes due to the work I do - this is something you just throw on and it'll look good, ditto for made to measure.

            2. Paul Shirley

              Re: Wouldn't Happen Here

              You mean materials were better 20 years ago. Not sure there's that much difference today with big brands using the same asian sweatshops as the counterfeiters.

              1. Anonymous Coward
                Anonymous Coward

                Re: Wouldn't Happen Here

                No, materials still matter as much as the workmanship. There is a vast difference between cheap materials and expensive, and a good tailor will have samples of both just to show you (it's in their interest to educate you, after all, and I have yet to meet a high end tradesman who disliked explaining his trade to someone with a brain and an active interest).

                If you've ever talked to a high end tailor, you'd know that even how the fabric is cut makes a difference in how it falls and stays in shape (if you think that's impressive, tailoring for women is even more complicated). Real tailors also won't take shortcuts that will make a badly cut suit look good, but only for a few months.

                High end brands essentially do the same, but in higher volume. It means the garments tend to fall well from the outset, and you can also have things adjusted to fit better.

                That all said, what I absolutely do NOT like is anything with big branding plastered all over. My favourite coat is one that allowed you to remove the brand altogether. Some brands have fully gone this advertising route, Louis Vuitton is an example. If you want elegance you're better off with Hermès, for instance - subtle is much classier.

                1. Down not across Silver badge

                  Re: Wouldn't Happen Here

                  High end brands essentially do the same, but in higher volume. It means the garments tend to fall well from the outset, and you can also have things adjusted to fit better.

                  I'd agree with that. Couple of decades ago I needed a jacket. I didn't have the time or liquidity for made to measure. Tried on number of off the shelf ones, most ok but never quite just right. Out of curiosity I tried on an Armani one. It fit perfectly. It was more expensive than I would've liked, but still doable.

                  Like many others have said, I have my doubts if quality today is as good as it was back then but I would certainly consider them again if similar situation arose.

          2. Stevie Silver badge

            Re: Wouldn't Happen Here

            "I suspect the real reason why major brand owners are so assiduous in hunting down counterfeits is that there is often no real difference between the brand and the fake."

            You'd be wrong, at least, in any company having a registered trade mark in the US. Companies must vigorously defend their trademark or lose it.

            It's why Disney goes after those Mom'n'Pop stores in Florida selling "Mickey Mouse" beach towels.

            And brand poisoning is more effective than you'd think. If I say to you "I need to buy a new Hoover" you wouldn't assume I was going to hunt down a vacuum cleaner made by Hoover, just as two decades ago if I said I was going to Xerox something I wasn't constrained to use only the Xerox photocopiers.

            1. J.G.Harston Silver badge

              Re: Wouldn't Happen Here

              No, because for all of history you'd have said you were going to *photocopy* something, not Xerox something.

              1. Jeffrey Nonken Silver badge

                Re: Wouldn't Happen Here

                "Xerox" as a generic verb has been a thing for a long time. Shorter and easier to say than "Photocopy." Other genericizations happen like "Kleenex", "Hoover", "Scotch tape".

                I think the non-branded generic name for what we call "scotch tape" is "adhesive tape", though the correct name is apparently "pressure-sensitive adhesive tape". Can't imagine why people don't always call it that. :) I believe in England they prefer to call it "sticky tape".

                https://www.businessinsider.com/google-taser-xerox-brand-names-generic-words-2018-5

                1. elgarak1

                  Re: Wouldn't Happen Here

                  I'd assume the British term is "Sellotape" (also a brand name.) Hence the Harry Potter magic sticky tape called "Spellotape".

                  The German word to use is "Tesafilm" or just "Tesa", from the brand name of tape of Scotch's big German competitor, Beiersdorf. (Sellotape is owned by the German company Henkel.)

                  1. Ken Shabby Bronze badge
                    Alert

                    Re: Wouldn't Happen Here

                    There was an Australian brand of cellulose tape called "Durex", came in a tin (Tartan design, unsure of clan) and was 2952 inches (8.133 Double-decker buses) long according to the photo I am looking at.

                    1. Sporkfighter

                      Re: Wouldn't Happen Here

                      In the US, Durex is a brand of condoms.

                2. dfsmith

                  Re: Wouldn't Happen Here

                  Given that xerography (ξηρός γραφή) is ancient Greek for "dry writing", I'd says it's been in use for a very, very long time.

                3. Kiwi Silver badge
                  Pint

                  Re: Wouldn't Happen Here

                  I think the non-branded generic name for what we call "scotch tape" is "adhesive tape",

                  For some of us it is just "stick tape" unless we're talking Sellotape - which is a product and brand and was about all you'd find for a long time.

                  The really adventurous among us just call it "tape", unless we're after something specific like "insulation tape" or "duck tape" (I use it on my decoys, after I, er, 'just check to see which are the decoys'" :) )

                  1. Kiwi Silver badge
                    Facepalm

                    Re: Wouldn't Happen Here

                    "stick tape"

                    s/stick/sticky

                    1. YetAnotherLocksmith

                      Re: Wouldn't Happen Here

                      Fairly certain I'm not the only one who recalls "sticky back plastic" on the BBC kids craft shows? Took me literally years to figure out they meant sellotape! (I wasn't a crafty child. That's developed since.)

                      1. Andy Taylor

                        Re: Wouldn't Happen Here

                        Sticky backed plastic was actually Fablon, a trade name so not allowed on the BBC back then.

                        Blue Peter presenters always used double sided sticky tape for speed which is why you should never buy drugs from them.

        2. Antron Argaiv Silver badge
          Thumb Up

          Re: Wouldn't Happen Here

          And, more to the point, the sweatshop will build you any shirt, of any material and any quality of workmanship you order (and are willing to pay for). You can have a "Target quality" shirt cheap, or an "Armani quality" shirt for a little more. It's just a shirt, until someone sews an "Armani" (or "Target") tag on it.

          1. Anonymous Coward
            Anonymous Coward

            Re: Wouldn't Happen Here

            "the sweatshop will build you any shirt, of any material and any quality of workmanship you order"

            My wife got herself a tailor-made outfit in Vietnam, fantastic quality material, impeccable style AND made to measure for about the cost of a Target dress. Sure, with Armani you're not 'just' paying for the label but around 80% of the price difference to Target is the label. The difference in quality doesn't cost that much to produce, it just costs much more to market.

            In other words, when you buy an Armani suit you are mostly paying to buy more Armani ads

            1. Anonymous Coward
              Anonymous Coward

              Re: Wouldn't Happen Here

              In other words, when you buy an Armani suit you are mostly paying to buy more Armani ads

              And good quality control - they use quite good materials. Don't forget the cost os travel when you work out the actual cost of a suit. If, during your travels, you found a tailor that does the job right and, for instance, does not fuse interfacing (which means it'll be OK for less than a year), have a few suits made in one go.

              Alternatively, there are various suppliers now who have a measuring/fitting shop local, and have the actual cutting and assembly work done in places like Poland. Result is still reasonable, and you will probably have two made to measure suits for the one Armani..

              1. Anonymous Coward
                Anonymous Coward

                Re: Wouldn't Happen Here

                "Alternatively, there are various suppliers now who have a measuring/fitting shop local, and have the actual cutting and assembly work done in places like Poland."

                I know of Dolzer in Germany who do this, any idea who would do this in the UK?

                1. Hollerithevo Silver badge

                  Re: Wouldn't Happen Here

                  Try Orhan, near King's Cross, London:

                  https://www.orhanlondontailoring.com/

                  Very cheap compared to Savile Row and yet good tailoring. Noce old-fashioned shop.

                  1. Anonymous Coward
                    Anonymous Coward

                    Re: Wouldn't Happen Here

                    Cheers, I'll check it out the next time I'm in London.

        3. Jelder

          Re: Wouldn't Happen Here

          The reason given is that it's a really effective way to both launder money and make profits, and is popular among various groups of people that think the best way to promote their particular religion or politics is to blow up unrelated people or buildings.

          So it's more about disrupting the cashflow to these organisations and gathering evidence of supporter and supply lines that might be used for semtex the next time.

          Apparently. Not 100% convinced raiding 'dodgy Dave' down the market is going to affect ISIS that much.

  7. Mike Lewis

    Smashing?

    A local shop was producing DVDs that were legal but still frowned on by the powers that be. They were raided by the police, accompanied by a news reporter. The syadmin ran to get the key to the server room but that wasn't spectacular enough for next morning's paper so the police smashed down the door. Nothing illegal was found, the shop closed down and moved to Amsterdam.

    And the news story? Something big broke overnight and it was buried.

    When the police bring reporters along on raids, I've always wondered what favours they expect in return.

    1. Stork Silver badge

      Re: Smashing?

      I think Cliff Richard does too

  8. Lee D Silver badge

    Well, the door did its job - it prevented entry long enough against a determined attacker until entry was forced through it.

    The security guys didn't. Blame them.

  9. Sgt_Oddball Silver badge

    We never used to bother....

    Smashing the door off its locks.

    Punching a small hole in it near to where the mag lock push button release was with the nearest fire extinguisher did the job just fine.

    Also very easy to hide the gaping hole with a nice 'firedoor keep shut' plaque.

  10. ShortLegs

    The inverse of gaining entry is getting out, I guess. Here's a recent example.

    Relocate one site to another. Due to nature of work, Apps team requires a secure office - chip and pin swipe access, barred windows, etc. Two days before the move, one guy from Apps team plus an IT bod pop to get "eyes-on" the new office. IT bod's fob -correctly - cannot gain access to room. Apps guy's fob works, and they can enter the room.

    Try to get out - nah-nah, computer says no. Try again, still no joy. Try IT's fob. Nope. Being "new" to the site, they have no contacts, no phone numbers of who to call. Apps dude rings his boss, who rejects the call and follows up with a txt "sorry, in a conf call". Promptly texts back "am locked in the secure room. You've got 5 minutes to find someone to release us or I'm going out the fire exit"

    Triggering the fire alarms at this site not just evacuates the building, but triggers a multi-tender response from the emergency services and a very large bill, and a corresponding impact on customer operations - ie, a very expensive proposition - and the Apps dude is known for not bluffing...

    As the IT guy retold the story, he sat down and set a timer on his phone to 5mins. Facilities arrived with seconds to spare.

    Fob policy was revised so that whilst room entry was on a case-by-case basis, every fob could exit every room.

    1. Olivier2553 Silver badge

      Security would have it that no special device is needed for exit, it should have a simple push button.

      1. Jon 37

        There's usually a gap at the bottom of the door, or between double doors. So you can put a special tool through and press the release button from the other side of the door. That lets you in.

        So being forced to badge out fixes that security problem. Whether that's a good idea or not depends on your individual circumstances - what security threats you're worried about, how good the rest of your security is, how much you value the convenience of getting out without a badge, and the risk of getting stuck in the room.

        Obviously there has to be a fire exit, and fire exits need to be usable without a badge, but they can be designed to set an alarm off automatically when they're opened.

        1. Anonymous Coward
          Anonymous Coward

          'Obviously there has to be a fire exit, and fire exits need to be usable without a badge,'

          The fire alarm activating should automatically unlock all these doors, both to allow people to escape but also to allow the fire services complete access, their job to perform, but who knows?, I've seen so many dodgy installations over the years, but I've never been in any place where security was so anal that you had to fob out of a room, so I'd assume a 'fail secure and fsck the burned crunchy (ex)employees' attitude might exist somewhere out there in a place like that, though I'm assuming that if this was the UK the HSE would be having words..

          1. Dave314159ggggdffsdds

            The only places I've seen must-fob-out it was a health and safety thing. Only one person through the door at a time - worked like an airlock - and no way to swipe someone else in or out. That way you know who is inside if e.g. the biological containment fails.

          2. Anonymous Coward
            Anonymous Coward

            Normally the swiping out is more for auditing purposes - all cards should work on exiting.

            If there is a fire, doors should unlock and preferably there should be a break-glass thingy that would cut power to the lock to open the door in an emergency.

          3. David Neil

            Fobbing in and out

            Happened to me as a third party contractor at scottish Power back in the day. Access to their IT datacentre (which also had some call centre people weirdly) was via a tunnel from the main buildng and required a card to get in or out of. Pain in the arse if you knocked off a bit later than 6 and everyone else had legged it.

            Was there for 5 months and they wouldn't give me an ID card

            1. John Brown (no body) Silver badge
              Joke

              Re: Fobbing in and out

              Pain in the arse if you knocked off a bit later than 6 and everyone else had legged it.

              Was there for 5 months

              Were you living of the scraps found in the keyboards, drinking your own urine?

          4. StargateSg7 Bronze badge

            In certain places I've been to, not only do you have to FOB-IN and FOB-OUT every time, the multiple security guards with fully loaded, set-on-three-shot M16/M4 machine guns physically surround you and inspect BOTH sides of your photo identification badges, log you in and out using written paper-records AND you write on a UPS-like sign-here computer. And that scenario was in MULTIPLE INTERIOR AND EXTERIOR entry/exit points sometimes 5 or more times you did that going from one side of a building to another!

            THAT was uptight security taken to the far-out next level !!!

            Mind you, after seeing the gadgets and systems being guarded, I FULLY UNDERSTAND WHY they did what they did!

            .

            1. Arachnoid

              Area 51

              "Mind you, after seeing the gadgets and systems being guarded, I FULLY UNDERSTAND WHY they did what they did!"

              Area 51 Aliens?

              1. YetAnotherLocksmith

                Re: Area 51

                It was the Huawei comms centre for USA "Above Top Secret" stuff. You know, all the stuff trump gave to Russia, but his own people aren't allowed to talk about.

        2. imanidiot Silver badge

          If under door attacks are a worry there are ways to prevent them. Button shape or location can make them all but impossible. There are also door bottom devices that seal the gap with a solid steel plate when the door is fully closed (but lift up when the door is opened).

        3. Olivier2553 Silver badge

          There's usually a gap at the bottom of the door, or between double doors. So you can put a special tool through and press the release button from the other side of the door. That lets you in.

          That only implies that the door was badly designed to start with. And you could locate the exit button in such a way that it is immune to such attack.

        4. Kiwi Silver badge
          Boffin

          There's usually a gap at the bottom of the door, or between double doors. So you can put a special tool through and press the release button from the other side of the door. That lets you in.

          With the elder care I do part-time I am often in hospitals and other areas that have secure entry/exit at certain times of the day.

          As the vast majority of the people exiting are visitors, there's no way for us to all have fobs all of the time.

          They have a very simple way around the exit button problem - the button is too far from the door for any such tools to work. You press the button and have 5 seconds to walk over to and open the door.

          Of course, being "smoke stop" doors, the chances of getting a tool past them is pretty remote.

          You could also put a cover over the button :)

      2. Kubla Cant Silver badge

        Security would have it that no special device is needed for exit, it should have a simple push button.

        That's the normal arrangement, but one office I worked in had a door that required swiping in and out.

        Worse, the door didn't close properly, and if you accidentally left it unlatched, the swipe mechanism would send you an email complaining about it. The email was cc'ed to the female dragon office manager, who would then give you a dressing-down for leaving the door open.

        Even worse, the time recording system was linked with the door swipe mechanism.

    2. Anonymous Coward
      Anonymous Coward

      swipe in swipe out

      I've been in the same situation.

      As a PM |I didn't need unrestricted access to the new server room. We were in the process of migrating the companies IT systems into the new site and had also upgraded the BACS software, the Payments Manager was having issues with the new software and in extremis we would use a PC in the server room which had a working copy of the app. Unfortunately we were let in by one of the DBA's who then forgot about us and went home. Whilst We could have kicked out way out of the server room we didn't think this would go down well as the company had literally signed off the whole building refurb a couple of days earlier. I ended up calling one of the server guys who lived over 100 miles away, he called a desktop guy who happened to have the DBA's phone number it turned out he lived 40 miles away but had the number of another techy who lived round the corner. Luckily we managed to get out before we resorted to using the bin for purposes it was never intended for.

    3. caffeine addict Silver badge

      An exit door that you can only get through with the right pass? That's a fire risk right there. Even with the fire escape. I mean, what happens if the fire door catches fire? You don't get to choose these things. Normally.

      1. Dave314159ggggdffsdds

        "what happens if the fire door catches fire?"

        At least you'll die in an ironic way. I once knew someone who had a bunch of burglar alarms stolen (prior to installation). The police thought he was taking the piss at first when he reported the crime.

    4. Trollslayer Silver badge
      Flame

      There must be a way to get out of a place without access control in case of fire.

      This is why there are break glasses by call points on fire routes.

  11. BinkyTheMagicPaperclip Silver badge

    First step, tell them to fire security

    It's IT's job to secure the room? Fuck off. There' a limit to how long anything can keep people out of a room, and security did nothing.

    In a previous job the machine room had a wooden door with a keycode, and behind it an iron grille with a padlock. We did ponder if it could be any more secure, but it was pointed out that if we did that it was easier to take a sledgehammer to the adjoining wall..

    1. Aqua Marina

      Re: First step, tell them to fire security

      Our insurer came down to site to perform an appraisal and told us to do nothing more than put a standard 5 bar lock on the door. From their perspective* the lock met the criteria for insurance cover, but if someone who was determined to get in and made the appropriate effort to do so, the insurance company would have to pay for all the additional damage they would do to get in, so a single lock would suffice.

      *Most crime is opportunistic, but if someone is determined to get in, the cost to keep them out goes up exponentially for every few minutes of time you can keep them out.

      1. Lee D Silver badge

        Re: First step, tell them to fire security

        Insurance companies only care about forced entry.

        All they ever need is something that prevents casual entry, and has to be damaged in some way to gain entry. Then it's a crime, it's insured, etc. etc.

        Your insurance standards for security are incredibly sub-par because of this. Most datacentres will want to vastly exceed such nonsense, because the insurance of "office computer got nicked" is very different to "datacentre holding government data was ransacked".

        Our insurers are the same - they just need enough to show forced entry. Some of our main servers are literally a hollow plasterboard wall away from being stolen. That doesn't bother them and, while they will pay out for anything nicked, it doesn't bother me.

        The bigger issues of "data security" should *anything* be nicked is another matter entirely, and quite clearly IT's remit, i.e. if you nick my servers, you can't just log in and pull all the data off them.

        Think about most offices, businesses and houses. One smashed window and you're in, literally seconds and a brick and a bit of bravery. But it's quite difficult to gain entry without causing visible damage in some fashion.

        1. Anonymous Coward
          Anonymous Coward

          Re: First step, tell them to fire security

          Most buildings aren't solid enough to stop you driving a stolen van through the exterior wall. I worked one place where they had a massive steel roller curtain across the glass front, but the walls were nonstructural. At one point one of the directors reversed their Fiat 500 through the wall by the carp ark. Someone had skimped on cement, I could have kicked my way through.

          1. Steve Aubrey
            Joke

            Re: First step, tell them to fire security

            "carp ark"? I bet there were two of every kind of fish on that same ark.

          2. Anonymous Coward
            Anonymous Coward

            Re: First step, tell them to fire security

            Carp Ark. Now I'm thinking of little fishies with laser pointers in a large boat...

            1. Intractable Potsherd Silver badge

              Re: First step, tell them to fire security

              My favourite joke ever*:

              Noah's current descendant on Earth has a visitation from god, who tells him that he has a task for him. "I want you to build me an ark". "OK, " says NCDoE, "do you want it built to the same specs as last time?"

              "No, this time I want it to have twenty decks", said god.

              "Hmmmm, okay, but it isn't going to be easy. How long do I have?"

              "Six months."

              NCDoE gulps. "That's going to be hard! Do you want the same two-by-two accommodation?"

              "No, just twenty decks" replied god.

              "Fine, I'll get to work."

              Six months later, god appears again to NCDoE. "Have you done as I commanded?"

              Exhausted, NCDoE replied, "Yes - I just put the last nails in the roof. Do you want me to launch it now?"

              "No", said god. "I want you to fill every deck with water and then put goldfish in it."

              Surprised, NCDoE, agreed.

              A few days later, god appeared to see the results. "Are you happy, Lord? Twenty decks populated by goldfish as you commanded."

              "Yes", replied god. "You can take it all down now."

              "What? Isn't there going to be a great flood?"

              "Oh, no!" laughed god.

              "Then why?" said a somewhat pissed off NCDoE

              "Oh, it's just that I fancied having a multi-storey carp ark..."

              *I'm laughing as I write it!

          3. irrelevant

            Re: First step, tell them to fire security

            Visited a customer, early 90s, whom hired out mobile cranes. You've seen the size of those things. They had one taken for a joyride once.. Just across the yard and into the side of the offices. Nothing was going to stand in that thing's way! I think this was the point they moved *all* the PCs into a secure bunker at the back of the building (walls and ceiling lined with steel bars, no room to get a vehicle nearby outside) and used kvm extenders to the monitors and keyboards out in the office..

          4. Stork Silver badge

            Re: First step, tell them to fire security

            If you are in an earthquake-prone area, pick your bit of wall with care. Most buildings in my part of the world are reinforced concrete.

          5. defiler Silver badge

            Re: First step, tell them to fire security

            I once worked in PC World (I know, I know...)

            The building had previously been a supermarket with a big glass front, but had some mask in their corporate purple behind the glass during the renovations. Some opportunist (a couple of years later) tried ram-raiding the place in a Transit van with bull-bars, oblivious to the inch-or-so-thick steel place behind the glass. I went to work the next morning to see the police swarming over a dead Transit and a crack in the glass on the store.

        2. irrelevant

          Re: First step, tell them to fire security

          IT company I worked at once suffered a break in. They nicked a handful of desktops. Boss then decreed that all doors to be kept locked. The visit two weeks later involved them kicking through every door in the building. The cost of the damage by far exceeded the loss in goods. Locked door policy was swiftly reversed!

          That was the point he opted for security cages for the servers (Thankfully overlooked so far,) bars at the windows and security shutters on the front. As the made-to-measure bars were going to take a few weeks, he had us improvise... We ended up with 15mm copper pipe spayed with white paint, held in place by timber buttons with holes drilled through. Wouldn't have stopped anything getting through the windows, but looked the part from outside.

          1. Kiwi Silver badge

            Re: First step, tell them to fire security

            Wouldn't have stopped anything getting through the windows, but looked the part from outside.

            Briefly worked in a factory very much like that. Massive steel bars on most windows and one section of windows had a large steel I-beam across the middle of it. The latter, on closer inspection, was made of plywood and builder's putty - appropriately shaped and painted. The former - cheap steel tubing held in place by cheap pipe clamps, also with a bit of ply down the middle to re-inforce it.

            Although the site was in a rather crime-prone area, it was never touched, it looked secure and well-monitored. . I always suspected the alarm siren boxes and cameras were all also fake.

      2. StargateSg7 Bronze badge

        Re: First step, tell them to fire security

        With some things and systems however, the COST of a SUCCESSFUL determined forced entry is so high that ANY AND ALL COSTS are borne to ensure unauthorized entry/exit NEVER EVER HAPPEN !!!

        In an earlier post, i regaled about a location I was familiar with that had multiple guards with machine guns and multiple exit/entry fob locations, active badges and signature-based sign-in/sign-out systems. I forgot to mention the walls, roof and floor were literally 15 METRES (50 feet!) thick with 40,000 PSI (around 280 MPa) compressive-strength reinforced concrete!

        The doors were MULTIPLE fully-electronic and manual-hydraulics operated one-metre thick 80,000 PSI (550 MPa) MULTI-LAYERED STEEL PLATE like what you see in a bank vault but more layers and not fully hollow --- They probably weighed 30,000+ kg each my guess!

        Now THAT was a security system!

        Like I said earlier, I FULLY AGREE with the HOW and WHY of needing so much security for the items and systems they were guarding!

        .

        Sometimes, for some things, there REALLY IS NO COST AND PHYSICAL LIMIT as to what is needed to ensure TRUE entry/exit security !!!

        .

        1. Lilolefrostback

          Re: First step, tell them to fire security

          Yeah, personally learned the hard way that stopping break-ins can be more expensive than a simple break-in.

          My car was broken into twice at my apartment parking lot, resulting in several hundred dollars damage to the door handles each time (about the same cost as my deductible, so mostly twas me out of pocket). After the second break-in, I simply left nothing of value in the car and left it unlocked.

          If you're wondering, the car radio was the cheapest third-party radio I'd been able to find. No thief ever tried to steal it.

        2. YetAnotherLocksmith

          Re: First step, tell them to fire security

          So the enemy nation state simply subverted the head guy, and got full access.

          Seems a bit pointless then.

    2. Doctor Syntax Silver badge

      Re: First step, tell them to fire security

      "We did ponder if it could be any more secure, but it was pointed out that if we did that it was easier to take a sledgehammer to the adjoining wall."

      For some value of locked no door is locked.

      In particular the "Yale" lock* is just a latch that needs a key on the outside but can be opened without from the inside. Given an adjacent glass panel no break-in expert wouldn't be delayed for a moment as my daughter discovered during her student days.

      *Yale do, of course, make regular lever locks as well. I have one in my own door.

      1. Lee D Silver badge

        Re: First step, tell them to fire security

        Much, much more valuable than any amount of "security" stopping people doing things is to *let the only person who cares* know that something's happening. If you got an alert the second a door was opened and shouldn't be, you can stop it in action, deter future attempts, etc.

        The problem is that even most business have "an alarm" that doesn't actually alarm anyone - it annoys the neighbours and that's about it.

        If you care about security - whether student flat, shop front, or large warehouse - you have to let the right people know. An alarm that's monitored and can invoke a police response is good, but if you were to text the guy who owns the company, they can do things like log into CCTV, check it's a crime in progress and ring 999.

        Your "security" only needs to be a security canary - enough for something to fall over and trigger when something happens that shouldn't. (same goes for antivirus, by the way, which I refer to as the "virus canary" when users asks what one they should spend a fortune on, and why their expensive one didn't notice the quite-obvious virus on the machine... when it falls over, you have a virus, it's that simple, and that's its real job). Hence most big locks / systems are pointless.

        A system that alerts the right people (which includes the burglars but notice that it *doesn't* include the neighbours as they are useless and will only be annoyed by any noise if it goes off), in good time. Everything beyond that is really pointless.

        I watched a police programme the other day where a huge Mothercare was broken into. It was the *police* arriving, after a member of the public reported the shop being "left open", that called the keyholder to let them know they'd had their entire front glass door smashed in, and clothing nicked.

        At that point, I really wondered what the point of them having an alarm at all was.

  12. Christoph Silver badge

    A story posted to LJ some years back: IT bods arrived at work after a bank holiday weekend to find a helpful note in the computer room, from someone non-tech (sales or similar). He had noticed that the air-conditioning had been left on in the locked computer room, which was obviously a waste as nobody was in there. So he had got hold of the key (can't remember how - possibly managed to bully it from security somehow?) and gone in, switched off the air conditioning, and left the note explaining how he had helped these silly IT people who couldn't even remember to switch things off when leaving for a long weekend.

    It took quite a long time to get all the crashed systems back up again.

    1. Anonymous Coward
      Anonymous Coward

      In my first job, the servers (all 5-6 of them) were on a shelf in our office. Every night we locked up and the temperature rose, and every day we were getting hotter and hotter in our little office. Management ignored us until midsummer, when the components started to fail in the servers and we had to spend a fortune fixing them.

      So we got a nice sparkly AC system for our office, which we set to a cool 17C.... Only problem was, the thermostat for that wing of the building was in our office, and all the radiators came on on the other two floors....

    2. dmwalsh568

      more HVAC insanity

      A similar story happened to me during a new building project, but the cause was an HVAC engineer who didn't notice we had 5 single appliance 30 Amp plugs in the server room (in addition to the normal AC outlets) and on an average day my server rack alone could put out over 30k BTUs....

      Anyway, the summer before the school opened up I had configured the servers and the network gear was all in place. But the HVAC for the server room was a 2-ton heat pump that was shared with two offices! Things were warmer than they should have been under normal conditions, but one weekend the heat pump tripped and there was no cooling in the server room. I walked in on Monday morning wondering who was running a vacuum cleaner near my offices.... I open my door to a wave of heat and understood what had happened. Because of the undersized heat pump I had gotten a large thermometer for the server room that I had at the top of the rack so I could see instantly how bad things were at any given time. That morning the temp was 118F and all the PC servers had gone into thermal shutdown and a few Mac Xserve boxes were still chugging away with their fans running at max to keep the CPUs from melting.

      Later after recovering from that I found out that the sprinkler head in the room (yes, a water based sprinkler head in a room full of server and network gear!) normally goes off at 123F so I was 5F from losing my brand new MDF gear even before we opened for school. I was not amused and had a serious conversation with the HVAC engineer along with the construction committee....that eventually led to getting two separate 2-ton ACs for the MDF and disconnecting the heat pump from the room (so my boss wouldn't be frozen in her office because the thermostat was in the server room...) Why two separate systems? The HVAC engineer was willing to die on the hill of his original plan so he installed a 2-ton AC and only after proving it was undersized did we get a second unit. All he had to do was admit he based the plan on old drawings that didn't have the extra 150 Amps of 120v service in the server room, but he couldn't admit making a mistake. Would have been easy enough to blame the architects, but nope he had his plan and we had to live with it. Grrr.

  13. A.P. Veening Silver badge

    Auditors

    Those who can, do.

    Those who can't teach.

    Those who flunk teaching, manage.

    Those who can't manage, audit.

    And below that we only find primordial soup.

    1. Sandtitz Silver badge
      Thumb Up

      Re: Auditors

      “Those who can't do, teach. And those who can't teach, teach gym.” - Woody Allen

      1. Loyal Commenter Silver badge

        Re: Auditors

        The one I heard was "Those who can't teach, teach teachers"

        1. Uncle Slacky Silver badge

          Re: Auditors

          The one I heard was "Those who can't teach, become consultants"

          1. Anonymous Coward
            Anonymous Coward

            Re: Auditors

            Those who can't do, teach.

            Those who can't teach, administrate.

            Those who can't administrate, administrate.

    2. Killfalcon Silver badge

      Re: Auditors

      As a career Finance Ops mook, I really like auditors. You want a bad process fixed? The sort of process with 20 hours of manual work for no sane reason that no-one dares automate for fear of offending the manager who 'designed' the process?

      Just tell the Auditor next time they come around. Take them through, step by step, noting all the chances you have to make minor errors, the workarounds in place for half-forgotten legacy issues, the bright red check cells you've been told to ignore.

      Before you know it, an Audit Action is being "forced" on you from above, oh woe is me how terrible.

      1. Hollerithevo Silver badge

        Re: Auditors

        If real, honest professional auditors had done their jobs correctly (and, at a guess, the top one did not take bungs), then all those nice waiters and cashiers and cooks and cleaners in all those now-closed Patisserie Valerie cafes would still have jobs.

    3. Alistair Silver badge
      Windows

      Re: Auditors

      @APV:

      One could append " Those who cannot audit become politicians"

  14. Evil Auditor Silver badge
    Happy

    Love it.

  15. OGShakes

    sometimes its too secure

    Many years ago (when computers were still cream and monitors gave the user a dose of radiation) the print firm my Dad worked for was broken in to and their MAC computers all taken. 3 months later the robbers came back and took all the new shiny Mac's, so a big metal door was fitted with a metal frame. 6 months after that the criminals returned, this time hooking a chain to the frame of the door and using their car to pull it out the building. At this point the owner had enough and fitted a 'smoke cloak' system linked to a monitored alarm system as well as a new heavy duty door. The criminals never returned, but the alarm people accidentally set the system off while servicing it, the engineer was found curled in the corner shaking from the shock of the noise and not being able to see/breath due to the smoke, all the mac's had to be cleaned as they were covered in dust.

    The worst thing about all of this, as a senior designer with customers who just wanted to deal with him, my Dad was in another part of the building with his own reception, private office and assistant. So his Mac was not taken and he was stuck with the oldest slowest machine in the company, he was not happy about this an said if ever he got his hands on the crooks he would tell give them a key and tell them about the internal route from his office to the main design studio that bypassed the metal door.

    1. Andrew Moore

      Re: sometimes its too secure

      The fact that the criminals never returned after the serious security was put in place would lead me to think that this was an inside job.

      1. imanidiot Silver badge

        Re: sometimes its too secure

        This. The fact they knew to bring a car, chain, etc to open the door is another hint.

    2. Hollerithevo Silver badge

      Re: sometimes its too secure

      Not necessarily an insidejob. I worked at a charity, set up their computers, set up a back-up system, etc. Thieves broke in, stole all the PCs. I was called in to help as a volunteer. I told them to buy new PCs, get better security on the windows. But at least they had back-ups, and I'd help with that.

      Well, no, of course they didn't have back-ups.

      And about six weeks later the new PCs were all stolen because they hadn't put better locks on the windows.

      Sometimes people are just that stupid.

      1. YetAnotherLocksmith

        Re: sometimes its too secure

        You lot are all so... Not exactly nieve, but...

        You want to steal computers? Find somewhere that can afford new computers and has crap security. Break in and steal the computers, they are near worthless, but while you're there, figure out a second way in.

        Come back two weeks later after the new shiny computers are fitted, and before the fancy locks & window bars arrive, and use that other route.

        Never go there again, having already profited.

        Sadly, this is how it tends to go. Like burglars stealing Christmas presents, they want the new stuff.

        Always get a proper locksmith /security professional to advise you!

  16. Anonymous Coward
    Anonymous Coward

    so easy to get in

    I was working for a train company, and we needed to move one of those HP plan printers that look like Ed 209 from a wooden shed at the end of the platform to another location( the wooden shed was a little bit cold and damp for the printer who would have thought?). The lock and door was a bit stiff so we ended up having to shoulder charge the door open.

    So after being seen shoulder charging a door, dragging a huge printer out and down a platform, were we questioned by anyone?

    Nope. No one said anything, and it's not like we were in any uniform or anything.

    1. Pascal Monett Silver badge
      Coat

      Yeah, but you weren't wearing hoodies now were you ?

    2. caffeine addict Silver badge

      Re: so easy to get in

      90% of any crime is looking like you're supposed to be doing.

      I once broke into a friend's house by smashing the front window, climbing in, and opening the front door.

      At 6pm. On a Friday. Less than 10ft from the hometime traffic jam that always blocked the highstreet for 2 hours.

      1. Dave314159ggggdffsdds

        Re: so easy to get in

        I used to know a few squatters. One told me all about opening a squat on Oxford Street. Turned up at 9am on a weekday wearing hi vis, knocked on the door next to the target, and asked to plug in an extension lead. Then took an angle grinder to the sitex. No one looked twice, including passing police.

        1. IJD

          Re: so easy to get in

          Mate of mine years ago was a security guard for a construction equipment company. Turned up one Monday morning to find everyone in headless chicken mode because an entire tower crane was missing -- you know, those tall things that lift stuff, and are worth several hundred thousand quid each.

          When they rang the police they already knew -- the thieves had turned up at the weekend complete with low loaders and lifting gear, loaded up the crane (they're modular, bit like Meccano), and then got the police to hold up the traffic while they got the awkward loads out of the yard...

          1. rnturn

            Re: so easy to get in

            Rather like the means that some art thieves use: show up in appropriate clothing--i.e. coveralls--and everyone assumes your *supposed* to be taking the painting off the wall. If memory serves, that's how "The Scream" was lifted.

        2. Uncle Slacky Silver badge

          Re: so easy to get in

          Yep, hi-viz (and a clipboard) will get you in anywhere.

          1. Laura Kerr

            Re: so easy to get in

            Unless you're trying to blag a free gig. Then your weapon of choice is an empty guitar case.

            1. rnturn

              Re: so easy to get in

              > Unless you're trying to blag a free gig.

              Only got crappy seats at a concert? I've been able to hang out right in front of the stage at several by showing up with an SLR. They assume you're with the press.

          2. YetAnotherLocksmith

            Re: so easy to get in

            Not any more.

            The #neonnazis (fascist UK knockoffs of the French "yellow vests") have made everyone very much more "motivated" to find out what the people in the hi viz are actually doing.

        3. usbac

          Re: so easy to get in

          This reminds me of a time back in my teenage days. My best friend Peter's dad owned a used car lot. His dad had given Peter a newer/nicer car. The problem was that Peter had installed a bunch of high end stereo equipment in his old car.

          We were out at the movies until late, and Peter had a sudden thought "what if my dad sells my old car off before I get the stereo equipment out?" His old car was parked down at the car lot. His dad was kind of an ass; the type that would think "this car will sell for a lot of money with all of the nice stereo equipment in it". He was a used car salesman after all.

          So, we decide we go and get the equipment out before his dad sells the car. We grab flashlights (torches) and toolboxes and head for the car lot. It was about 1:00am by this time. The lot was brightly lit to deter crime. It was in a great location, right on the corner of a busy intersection.

          We're working away, doors open, stereo equipment scattered around the car, etc. when a police car stops at the red light. He's about 20 feet away from us, and turns around and looks right at us. We both look at each other and at the same time say "oh, crap we're going to jail". Worse yet, his dad was out of town. This was back in the 80's so the police couldn't just call his dad on his cell phone.

          After about 30 seconds of sheer terror, the light turns green, and the cop just drives off. Peter turns around and says "phew, that was close", and then he thinks for a minute and says "wait, what the hell, this is my dad's business, and the police don't give a crap enough to at least stop and ask questions?" That's when we both learned just how stupid and lazy cops are.

          1. Z Ippy

            Re: so easy to get in

            Driving home from a night out a long way from home I passed a garage with a car I had seen advertised in the local rag and stopped to look it over.

            It was about midnight and a police car was passing. They did stop and asked what I was doing and I said that I was just looking over the car as I was interested in it.

            The police officer was quite rude and said something along the lines of "well if there is any vandalism reported on the vehicles, we know who to look up".

            So I told them to come and have a look now, which they reluctantly did.

          2. Myvekk

            Re: so easy to get in

            Well, neither of you tried to leg it, so you passed the first test of "Are they doing something they think they shouldn't be?"

            "Smile and wave, boys. Smile and wave."

            A relevant part of a talk by Deviant Ollam on whether or not you are really red team pentesting: https://youtu.be/mj2iSdBw4-0?t=907

  17. ColinPa

    Why kick the door down when you can get in behind a cleaner.

    I was at a so called secure site. Visitors badges were paper so could not get through badge locked doors.

    Someone was having deliveries and so the outside door was open - in we went and could roam around the building.

    We got to the ops room, which was being cleaned, the usual way. Use a bin to block the door open while the room was being cleaned. The cleaners were not allowed to use a power socket in the ops room, and so needed to get the cable for the vacuum cleaner into the room.

    In we went, sat down and started writing our presentation.

    Half hour later in walked the IT manager who asked how we got in!

    This was a different site to a colleague in the US who was at a secret secure site. He was permanently escorted by a marine with an automatic rifle. When he went to the bathroom, the cubicle had no door, and the marine watched him do his business.

    1. Anonymous Coward
      Anonymous Coward

      Re: Why kick the door down when you can get in behind a cleaner.

      According to the propaganda on the website "When our Nation calls, we answer with the single greatest weapon in the United States Marine Corps: the elite fighting spirit found in every United States Marine.". Lots of photos of butch men riding around in tanks and jumping out of things....

      ..... and then you get posted to watch civilians have a shit in an office toilet.

      Kid: How did you serve your country grandpa ? Which wars did you fight in ?

      Grandpa: Erm......

    2. Anonymous Coward
      Anonymous Coward

      Re: Why kick the door down when you can get in behind a cleaner.

      Since the Prestorius case, this has become the standard safest way to poo when there are armed people around.

    3. TomPhan

      Re: Why kick the door down when you can get in behind a cleaner.

      Phone in one hand, coffee in another, and wait by a secure door. Someone will hold the door open for you.

    4. StargateSg7 Bronze badge

      Re: Why kick the door down when you can get in behind a cleaner.

      "....This was a different site to a colleague in the US who was at a secret secure site. He was permanently escorted by a marine with an automatic rifle. When he went to the bathroom, the cubicle had no door, and the marine watched him do his business....."

      ---

      Wait until you get to the "Secret Sites" that are anywhere from 500 ft to 2000 feet underground (150 m to 600 m) in solid rock, where you reside for some weeks within the 15 to 30 metre thick walls of a reinforced concrete bunker where the MULTIPLE armed contractors follow you everywhere (YES! to the loo too!) AND at the entrance to the main operating centre there is an automated "Sentry Gun" system where one pedestal has the anti-personnel .50 CAL rounds following and pointing at you, and the other pedestal has the automated Armour-piercing 20mm rounds sentry gun! And that was the INTERIOR GUARD AND DEFENCE system!

      That TOO is truly EXTREME levels of security!

      .

      There are STRANGE AND VERY WELL GUARDED PLACES in the world!

      .

    5. Anonymous Coward
      Anonymous Coward

      Re: Why kick the door down when you can get in behind a cleaner.

      US Marines like that sort of thing.

      1. Kiwi Silver badge
        Joke

        Re: Why kick the door down when you can get in behind a cleaner.

        US Marines like that sort of thing.

        Reminds me of an old joke...

        Why does the US Navy have a contingent of marines on each of their warships?

        Because sheep would be too obvious!

  18. technos

    I didn't even have to do it myself.

    I myself once had a bad router behind a deadbolted, heavy duty door so I went out to my truck to grab my tool box. The door swung out, and this wasn't my first rodeo using a hammer and chisel on hinges, so not a big deal.

    In the ten minutes I was gone an angry employee had found himself a fire axe and done the door in for me.

    He looked proud, and he was still holding the axe, so I just nodded and got to work swapping the router.

    1. Yet Another Anonymous coward Silver badge

      Re: I didn't even have to do it myself.

      >and he was still holding the axe, so I just nodded and got to work swapping the router.

      Always best response to an idiot with an axe

  19. Martyn 1

    confront the guards and ask "why they hadn't done anything"

    Don't security guards etc in South Africa tend to be armed? It could have ended so differently, and no great loss to the world!

    Eons ago when I worked at DEC I was in on a Saturday and needed to get console acces to a VAX, but there were no Operations staff in at the weekend, so lifted a floor tile outside the Computer room, wriggled under the partition wall, pushed up another tile, did my thing and left the way I came - nobody ever found out :-D

    1. Yet Another Anonymous coward Silver badge

      >Don't security guards etc in South Africa tend to be armed? It could have ended so differently, and no great loss to the world!

      Make sure you send a white auditor.

  20. Alien8n Silver badge

    Door locks?

    I won't mention where, but at one employer it was pointed out (after 2 years of being there) by a contractor that anyone with a screwdriver could simply take the lock off the door as the screws were accessible and on the outside. The door itself? About 3 inch thick steel fire door.

    1. rnturn

      Re: Door locks?

      We had an IT manager wannabee post the combination to the 5-button lock on the data center door on the, thankfully internal-only, IT pages of the company web site. (Probably instrumental to why he never got that promotion.)

  21. Nick Kew Silver badge
    Coffee/keyboard

    Bastard Auditor from Hell?

    BOFH columns being thin on the ground nowadays, do we have a prospective successor?

  22. Alien8n Silver badge

    PIN locks

    Oh, nearly forgot. PIN locks are probably the least secure door lock on the planet. Had an incident at one place, a couple walked into the building as the front door was open (staff working late at night. PIN lock on the downstairs doors internally, door opened in seconds.

    I confirmed that all the PIN code locks could be opened in a matter of seconds just by sliding a thin screwdriver (a pen knife would do the job just as easily) down the back of the lock. All internal locks accessed via an external door are now key card secured, and the external door now automatically locks when the office is officially closed. Doesn't stop the milk being nicked off the doorstep but it at least means no one can gain access by simply popping a screwdriver behind the lock.

    1. Dave314159ggggdffsdds

      Re: PIN locks

      Pin locks are trivial to crack, if you have access and a couple of minutes to play with them. You can normally see the buttons which are pressed often, but you can always feel which they are by pressing. If you know the four digits, it's just the order to work out.

      I have seen people who think the 'c' is a digit in the code. Reduces security somewhat when the third digit of four resets the input.

      1. Chloe Cresswell

        Re: PIN locks

        Had a client move into a building for a temporary stay as they moved.

        4 digit lock to enter. I asked the building managers to clean it.

        "Why? It has lots of combinations"

        I pointed out the marks showed that 4 digits were being used. 1 and 9 were among them. Guessing the number was a year, that gave security of 2 combinations.

        They cleaned the lock surface after that.

        1. Anonymous Coward
          Anonymous Coward

          Re: PIN locks

          Our workers get their hands dirty so we can tell which order the buttons are pressed. The first button gets the largest transfer of grease, the subsequent buttons get cleaner.

      2. Anonymous Coward
        Anonymous Coward

        Re: PIN locks

        Some of those PIN locks, it doesn't matter the order you press the buttons as long as you press the right ones the door will open.

        1. heyrick Silver badge

          Re: PIN locks

          "as you press the right ones the door will open"

          Our one at work is like that. Four buttons, any order. And maybe 200 people go through that door per day, so it isn't hard to see which four buttons to press.

          Sometimes I think "security" is mostly an illusion to make people "feel" safer.

          1. YetAnotherLocksmith

            Re: PIN locks

            That specific one is meant to stop random people wandering in. It also serves as a test for how diligent whoever cleans the windows, doors and facia are!

      3. Down not across Silver badge

        Re: PIN locks

        You can normally see the buttons which are pressed often, but you can always feel which they are by pressing. If you know the four digits, it's just the order to work out.

        Some PIN locks display digits on the pad, and randomize the order in which they appear on the pad. Not perfect, but does reduce the chance of guessing by looking at the pad or shoulder surfing somewhat.

  23. Anonymous South African Coward Silver badge

    Whut? No loose floor tiles?

    I am disappoint.

  24. Nick London
    Big Brother

    Auditors and auditees.

    I'm a structural engineer.

    Mid 70;s as a graduate I was inspecting floors in a working office building (Remember High Alumina Cement).

    Wearing high vis and safety gear makes you invisible.

    I heard two book keepers in the lift discussing an audit and one tells the other not to give them any assistance.

    Later I had my head up the ceiling in the office used by the auditors as the visiting partner gave a pep talk to the bean counter who was suffering a lack of cooperation.

  25. Doctor Syntax Silver badge

    Clearly the IT department was at fault if they didn't have an audit trail of emails to Facilities whose job it clearly was to secure the room.

  26. Will Godfrey Silver badge
    Facepalm

    A story my dad told me

    His office in central London decided to remove a safe and take it to a new out of city location. I think this was in the early 1950s. The safe was on the second floor, and changes in internal access routes over the years meant the only way to get it out was by removing a window and hoicking it out with a crane.

    This took several hours.

    Nobody in the area had been told this was going to happen, yet nobody questioned it

  27. TeeCee Gold badge

    Secure doors.

    Back in the late 80's I turned up for work one morning to find a bit of a kerfuffle going on. Turned out that some eejit had left the keys to the third floor access door in the post room on said third floor. The fact that the post room was there was why it had a separate key. Anyhow, while the guy that ran the post room had a spare set, he was on holiday for two weeks. Oops.

    On finding out what was up, I waffled off to my office and grabbed two screwdrivers. I then proceeded to open the door by "inching" the latch across, which is why you never put a "nightlatch" style lock on an outward opening door(!).

    Boss: "How the hell did you figure that out so quickly? This is supposed to be secure!"

    Me: "The smoking room and coffee machine are in there and I often do work out of hours....."

    1. Anonymous Coward
      Anonymous Coward

      Re: Secure doors.

      A similar thing happened to me back in High School. In our wood shop class, the large metal fireproof cabinet that contained all of the stains and varnishes was locked. Our shop teacher (a really cool guy) had left the key at home, and he told everyone that they wouldn't be able to use any varnishes until tomorrow.

      I told him "no problem, give me a minute". I pulled my lock pick tools out of my wallet, and opened the cabinet in about 5 seconds. He just looked at me and said "I didn't see that, understand!" He was a super nice guy.

      1. Anonymous Coward
        Anonymous Coward

        Re: Secure doors.

        children were schooled in a building for several years (mine included) which had a section that was meant to be locked and secured at all times as it had computers/data on many people. Said son grew up to become IT admin at same facility and one day told the big boss to come over to the secure section. He then pulled out a credit card, slid it into the latch area on the main door and it opened. Big boss turned a bit sickly looking, and then got even more sickly looking when he was told that the kids used to get in during unsupervised times to game on the office computers, seems the door knob had been installed backward and the bolt easily slid open with said credit card or other thin stiff object.

        1. quxinot Silver badge

          Re: Secure doors.

          I had a coworker come to me one morning nearly in tears as she had borrowed her husband's truck to get to work that day, and locked the keys in it. She said, "Well, you know how to break into cars, don't you?" and I wasn't sure if I should be flattered or offended.

          She was super cute and we got along well, so after some mock protestation, I of course asked where she parked, and brought her the offending keys a few minutes later. (Manual blood pressure cuff inflated at the top rear of the door gives enough room to get an unwound metal coat hanger in to hook on the ring of the keychain.)

          I was assured that having a wide knowledge base was the rationale for being asked this sort of thing, rather than a presumption of a darker history. Still not entirely convinced my reputation there was entirely as I'd like it to have been!

  28. Rodderstoo

    Auditors..

    They come along after the battle is over and bayonet the wounded.

  29. I Am Spartacus
    Mushroom

    How do I know you're an auditor

    I worked as a compliance manager on a national infrastructure project. I was chosen for this because, as I contractor, I was expendable if it all went bad. I could be the sacrificial lamb. I was warned the auditor was coming and so was duly prepared.

    Said auditor arrived at me desk and immediately asked to see my copy of the compliance manual. So I asked for his ID and letter of appointment. He gave me a card from [insert name of big 5 consultancy here] as his ID. I tore that up, threw it in the bin with a comment "that's no good, I can get those done at ProntoPrint for a tenner". He fumed and offered to call my boss. I duly invited him to do so, and when boss arrived to find out whats going on, I explained that this man claimed to be an auditor and wanted access to the national infrastructure compliance data. I had refused, because under standing instructions, I had been instructed only to provide such access to people identified to me by senior management - that was above my bosses pay grade. As I had no such instruction, I was therefore refusing access. Politely, but firmly.

    Boss told me to give the auditor access. I refused because he wasn't on the authorised list to see the documents himself, let alone grant access.

    Auditor fumed and said I was being unreasonable. My boos, reluctantly and through gritted teeth confirmed that actually I was obeying my remit, just rather for forcefully than he ad anticipated when I was handed the poison chalice.

    Audit was forced to go away, obtain a formal letter of acces approval, and make another appointment.

    I awarded my self a BOFH beer that lunch time!

    1. Stevie Silver badge
      Pint

      Re: How do I know you're an auditor

      Approve. Could've been a gloater.

    2. AustinTX
      Facepalm

      Re: How do I know you're an auditor

      I do chuckle a bit whenever I'm sent a Word document to print out, so that I have a "badge" to wear to a worksite. But, nobody even looks at it. Not even in banks or jails...

    3. Doctor Syntax Silver badge

      Re: How do I know you're an auditor

      We occasionally get people turning up at the door to sell things and waving a badge to show how genuine they are. The looks on their faces are priceless when I tell them that their badge is meaningless outside the building where they work - if, indeed, there is such a place.

    4. 2+2=5 Silver badge
      Facepalm

      Re: How do I know you're an auditor

      I was amused by this recent news story: Student eats free KFC for a year by claiming to be from head office

      The best bit was that the fake id badge he used had the words "Head Office" on it under a name.

  30. keith_w

    Door Locks

    We also had a printout counter that could be hopped over. We also had a door with a 5 button combo (pre-scan card days). My supervisor changed the combo and said "now let's see that red-headed woodpecker" (one of the programmers) get in. 2 minutes later, turned around and there the red headed woodpecker was. "How'd you get in" I asked, "we changed the combo". "I just guessed" he said. I also managed to lock myself out of the building on an overnight shift when I forgot my building key when going out for a smoke. I managed to get back in by dropping a piece of heavy string between the double doors and through the emergency exit crash bar, fishing it out the bottom and triggering the crash bar to open the door.

    1. AustinTX

      Re: Door Locks

      Those crash bars have saved me more than once! I forgot my access card one evening (we didn't use badges, we just kept these in our pockets, and could often forget them if we simply came and went during normal business hours) and ended up climbing atop the 1-story section of the building so I could tap on the glass windows into the server room. My co-worker eventually came to investigate and met me downstairs at the front door to let me in. He decided to have a quick smoke, so he came fully outside. Had forgot his card too, haha. We got in with a bent metal coat-hanger between the doors, which was able to trigger the bar, which I believe was actually capacitive instead of mechanical.

  31. JoMe

    Curious...

    Why the security guards didn't get the bollocking. I mean, IT don't own or physically secure facilities, and aren't the ones watching the camera. The camera is a line of defense, with a paid guy that has a gun on his hip to respond to such events.

  32. TomPhan

    We had a re-purposed building where the only lockable offices were glass fronted ones around three sides of it, so that's where the servers lived. You wanted to get to them you needed to sign for a key to unlock the door. Then they started crashing because summer and lots of glass tend to raise the temperature. So the solution was to open any external doors and windows, let the nice air circulate and coll them a bit. Of course if you wanted to get into the room you still needed to officially unlock the door and go that route.

  33. TomPhan

    Any badge access

    A place I worked a long time ago had the type of reader where ID badges had a mag strip and you swiped them. Within hours it was realised that any similar card would work - I later found out the backend system which was supposed to check and log access has been misconfigured and said Yes to any request.

  34. J.G.Harston Silver badge

    Friday is beer and relaxation? Lucky lucky buggers. I do election admin, and staggered into bed at 5am this morning, *and* I've got to go back and do Part Two on Sunday evening. I can bearly keep my eyes open right now.

  35. Doctor Syntax Silver badge

    I used to work at a site which had checks on the way in to the car park but an induction loop trigger to raise an unattended barrier on the way out. I often wondered how big a squashed can you'd have to throw into the induction loop so you could drive in.

    1. ICPurvis47 Bronze badge
      Facepalm

      Induction loop

      My daughter rides a motorcycle. Early one morning, she was returning home from Uni, when she stopped at a red traffic light. It was one of those that sets to red in all directions until a vehicle approaches it, and then sets that light to green. Except it didn't. There was not enough magnetic signature in the motorcycle to trigger the light to change, and at stupid o'clock in the morning, no other traffic was around to trigger the sequence. Eventually, she dismounted, and walked it across the pedestrian crossing after pushing the button on the post.

    2. GordonScally

      Something about the size of a Shovel worker at a university I was employed at!

  36. bill 27

    So one day...

    As the first one in for several hours, I got to work and discovered I'd forgotten my key. I crawled through the window where stuff was passed out of the room. Next priority task...unlock the door, from the inside, and go make coffee.

  37. Long John Brass Silver badge
    Gimp

    The scary OPs team

    Back when I was a wet behind the ears PFY (When iron dinosaurs ruled the earth). The DC I had to visit had the OPs pen right next to the Machine room access doors. Card swipe access the whole nine yards. I never had a card so I had to be let in by one of the OPs team. Great people; Very ummmm interesting crowd. They included...

    * Tall tattooed, pierced(Rare at the time) Heavy metal tweaker dude (OPs team leader)

    * Disco hippy - Nice guy, awful taste in music

    * Thug - the tape monkey

    * "Barbie" - the scantily clad OPs gal. Very nice, very smart and my goto when I couldn't figure out how one system talked to another

    * Suspiciously normal girl - The other OPs gal.

    Had the privileged of watching the new GM of the company (After trying and failing to access the machine room with some other suits in tow) trying to explain to the Head OPs dude that he needed access to the machine room to do a tour for the other two suits.

    Head OPs dude looks him in the eye and says; Never seen you before, don't know who you are and I'm not letting you in. If you want in, talk to my boss.

    GM then scuttles off and comes back later with the aforementioned manager in tow :)

    Great crowd; Loved hanging out with them. I guess with lights out DCs being the norm these days; they aren't really a thing anymore :(

  38. nwillc

    I remember, back in the day, a secure machine room, which had an associated "public access" terminal room next door. One summer, during a heat wave, when no one was looking, we lifted a floor tile in the terminal area to try and "steal" AC from the machine room. It worked... and out of curiosity we ducked under the raised floor and popped a tile up on the other side of the wall. We were in the machine room. Yeah so much for physical security.

  39. swm Bronze badge

    Audit tags

    We used to buy computer boards with capital money. The auditors wanted to stick an asset tag on the board but there was no room where the tag would adhere.

    1. Ken Shabby Bronze badge
      Mushroom

      Re: Audit tags

      Answer I was given whilst in a tunnel in a certain DMZ, many years ago, whilst pointing at a scary looking Soldier dude with big f off rifle guarding a very looking serious looking door (badly green painted with hints of rust and a tiny glass window).

      "What is behind that door?"....

      Matter of fact reply "Land mines", silly question , I suppose.

  40. StuntMisanthrope Bronze badge

    Use the force...

    Or hire the auditor as your boss. Meet 'em at the gates. #rubicon

  41. rnturn

    Auditors I have known

    We had someone come around one day to audit our purchases and wanting to verify a couple of pieces of hardware we'd purchased--a couple of large memory boards for a minicomputer--asking where they were. I had explain that they were installed *in* the computer and there was no way in hell I was shutting it down and destroying a couple of days' worth of simulation in order to pull them out so she could look at them. She wanted to put equipment asset tags on them as well---you know, those metal ones with an adhesive suitable for space shuttle tiles. Just where on the circuit boards she thought the tags would be best placed so as to not destroy the cards was a mystery. (*I* knew where'd they be best placed...)

    Then there was the auditor who had *no* problem with a trading back office application that had to run with "BYPASS" privileges (i.e., VMS's equivalent of root) but that was just peachy so long as he had a letter from the vendor stating that it was necessary. (Note: Be careful of the boutique software house you choose for critical applications; their idea of security may be along the lines of "I know what I'm doing and these permissions are getting in my way".)

  42. Anonymous Coward
    Anonymous Coward

    Auditors are never happy....

    I used to work for a large outsourcer and our financial services (fully regulated) project had very strict access protocols for our machine room that involved security having a named list of people they could release access cards to.

    Any changes to that list had to be signed off by the project director, and by any two existing members of the access list. All about checks and balances.

    One day, the regulator turned up at 2am to do an unannounced spot check on our machine room. You can guess what happened next. Regulator got turned away as their name wasn't on the list... And they got VERY angry... They got the client CEO on the phone, and the UK MD of our company yet the security guard still refused entry as he said correct protocol must be followed and the regulator left empty handed.

    Suffice to say, the following day about 4 new names got added to the list... But the security guard got a personal note of thanks from the Global CIO for standing his ground.

  43. dmacleo

    have had to force open metal doors with metal frames and walls using forklift.

    surprising what many tons of inertia does when hits a door.

    hyster h620 with forks set tight punches through a lot and has good reach

  44. benderama

    Auditors aren’t the enemy here. You know who is?

    The manager who wants to work from home but can’t because of security protocols. So he complains to the ceo who unilaterally decides punching holes in said security is ok because the manager is a nice guy.

    It’s the accountant who doesn’t read her emails properly and tries to wire a large sum of cash to the ceo who sent a poorly worded request from an unusual address.

    Its the CS team who work late at night and prop doors open for each other with bricks so they can sneak out at 4am and have a smoke.

    It’s the guy who tapes his passwords to his screen and needs other passwords reset daily.

    It’s the facility manager who prints out secure WiFi settings and posts it every 5 feet.

    Auditors are nothing.

    1. Hollerithevo Silver badge

      Thank you for this

      I am not an auditor but worked for a mid-sized firm with a really good audit team who were like Rottweilers. They were often offered bribes to look the other way, or to do a half-assed job, and AFAIK they never did. They caught so much middle-level manager chiselling and cooking of the books. A LOT of it in charities. They kept losing clients because they wouldn't play the game.

      But as I said in another post here, Patisserie Valerie had a lot of people working there who suddenly lost their jobs. And if the auditors had been from my firmn, that tea-leaf would have been found out and bounced out at once.

      I admired them. They wanted the whole world to be honest. Like they were.

  45. ChrisBedford

    Apartheid legacy

    This happened in the nineties, right? When apartheid was still a thing, and well, TBH it still is, in terms of the attitude of many security guards.

    Black people in SA (security guards here are 99.9% black) had been told for generations - well, hundreds of years, if you analyse it - that white people were superior to them. So even when that sort of discrimination was being dialled back, and Security was told that they have a position of (nominal) jurisdiction over *everyone* in certain areas, they would and often still do kowtow to anyone with a white skin, or indeed with an air of authority. So the response that they "thought the auditors were just people who had lost their ID tags" is 100% in line with a lifetime of experience here.

    And yes, security guards tend to be lazy. You would be too on a 72-hour working week (not kidding. Twelve hours a day, 6 days a week) at minimum wage. They are largely ornamental.

  46. toejam

    Why go through the door...

    I remember visiting a customer site that had a secure room protected by a mantrap. It had two reinforced metal doors and required two employee badges to enter or exit. They were making a very big deal about all the security once we were all inside. So I start tapping on the wall and notice that it is just drywall with an empty cavity behind it. I could probably kick my way through it in under a minute. For some reason, they weren't pleased with that discovery.

  47. Lindsay T

    All auditors become adept at bypassing security of all sorts otherwise we wouldn't get the bad guys. That said, almost always the important key is in the key safe, the key for which is always secreted in the boss man's top left hand drawer. We were nearly beaten by one guy who put it in the top right hand drawer. Very clever but we figured it.

    Of course, a decent auditor leaves no trace of ever having been there. Set a thief ..........

  48. Griffo

    I had something similar happen

    Back in the early naughties, one of our cusotmers was a name-brand diamond reseller, who was at the time setting up an early B2B diamond marketplace, hosted on our kit.

    Given the size of any potential fraud, they sent in a set of security auditors to check out our setup. All good, I spent the day with them in our datacenter which was at the time pretty advanced. Think guards behind bullet proof doors, multiple man traps etc.

    Problem was, on the second day, I was badly delayed due to a car accident (mine!) and turned up around 3 hours late. At this point I found the auditors had

    a) convinced the guard to let them in seeing as "they were here yesterday"

    b) used a boot disk and snagged a copy of the SAM DB from the NT4 severs

    c) scampered with that file to try their hand with l0phtcrack to try to break any weak passwords

    Needless to say, we failed the audit.

  49. Andy Taylor

    I once accidentally left a personally owned video card in my work PC when I left the job. This would have been 1995.

    The following Monday, I did my first day with the new company, then drove home via the old one. Walked straight past security, opened the IT room door with the PIN (unchanged), extracted my card and walked out again.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019