Tuesday, January 08, 2008

The dangers of amateur red teaming

The BBC reports that Top Gear presenter Jeremy Clarkson was stung after bank prank.

In the aftermath of the recent data breach of two Inland Revenue CD-ROMs containing the bank account details of 23 million UK citizens, Clarkson thought that people should stop the panic. You are perfectly safe, said Clarkson, see here is my own bank account number to prove it.

Oops.

500 quid the poorer due to an unauthorized direct debit from his account to a charity Clarkson is now saying he has learned his lesson, unfortunately though I think he has learned the wrong one.

The lesson people should draw from this is that it is a very bad idea to red team security measures of other people's systems. In the wake of 9/11 the number of people testing the security of airport scanners became a serious nuisance. Red teaming the security of bank security systems with your own money is a very bad idea.

But designing bank security systems that are proof against Jeremy Clarkson is a very good idea. If you can build something so secure that Clarkson cannot break it you are doing something right. Here is a video of Clarkson and friends taking their car to a car wash and, well, setting light to it in the process.



In this video we see the results of Clarkson taking a caravan holiday.



Barclays should consider themselves very lucky that Clarkson did not burn them down.

No comments: