Mike Shaw writes:
> Don't know if this will pass list muster, but I just had a great time in a
> client company's shredder bin.
Cool ;-)
[snip]
> <technical muse>
> I'm toying with the idea of a "shred-cracker". Basically you would scan
> the strips in, then the program would reconstruct them in every
> possibility and pass it through an OCR library. When the OCR started
> hitting recognizable words, it would 'lock' those strips in place.
Well, I had thought of the idea to scan the things in as they are fed
into the shredder.
You'd have to tamper with the shredder, but nevertheless...
> Sadly, my coding skills aren't really up to this project and even if they
> were I don't have that time.
> </technical muse>
IIRC, software for that exists already. At least, software that turns scans
of torn paper into clean copies (by matching "pieces").
The East-German secret service (MfS, aka "Stasi", try
http://www.bstu.de/home.htm ) left over 15000 sacks of torn paper, before it
was shut down after the German re-unification.
The paper was torn because the shredders were broken (too much paper in to
short time).
> Anyway, if anyone is doing a pen-test that involves physical security,
> don't overlook the shred bin!
"Only the paranoid survive"
cheers,
Rainer
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rainer Duffner Munich
rainer_at_ultra-secure.de Germany
http://www.i-duffner.de Freising
========================================
When shall we three meet again
In thunder, lightning, or in rain?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Jan 04 2002
Intro
