Dave and Greg on Physical Security at Drupalcamp Austin

At Drupalcamp Austin I gave a training on Security in Drupal with a little help from friends and Acquia Training Partners Dave Reid and Larry Garfield.

I was using my laptop to present and walked out of the room to get a refill on my coffee. Dave used the opportunity to teach me a lesson in physical security - we left a note on my unlocked laptop! If he wanted to be malicious he could have done a lot of things:

  • Used my logged in email accounts to get access to dozens of sites using the password reminder feature
  • Looked through my files to find sensitive information
  • Send tweets from my twitter account
  • etc. etc. etc.

Speaking of that last point, as I returned to the room from refilling my coffee Dave had left. I noticed that Dave left his computer and cell phone in the room - his computer was locked but his cell phone wasn't. I quickly tweeted from his account about how much he liked my session

It's an important lesson to remember: in my trainings and camp/conference presentations I focus on security inside Drupal but usually skip over other important parts of the overall security picture. There are other great resources that can teach you about those topics so I feel like I should focus on Drupal. However...always keep them in mind in case your laptop or phone is left unlocked near someone who is more malicious than Dave and I!