Dave and Greg on Physical Security at Drupalcamp Austin
I was using my laptop to present and walked out of the room to get a refill on my coffee. Dave used the opportunity to teach me a lesson in physical security - we left a note on my unlocked laptop! If he wanted to be malicious he could have done a lot of things:
- Used my logged in email accounts to get access to dozens of sites using the password reminder feature
- Looked through my files to find sensitive information
- Send tweets from my twitter account
- etc. etc. etc.
Speaking of that last point, as I returned to the room from refilling my coffee Dave had left. I noticed that Dave left his computer and cell phone in the room - his computer was locked but his cell phone wasn't. I quickly tweeted from his account about how much he liked my session
It's an important lesson to remember: in my trainings and camp/conference presentations I focus on security inside Drupal but usually skip over other important parts of the overall security picture. There are other great resources that can teach you about those topics so I feel like I should focus on Drupal. However...always keep them in mind in case your laptop or phone is left unlocked near someone who is more malicious than Dave and I!