WebApp Sec mailing list archives
Re: What Would Disney Do ?
From: access_denied <dank.krew () gmail com>
Date: Thu, 29 Jul 2004 06:41:21 -0700
Really interesting analogy. Brings new meaning to the concept of hacking Disney. On that note - The fast passes (for those of you who don't know, guests can insert their ticket or pass into a machine at an attraction that will spit out a slip of paper, allowing them to come back to the line later at an automatically determined time) do not have to be used exactly within the printed time frame. I've never had a problem using a fast pass well after the alloted time has passed. Which is really handy considering how many you find on the ground, tossed by careless patrons who thought they missed their chance. What's really interesting is that the barcodes generated on tickets are sequential. If one were so inclined, it seems possible to create a fake "fast pass" (or a dozen?) for faster ride navigation. On Wed, 28 Jul 2004 10:03:10 -0400, Mark Curphey <mark () curphey com> wrote:
Yesterdays discussion about SSL login pages got me thinking about ways to make it easy for users to do the right thing and hard to do the wrong thing. I found some security architecture slides on the floptop from ages ago (I don't recall where the original text should be contributed to) Disney Many people visit Disney World and have a good time because their surroundings are controlled. This in turn makes it easier to control people's behavior and minimize problems. By using physical barriers and having a cheerful staff, Disney World makes it easy for visitors to conform and "do the right thing". - Physical barriers (fountains, flower gardens) - Limit the choices people can make about where to walk - Guests are given constant instruction to minimize disorder - Guests are constantly under surveillance by employees - Many exhibits are only viewed through riding in a vehicle Order is maintained through voluntary activity The control at Disney World is subtle and embedded in the routine activities of employees and visitors. It is designed to prevent any disorder and make everyone's visit as enjoyable as possible. Some of these things of course could be tied to the architectural patters discussed last week (limited view etc) Just thought it was an interesting anecdote.
-- [4:19] Got a minute?
Current thread:
- What Would Disney Do ? Mark Curphey (Jul 28)
- Re: What Would Disney Do ? access_denied (Jul 29)
- Re: What Would Disney Do ? Pete Herzog (Jul 29)