I often talk about many government (and corporate) security practices being mere theater. An appropriate example is the airport where post-9/11 paranoia has made a select few companies (body scanner manufacturers, explosive detection companies, portable GC unit suppliers, etc.) very rich while inconveniencing the majority of the public. Many countries around the world do not need elaborate hardware to maintain adequate security. Often behavioral monitoring by trained staff is far more effective as Israel has found.
With airport security there will always be some permeability and that’s expected. It is a trade off we must make to live in a nation that has any semblance of personal freedom. If this means the occasional hull loss through terrorism then so be it. The increased security has proven to be ineffective and easily adapted around.
Security researcher Evan Booth has published his findings on constructing weapons using items available after security screening. I can’t say I am surprised that all this additional security could be for naught. There’s vigilance and then there’s paranoia. We must always ensure in IT our security procedures do not adversely affect usability to the point of making the product unusable. This is a real world example.
Mike the Crypto Goat 