You know, just when I was about to write that the new Case Phonebook bot hadn't experienced any hiccups yet, I looked at my buddy list and noticed that it was offline. I just ran the script again and it's back up, so this could just be due to a brief network outage or something.

Anyway, a couple of admittedly uninteresting things happened today that triggered this post.

Today my girlfriend told me that while she was messing around with her grad school app to the Winterthur program at University of Delaware, simply pressing the Back button in her browser let her view the status of other people's applications and various "leftover" information, presumably from other sessions. This is obviously not what is supposed to happen.

The other thing was that I needed to get a pair of shoes from her apartment, but nobody was there to let me in. I actually had to skip all my classes one day last semester because I left my shoes in there! Anyway, this time I took it upon myself to get what I needed. Did you know that you can get into any room or apartment in the Village with just a coat hanger? I opened her door in about 5 seconds and was able to retrieve my shoes. (Don't look at me, this was documented in the Athenian months ago.)

So I wonder, are we any more secure than 5, 10, 50 years ago? I'd like to think that our web applications are more secure. Web applications were so primordial ten years ago that I hope we've learned a lot about web vulnerabilities and web programming since then. But then again, new web development frameworks keep popping up, and security holes with them. Remember when a bunch of Drupal sites were defaced or wiped out last summer? Are our web services even more secure than the pen & paper alternatives they are intended to replace?

As for physical security, I have a hard time believing this has improved much either, although maybe I'm not looking far back enough for this one. These fancy ID card door locks in the Village are clearly less secure than the lock-and-key doors they replaced, which couldn't be defeated by any shmuck with a coat hanger. Likewise, a couple years ago I published a web site that chronicled my adventures of getting into any building on campus after-hours (I was forced to take this down, which was probably for the better).

If even a big university with expensive research labs and sensitive student information can't keep its buildings locked up, I wonder what security measures (both virtual and physical) will look like in the future?

While re-reading this in the morning, I laughed at the thought of physical CAPTCHAs to keep real-life spam-bots out of buildings... man, the future is awesome.