Architectural Mailboxes’ “Security” Mailbox [UPDATE]

After posting my video demonstrating the easily exploitable security flaw in Architectural Mailboxes’s security mailbox I was contacted by the CEO of Architectural Mailboxes who had this to say:

Hi Adam,

Thank you for reaching out to our company. After viewing your video it is apparent that the mailbox display you videotaped is a very early design. As with all products we are constantly looking for opportunities to improve the designs. This display may even be from the very original sample sent to the store and the retailer never changed out the display when an inline design change occurred. The Oasis Jr. mailbox is on the shelf in literally thousands of stores due to it being the #1 best-selling locking mailbox in the USA for several years running. I assure you if you were to buy the Oasis Jr. today you would find that your hand would not be able to fit in the opening past the curve.

We would be very appreciative if you could provide us with the store name and location so we can send them a new display.

Thank you for bringing this to our attention.

Sincerely,

Vanessa Troyer
CEO

I found the explanation curious since my wife originally pointed out that she discovered this flaw years ago. Maybe I was assuming too much but is seemed to me that the old displays would have been purged by now. So I asked Vanessa if she could provide a demo of the current design that showed that one could not reach into it and grab mail out.

To my surprise Vanessa was very approachable and offered to send me an updated unit to try first hand. She also requested the location of the Home Depot the first video was shot in so that she could make sure their display was changed out.

I’d have loved nothing more than to show you how the mailbox was still insecure but that simply isn’t the case. As you can see in the video even our youngest child-unit, who has arms like toothpicks, could not get his arm inside the mailbox.

I want to commend Architectural Mailboxes for their rational response to my initial post. It’s nice when a company responds to criticism in a calm, measured and respectable way (unlike others).

UPDATE: 6/9/2012 – Vanessa, CEO of Architectural Mailboxes, offers the following additional info:

I wanted to point out that with all USPS certified locking mailboxes there needs to be an opening to allow the USPS carrier’s hand to deposit the mail (in the Oasis Jr.’s case a small parcel also). The objective for us was to allow delivery while at the same time make it very difficult for anyone to reach all the way into the Oasis Jr. and retrieve the mail from the mailbox floor. In an ideal world we could make a solid door where one side is housed with a homeowner lock and the other side is a USPS control lock. Although this would be a more secure option it is not a realistic one as it would require the USPS carrier to carry a key for every locking mailbox they deliver to. This would add an additional step to the delivery process and the cost implication would be significant. At present, the USPS is operating in the RED and we do not anticipate this occurring any time soon, if ever.

For now you will only find two types of locking mailboxes on the market; letter slot style which can accept letters/magazines and hopper door styles like our Oasis Jr. which in addition to letters/magazines can accept small parcels. In addition, when the Oasis Jr. is installed on a post where the entry point is located at 54” off finished floor this makes it a bit more of a challenge for one to reach into the mailbox. I think you would be surprised how many tests and scenarios we create when developing a product, a lot of time and resources are spent trying to constantly improve our products. We too rope in people with long slender arms to help in the testing.

END UPDATE


Full Disclosure

I had asked Vanessa to send me a video of them demonstrating that you could not put your hand completely in the mailbox. I also offered to test the mailbox myself if they would send me one, that I would send back after testing. Vanessa kindly asked my color preference and said that I could keep the mailbox after I was done testing it. So yes, I got a free mailbox. Make of that what you will, it does not change the fact that, as you can see in the video, the flaw demonstrated in the first video is not present in the updated mailbox design.

Architectural Mailboxes’ “Security” Mailbox

Turns out the mailbox shown in this video was an early design that was being (improperly) used as a display – click here for more info.

Via the Architectural Mailboxes’swebsite (emphasis mine):

Our Oasis Locking Mailbox has an innovative oversized patented Parcel Delivery Door which allows for delivery of small parcels and mail bundles, keeping items secure until the box is unlocked. The delivery and access doors are equipped with weather tight seals to keep mail clean and dry. The Oasis has a re-keyable zinc plated cam lock with zinc die cast cylinder. Every aspect of the Oasis locking mailbox was selected to provide security, durability and style.

Architectural Mailboxes, you use the word “security” but I think it means something different than what you must think.

Turns out the mailbox shown in this video was an early design that was being (improperly) used as a display – click here for more info.

On WordPress Security

It’s no secret that WordPress is a popular target of malicious hackers. One of the least sophisticated attacks against a WordPress site is to brute-force the administrative login. This type of attack — which is simply an attacker (or an attacker’s bot) attempting to guess the admin password — is simple but the ramifications of success are profound. Imagine what an attacker can do if they have complete control of your WordPress install.

It’s tempting to think that only large sites are targeted and that small sites have little to worry about. While it’s true that a high traffic site may, for a number of reasons, make for a more tempting target as my test results show an attitude of security through obscurity is a mistake.

Continue reading

Computer Power Usage

A friend asked me how much it costs to have his office computers running 24/7. So, I used my current measurement interface and multimeter to measure how much current one of the systems drew in various states of use. Knowing the current draw I could figure out how much wattage the system was using in those various states of use.
volts x amps = watts

I found the Oregon commercial electric rate of ¢7.63 per kilowatthour from here and used the following formula to figure out the cost to run one system 24/7:

watts x 24 hours x 30.5 days/month = watt hours (Wh)

Wh / 1000 = kilowatthour (kWh)

kWh x ¢7.63 = cost per month to run computer 24/7 for month

What’s most interesting is that when the system and the monitor were powered off they were still drawing 9.6 watts! That’s ¢54 a month just for the privilege of having the device plugged in!

Wikipedia – Vampire Power