AT&T Identifies Widespread Security Hole - In Locks
__roo writes "The New York Times has an article [free registration required] about a researcher at AT&T Labs Research who has discovered a little-known vulnerability in many locks that lets a person create a copy of the master key for an entire building by starting with any key from that building, and it requires little more than a file and a few key blanks."
so now Master is going to have to release patches and hotfixes?
"Hey steve, check out my new lock!"
"pffft, is it v.3.21.7?"
"no"
"that's like an invite for key kiddies and 1337 crackers"
In the cert advisory, The Microsoft Corporation are quoted "Those who upgrade to Windows XP Service Pack One should be unaffected by this exploit"
"...a little-known vulnerability in many locks..."
Yeah, until now.
Talisman
"Study your math, kids. Key to the universe." -The Archangel Gabriel
This is hilarious.
I mean, anyone can break a window and jump right in!!
We can call that a "backdoor", and the plywood to cover them "patches".
Xerox PARC have issued an advisory stating that any combination lock can be "cracked" by a malicious terrorist with a finger. Due to the digital [sigh...] nature of this crime, it is now illegal to own a finger under the terms of the DMCA and patriotic Americans are being asked to remove all their fingers in a show of solidarity. U.S. President, George W. Bush, is said to be having some difficulty removing his finger from his arse. £:-)
BTW did the original story remind anyone else of the safe-cracking chapter in "Surely you're joking, Mr. Feynman"?
I think that the manufacturer of the locks should sue AT&T under the DMCA for exposing weaknesses in an access control device. Furthermore, AT&T are terrorists for releasing this sensitive security information to the Net before other sites using the same locks are able to correct the vulnerability. I demand that the perpetrators that discovered the weakness with these locks be sentenced to life in prison. We can't have these hackers running free, finding security holes and disrupting national security!
Why bother.
A Schlage employee, on condition of anonymity, said that they were consulting with their legal team on the feasibility of invoking the DMCA against Matt Blaze and AT&T. "Schlage locks are frequently used as a technological measure to protect copyrighted materials. By trafficking in information which allows the compromise of these locks, Mr. Blaze and AT&T are clearly violating the Digital Millenium Copyright Act."
Stop-Prism.org: Opt Out of Surveillance
This is still too dangerous, since they can see that you cut off the hilt and they can just compare your key to theirs (if they have a master of their own.)
Much better to cut the key backwards -- that is, the cut normally at the end appears next to the hilt, etc. Unless the master is symmetrical, they won't be able to compare it to theirs, and it won't work when they try it.
Of course, you'll have to insert it from the back of the lock to use it, but that's a minor inconvenience compared to prison time.