Slashdot Mirror


AT&T Identifies Widespread Security Hole - In Locks

__roo writes "The New York Times has an article [free registration required] about a researcher at AT&T Labs Research who has discovered a little-known vulnerability in many locks that lets a person create a copy of the master key for an entire building by starting with any key from that building, and it requires little more than a file and a few key blanks."

12 of 462 comments (clear)

  1. i suppose that by mrpuffypants · · Score: 5, Funny

    so now Master is going to have to release patches and hotfixes?

    "Hey steve, check out my new lock!"

    "pffft, is it v.3.21.7?"

    "no"

    "that's like an invite for key kiddies and 1337 crackers"

    1. Re:i suppose that by HermDog · · Score: 4, Funny

      I must have missed the CERT advisory. Which Linux distros are affected? OpenBSD, of course, is not vulnerable as long as you use the default installation inside the welded safe.

      --
      JADBP
    2. Re:i suppose that by sg_oneill · · Score: 4, Funny

      No it was a "crack" that went around more in underground circles.

      It didn't come to attention till a spate of Office buildings found the safe hidden and the words "Ownzed by l337 b3rgl@rz!!!" spraypainted in foyers.

      I believe Scotland yard are preparing a deb update.

      --
      Excuse the Unicode crap in my posts. That's an apostrophe, and slashdot is busted.
  2. Upgrade quickly by angelsdescent · · Score: 4, Funny


    In the cert advisory, The Microsoft Corporation are quoted "Those who upgrade to Windows XP Service Pack One should be unaffected by this exploit"

    :-)

    1. Re:Upgrade quickly by squiggleslash · · Score: 5, Funny

      I think everyone should be made aware that this vulnerability largely affects doors rather than windows...

      --
      You are not alone. This is not normal. None of this is normal.
  3. little known? by Talisman · · Score: 4, Funny

    "...a little-known vulnerability in many locks..."

    Yeah, until now.

    Talisman

    --

    "Study your math, kids. Key to the universe." -The Archangel Gabriel
    1. Re:little known? by stud9920 · · Score: 4, Funny
      "...a little-known vulnerability in many locks..."
      Yeah, until now.
      You do not actually believe ./ folks read the article, do you ?
  4. security by v(*_*)vvvv · · Score: 5, Funny

    This is hilarious.

    I mean, anyone can break a window and jump right in!!

    We can call that a "backdoor", and the plywood to cover them "patches".

  5. In other news... by grahamlee · · Score: 4, Funny

    Xerox PARC have issued an advisory stating that any combination lock can be "cracked" by a malicious terrorist with a finger. Due to the digital [sigh...] nature of this crime, it is now illegal to own a finger under the terms of the DMCA and patriotic Americans are being asked to remove all their fingers in a show of solidarity. U.S. President, George W. Bush, is said to be having some difficulty removing his finger from his arse. £:-)

    BTW did the original story remind anyone else of the safe-cracking chapter in "Surely you're joking, Mr. Feynman"?

  6. This is clearly illegal! by Lethyos · · Score: 5, Funny

    I think that the manufacturer of the locks should sue AT&T under the DMCA for exposing weaknesses in an access control device. Furthermore, AT&T are terrorists for releasing this sensitive security information to the Net before other sites using the same locks are able to correct the vulnerability. I demand that the perpetrators that discovered the weakness with these locks be sentenced to life in prison. We can't have these hackers running free, finding security holes and disrupting national security!

    --
    Why bother.
  7. Schlage to Invoke DMCA by Bob9113 · · Score: 3, Funny

    A Schlage employee, on condition of anonymity, said that they were consulting with their legal team on the feasibility of invoking the DMCA against Matt Blaze and AT&T. "Schlage locks are frequently used as a technological measure to protect copyrighted materials. By trafficking in information which allows the compromise of these locks, Mr. Blaze and AT&T are clearly violating the Digital Millenium Copyright Act."

  8. Re:Oh, one more thing... by Obfuscant · · Score: 3, Funny
    ...cut the hilt off so that the key will go in too far to work.

    This is still too dangerous, since they can see that you cut off the hilt and they can just compare your key to theirs (if they have a master of their own.)

    Much better to cut the key backwards -- that is, the cut normally at the end appears next to the hilt, etc. Unless the master is symmetrical, they won't be able to compare it to theirs, and it won't work when they try it.

    Of course, you'll have to insert it from the back of the lock to use it, but that's a minor inconvenience compared to prison time.