Slashdot Mirror
Kensington Laptop Locks Not So Secure
eric434 writes "According to a security alert released by Security.Org, the Kensington laptop lock that many of us use and love isn't secure. In fact, it can be opened in 30 seconds after about a minute of practice with a $1 worth of equipment. (A Bic pen, and a pair of scissors. In the interest of giving people some time to stop using the locks, the actual method of opening the lock is left up to the reader.)
To make matters worse, Kensington's 'We'll give you $1500 if someone steals your laptop' guarantee doesn't apply -- because the process of opening the lock doesn't damage the lock or cable." Mind the source, though -- security.org wouldn't mind selling you a book on locks and safes.
sooo... if you steal my laptop, please take the cable and lock, so I can still get my $1500...
We'll give you $1500 if someone steals your laptop' guarantee doesn't apply -- because the process of opening the lock doesn't damage the lock or cable.
After your lock has been cleanly picked, go to your local Home Depot, get a cable cutter and cut the cable yourself. Make sure you make a real mess of it. Then send back to Kensington and claim the $1500.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Just because the cable and the lock were not damaged does not mean that the lock and cable actually did the job correctly! Kensington should pay the warranty claim out since it was obviously ineffective in actually securing the device.
If you use this Kensington lock and your laptop gets jacked, use a pair of bolt cutters and damage your cable before filing your claim.
well. . I mean I guess it wouldnt matter to me wheather it was a len or a wire cutter. 1500 dollers might cover a good portion of the hardware costs, but usually the information on the drive itself is far more sensitive. What they need is a lock that causes the computer to self distruct.=) it not only protects the programmer, but teaches the thief a good lesson!
How Now Brown Cow
Wouldn't a simple pair of wirecutters do the trick to begin with? I don't think you have to be McGuyver to get through those locks.
"I use a Mac because I'm just better than you are."
For the sake of those who thought to RTFA, the article gets you to email the author regarding the details of the exploit.
Extract from article:
You may contact the author for further details as to the method of entry. All computer owners and administrators should be aware of the potential for theft if you utilize this device. The full details of how to compromise this device are contained in LSS+ Version 5.0 Multimedia edition of Locks, Safes, and Security. Kensington may be contacted for further information at 800-535-4242. The company was notified of the problem by the author on July 13, 2004 and has refused to comment on or acknowledge the problem, or to return any telephone calls or e-mails. The author believes that the manufacturer can remedy the problem and should be required to do so. All purchasers of this device may wish to request a replacement from the manufacturer that prevents this form of bypass.
"And we have seen and do testify that the Father sent the Son to be the Savior of the World" 1 John 4:14
I just arrived home from an out-of-state family reunion, where I had my ThinkPad locked to a picnic table with a Kensington lock, to find out that my computer was not nearly as secure as I would have thought. My wife points out that there were pens and scissors there, too! They could have taken my preciousssss!
Does this mean I can get a Powerbook to replace the Tandy 286 laptop I have sitting in my closet?
I saw MacGyver do this years ago.
And *he* didn't need the scissors.
---anactofgod---
---anactofgod---
"Equal opportunity swindling - *that* is the true test of a sustainable democracy."
They probably use the bic pin to set the pins and the scissors to apply the torque.
You do realize that the DHS protects its laptops with Kensington locks, right? That means you just won free holidays in Cuba.
-- Signed: John A. <ashybaby@dhs.gov>
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Kensington should start selling a lock for their laptop lock! Money in the bank if you ask me...
I've seen those computer "locks" on the back of computers that need those special round keys. They replace screws to try to prevent someone from opening the case. What I found over time when working with them, is that you can just use a set of small pliers to twist them off. Not very secure at all.
This is for ONE lock model, and not the security slot itself. Probably a product defect.
A simple pair of wirecutters would not remove the locking cylinder.
The point of the Kensington lock is not so much to secure the laptop to something as to ruin the resale value of it by virtue of the damage likely to occur to the laptop if the lock is forcibly removed.
This hack apparently allows the lock cylinder itself to be cleanly removed, rendering the lock useless and giving the thief a laptop to sell that doesn't scream out "Look at this torn-off case plastic! I was stolen!"
Most laptop locks are insecure.
Back in 2000 I had one of those Kensington motion sensing laptop locks which gave off this ear-piercing noise if anyone moved the device.
Thing was so insecure that I was playing with it in the airport on a business trip one day and I realized all I had to do was to push the pin inwards and it immediately came off.
Sure, the alam went off too, but it still wouldn't have stopped someone from jetting away and stealing the bag or laptop.
Now, I secure both my laptops (work and personal) the old fashioned way. I never let them leave my sight or I lock them in a locker or the trunk of my car.
Physical controls can't beat plain common sense sometimes when it comes to the security of your personal belongings.
Neer leave a laptop bag in the front-seat or rear-seat of your car iwhere it's in plain sight. That's just begging for someone to smash your window and steal it.
Also, don't carry your laptop around in one of those $200 leather laptop cases. I use a backpack. Sure, it was designed for a laptop but it doesn't look like it was. Maybe I have gym shoes and a change of clothes in there, or maybe I have an iBook, iPod, spare battery, Tréo 600, Passport, etc.
Then again, maybe I don't.
When I'm at Starbucks for a few hours, the caffine gives way eventually. Fortuantely the Starbucks I frequent gives police officers free coffee. I'm nieve enough to hope that one of them would notice if someone was taking pliars or a bic pen to my laptop while I was peeing.
Even so, it prevents someone from just picking it up as they walk by. That's all I ever hoped the cable would do.
A Bic pen, and a pair of scissors...
Damn you MacGyver!!
They probably use the bic pin to set the pins and the scissors to apply the torque.
Correct.
That method actually works for any/all barrel-type locks, though the better quality ones (e.g. vending machines) will have tighter tolerances and stronger springs making them much more difficult.
Kensington just needs to spend a few more bucks on a higher quality mechanism (preferably with more than 5 pins!! Geez...)
Hell, I can pop most locks in under a couple of minutes. :)
The cost is not the materials used, it's the expertise and practice. Be aware, most policemen are well aware what a set of picks looks like, even if you disguise them.
Having met someone who is a self-confessed expert in "reappropriating" other people's property, I have been told any laptop lock can be twisted off easily with a pair of needlenose pliers with no damage to the laptop.
A cordless Dremel.
The Kensington locks are flimsy as heck. We had better cables than that on the computers in the labs in college, and I got a couple old Macs from them with the security tabs/cables still in place. A Dremel took it out in 30 seconds.
p
In Korea, long hair is for old people!
...about the durability of the slot where one inserts the standard laptop locks. Though I'm not about to try it myself, I imagine that one could easily shear the lock off with the right amount of leverage and separate it from the laptop. Now it might take a bit of work to repair the chassis to re-saleable condition, but it's still possible, no?
This reminds me of one of my favourite pieces of Australian TV.
I'm sure you are all familiar with steering wheel locks, the most well known in Australia is called a Club Lock.
A magazine called "Choice", which reviews and tests products, reviewed all available steering wheel locks and claimed that the Club Lock could be defeated in less than 30 seconds by someone with no experience at car theft.
The manufacturer responded by modifying and improving the lock mechanism, but the magazine repeated their claim that it could be defeated easily.
This went on for about 4 generations of Club Lock and saw the introduction of a "star shaped" key to making picking the locks "impossible", as well as other developments. But Choice maintained that the Club Lock had not been fixed and anyone could defeat it in under a minute.
A local TV current affairs show filmed a carpark showdown between the manufacturer of the Club Lock and a reporter from the magazine, as the manufacturer prepared to release their latest model and the magazine claimed it would be able to defeat it in less than 30 seconds.
They were screaming at each other in a car park and honestly looked like they were going to hit each other. The manufacturer claimed (in near hysteria) that it was impossible for someone to pick their locks, and that the magazines claims were wrong. The magazine denied this, and so were challenged to demonstrate their claim on TV.
A brand new model Club Lock was placed on a car steering wheel.
The magazine reporter got in the car, grabbed it, and gave it a good hard yank, and it came off easily.
The manufacturer went very very quiet.
The funny thing about this - and the reason I remember it - was that the people who made Club Locks never asked the magazine HOW they'd been defeating their product. They all assumed that the locks had been picked. Practically all the improvements they made to the product over 4 years were in improving the lock mechanism. They never expected that the piece of metal which hooks around the steering wheel was so weak it could be easily bent. They shouldv'e thought laterally.
Anyway it was very funny. Trust me, I still remember it and it was about 15 years ago.
Putting syrup in coffee is some form of blasphemy.
I dunno how you'd use a bic pen as a pick. I'm thinking this is a mechanical defect. Sure, the scissors could be used for torque, but there are better things for that, like a bent screwdriver. I think this is at a different point on the lock. Perhaps, and I'm speculating here, where the lock hits the cable?
Since when has this country used intellectual elite as a pejorative term?
Parent's "Doom Tweak Guide" link is nasty-fake. Don't click. :)
I have a powerbook. what loc should i buy if the Kensington one sucks?
Look, laptop locks are psychological blocks, not physical blocks. If you can't hork a cablelock out of a plastic laptop case in less than 15 seconds you don't deserve to steal that laptop.
They keep honest people honest. They're speedbumps for the pros. Don't leave you leptop alone!
The whole thing is kind of depressing.
Kensington, a company which has, from my past experience, made good use of "good image marketing", has made a guarantee with a product, realized that that guarantee is, well, expensive, and now refuses to honor it.
The lock picking people are using the entire thing as a teaser to sell a product.
I'll bet if some lawyer picks up on this, they'll start a class action suit with horrible stories about how much damage could be caused, so on and so forth, and try to rake in a hefty percentage of some settlement which will give everyone else involved about $1.50 per person.
The problem with involving money in something is that we are taught to act like complete assholes in the name of earning money (and I'm not saying that we shouldn't), but where there's money, there's assholishness.
This is particularly sad because once-upon-a-time Kensington made really nice (though expensive) trackballs. A nice big ball, plenty of buttons, etc. I heard a story about one guy that asked if he could buy a replacement trackball ball because his son liked to play with his ball and eventually lost it, and Kensington sent him a replacement ball -- and twelve more "for his son to play with". I thought that was kinda cool.
Their trackballs are supposed to have been going downhill, though, with cheaper, shoddier parts (especially that "ring around the trackball scroll wheel" device).
May we never see th
Most of the hardware at my high school was locked down to the desks using cable locks, but the mechanism used to attach it was certainly inferior to the kensington type.
Basically, there was a metal reciever that was screwed into a rubber/plastic pad that is epoxied to the hardware you want to keep. The cable is slipped through the reciever and then locked to a suitably heavy piece of cheap furniture, while the other end was to large to pass though the reciever However, since the unlocked end was not attached to anything, you simply slacked the cable, then passed the end under and around to unscrew the reciever from the epoxied pad.
It wouldn't have worked if it was riveted instead of screwed, but then again, it's a really a deterrent in the end.
Even people that believe in pre-destiny look both ways before crossing the street.
I got it, I think! It's a tubular lock, but a damn big one with weak springs. Use the scissors as a torque wrench to apply constant turning pressure. Use the pen to push in the individual pins. Very weak lock.
Since when has this country used intellectual elite as a pejorative term?
What would you want that for?
My other first post is car post.
Just use the DMCA's anti-circumvention clause and ban bic pens, and scissors! I'm sure this follows the spirit of the law, and totally what the legislators intended the DMCA for. Enforcement of this ban should be pretty easy as well...
"There is no spoon." - The Matrix
I just leave my crappy old 150mhz Toshiba next to a few friends' Powerbooks.
Problem solved.
From the Kensington product description page linked in the article:
... ...
D. The laptop was stolen by any means other than violating or breaking the Kensington brand Guaranteed Notebook Replacement MicroSaver Lock.
Guarantees replacement of any locked laptop that's stolen
Sounds pretty specific, huh? ANY locked laptop that's stolen... Which is quite different than what it says when you click the warranty link on the page...
If theft of your laptop computer results from the Kensington Guaranteed Notebook Replacement MicroSaver computer lock being broken or opened by forceful means Kensington Technology Group will pay you the replacement value of your laptop up to US $1,500.00.
It goes on to say:
Kensington Technology Group will NOT be liable if the theft occurred because:
Now... that seems pretty vague to me. Are they talking specifically about the locking device? Or are they talking about the entire thing and calling it the Guaranteed Notebook Replacement MicroSaver Lock because that's the name of the product? Vague vague vague...
sig.
Thanks for pointing that out, you just caused about 50% of the people reading your post to click the link.
I'm running Firfox on Linux, so I figure it can't do much of anything to me... D'oh.
An infinite string of new windows (tabs in my case) isn't fun regardless of platform. Especailly when running the session saver extension.
Why pick on Kensington?
Anyone who knows how to pick a lock can open most locks with 5 cents worth of equipment: a couple bent paperclips. Lets write a big story about how all these locks are weak.
So what? The lock is pickable; so are most other locks.
Unless the big story here is about the warrany. The fact they knew the lock is weak, so they worded the warranty in a way to avoid paying up.
Those "super-tough" Kryptonite U-locks take all of 15 seconds to cut through. I had a friend lock her wheel to the frame on her bike, and lose the key in a move. We were all set to resort to drastic measures with a blowtorch or liquid nitrogen, but all it took was compressed-air cutting tool (like a dremel, but powered like an impact wrench) with a proper cutting disc. Radiac, if I remember right. Went through it like butter. I've kinda lost all my faith in security products since then-- the first thing we tried went through it before you could say "hey, where's my bike?"
The shower of sparks might be a giveaway in a public place, though, so at least you've got that going for you.
is it strange that i have a logitec sound system and a labtec mouse?
Snowden and Manning are heroes.
Kryptonite has a similar warranty. Though if your bike is stolen, they often steal the lock, as well, leaving you with no evidence of a broken/compromised lock. So bike messengers will keep a spare Kryptonite lock. If their bike is stolen, they beat the crap out of the lock, busting it open, and then use this busted lock to claim their warranty.
It looks as if the crack is for barrel=key type locks, not the combination type. Can anyone confirm this?
Mecworks BLOG
In the Summer 2004 issue of 2600 Magazine there is an article on lock picking with less common types of picks. They talk about how to pick a lock with a pen, bobbe pin, sciccors, and everyones favorite the paperclip.
They probably use the bic pin to set the pins and the scissors to apply the torque
Yeah? I say set the torque with Bic pen. You could then set the pins with a stiff wire. Simple for a hacker. Wasn't MIT full of great locksmiths? (By no means, I'm not one!)
Are you aware how fucking stupid your story is? Exactly how many bike thieves do you know carry around a fucking air compressor to power their tools? Of course the proper tool cut through it like butter, what the hell do you expect? The same applies to diamonds, for fuck's sake. Locks like that aren't to protect against fucking air tools, they're to protect against hacksaws and bolt cutters.
'Standards' in computing only impress those who are impressed by things like 'standards'.
When in doubt, use brute force. -- Ken Thompson
Call me old fashioned, but I like a dump to be as memorable as it is devastating - Bender
i didn't get any popups, but i did have to kill the process to regain controll of my system.
Snowden and Manning are heroes.
... Well, they are, but any thief intent to steal a laptop-- and who is prepared and has the equiptment ready to do the job-- will probably get away with it. This implies some forethought, though. Ask anyone who's owned a bicycle in NYC... There is no lock that can't be broken.
What locks ARE good for, is deterring the casual thief. Someone who spots a notebook untattended in a library, a cafe, an office, sees that no one around... And grabs it. They're not likely to pick a lock or cut a cable. Since this is far, far more likely-- unless someone is really casing you for the info. on the computer-- it does make sense to use a lock.
If you lie to the police, they can arrest you and the District Attourney can prosecute you for filing a false police report. The judge will find you guilty based on the testimony of the officers and evidence that what you said was false. That's what's wrong with lying to them.
If the police lie to you, that's just an ordinary interregation technique.
My other first post is car post.
You have to admit, it's a pretty impressive hack. Even on my hardened gaming rig (Windows tweaked down to an inch of it's life, Firefox, no plugins, ActiveX or Java) it still hung my system. Nice work, you sick bastard! :)
He was arrested recently.
Disclaimer: If I disagree with you I'm probably trolling...
I have two ideas on it.
:)
:)
The first is what you're implying, using common tools like a lockpick set.
The other, which may be more likely in this case is the way I "encourage" doors open when some fool locks themselves out.
I'd be willing to bet that this lock sets itself when you slide the end of the cable in. Kinda like a door latch. It slides over the angled bolt, and once it's over it is trapped til you use the key.
If the pen was a common white bic, and you removed the tip, ink, and back, you'd have a thin plastic white tube. If you used the scissors to cut the tube in half, even for just an inch or two, you'd halve a half-pipe roughly the size of the cable. Slide that down between the cable and the lock, and it would push the lock's bolt out of the way, and allow the cable to come free.
It's a little harder to do with a common home or office door, but can be done with a credit card.
This doesn't work for dead bolts (obviously). It also don't work on most padlocks, because the space is too small to slide something in.
Personally, I believe locks to be a tool to make people feel safe, and to keep 'honest' people honest.
A locked office in most office buildings can be accessed through the drop ceilings, or with the "assistance" of the janitorial staff.
A locked door on a house can be circumvented by going through a window, locked or not.
But, seeing a lock on a laptop, or a locked door on a room or building, makes a person think twice. The next one they find may be that much easier. Why go for the one with the Kensington lock that takes 30 seconds to steal, when you can just pick up the next guy's laptop bag with everything in it when he's not looking? You could tie your laptop off with a length of rope and be just as secure.
Kinda like 802.11b encryption. It's easy enough to crack, but most people will move on to the unencrypted network.
Serious? Seriousness is well above my pay grade.
You don't even need compressed air now. Those battery powered circular saws with the right blade are awesome!
Profanity - The sign of a small mind trying to express itself.
I've tried two other kinds of Notebook locks that are of very poor quality, also. Fellowes was one of them. The other was a no-name Chinese brand from a wholesaler.
Abrasive cutting disks are hard to defend against. I once tried one of the thin and brittle brown Dremel cutting disks against a U lock to see what it would do. I only made a small notch since it wasn't my intent to destroy the lock, but it did indeed cut pretty easily. Just not nearly as fast as the larger tool that you used, and of course, the little brittle discs break a lot.
I also once used an abrasive blade in a circular saw to cut up the metal part of an old couch in order to put the pieces in a dumpster. It sliced through the spring steel wires with amazingly little effort. Though like you mentioned, it would be hard to be inconspicuous doing this.
On of those new lithium cordless dremels with a standard cutting wheel would probaly get through pretty quick. Just a few minutes alone with it would be all you need.
Things are not as they appear, nor are they otherwise
This had no ill effect on Safari, they still have to put in the Safari part of the code...
I subscribe to the famous "If I can't have it, no one can" theory.
If I see an unguarded locked laptop, I dump a cup of coffee onto the keyboard.
Ok, not really.. but I wonder if anyone does this. I remember Denial of Service was a huge thing to do in highschool. People would beat the shit out of random combination locks on peoples lockers, you couldn't get your locker open. Bastards.
Parent's "Doom Tweak Guide" link is nasty-fake. Don't click.
Just a short moment after I read your comment, I noticed that 264228 changed his signature and replaced the link with a different one. (Yes changing your signature also applies to older comments).
Do you care about the security of your wireless mouse?
use this and know that you have the largest... chain in the office http://www.kryptonitelock.com/inetisscripts/abtine tis.exe/PublicArticleDetails@public?artid=3037&atf =products_item&pgrp=20
be the envy of all your geek friends
http://www.kryptonitelock.com/
I like the way you spell it, sounds so much more right! just like color and behavior and .. so many other things ..
Megatokyo? Do you have one of those blue 'Miho in the snow' blankets you'd like to sell to me? (I'm in .au)
In regards to your sig -- IIRC, the Kimiko blanket was blue, and the Miho blanket was black. (See the old store at the Internet Archive.) I'm afraid I don't have one, although I wish I did. Here's hoping Fred will add them to the new store soon!
The people who moderated this up have no idea what the DMCA is.
How does this violate a copyright? Or how the fuck is it even digital?
Not a Twitter sockpuppet... but I wish I was.
You don't need this, get a chunk of iron pipe with an ID just a little more than the OD of the lock body. Cut about a 3 inch slot in one side of the pipe just wide enough to go past the U bar. Slide this end over the lock barrel and pull, the tang of the lock will give way suprisingly easily. This is why you see the couriers put an iron pipe T on the lock, prevents you from sliding one of these on. Don't need liquid nitrogen either. Seen a demo where the metal can be made brittle enough to break with a hammer just with with an aerosol can of something you can buy at the grocery store.
Better you just let the a-hole take it and get some some use out of it, I'd say.
On the other hand, if you are actually watching it (I mean, who locks a laptop and leaves it somewhere?) prolly nothing will happen to it.
This is analogous to the $500 damage someone does to your car to pull a stereo that has a $20 street value.
I am just rambling now... but what good is a laptop cable anyhow? Seems to me you have a couple of scenarios; A cable might work if you don't quite trust your roommate or his friends, I guess. Otherwise, forget it. You are in a "safe" environment, or not.
Bottom line, if you leave something valuable where folks might steal that something, it will get stolen, sooner or later.
I know, I've had much damage done to cars for little apparent gain for the thief. On the other hand I leave "tens of dollars" worth (but no more) of stuff on the sand when I am at the beach (add it up - towel(s), backpack, sunscreen...) with no ill results, so I am not totally paranoid, but not stupid either.
This issue is a bit more complicated than you think.
... is use those same amazing, unhackable screws that bathroom stalls are put on with. Those suckers are super secure! When civilization has its downfall, and all potentially useful metal scraps have been scavenged, we'll still have fully-assembled bathroom stalls.
Objects at rest, such as the parts that make up the mechanism of a lock, tend to stay at rest in the absence of outside force. It clearly takes some force (in the classical-mechanics sense) to pop any lock.
I have played with one of these locks, and they are not made well. I assume the guts of them are not machined to very close tolerances. Locks that are not machined well are vulnerable to picking much easier.
If you look at the lock, you'll see a center thing that rotates. Open the scissors slightly, put one end into the notch on the center thingy, and the other end somewhere into the circular groove surrounding the center. Inside the groove are tiny pins... Apply a slight turning force on the scissors, and then use the Bic pen to poke each pin until they snap into place. You may have to poke each one multiple times because only one will be able to fall into place at a time, and you won't know which one because each lock has different tolerances due to they quality of manufacturing.
You can actually buy devices that do this all for you through lockpicking sites. However, I think the kensington lock is a bit smaller, and the commercial ones probably will not fit.
In any case, the lock is still a deterrent. I used to work in downtown minneapolis. Around christmas time, laptop thefts in our office would go up dramatically. Theives would get dressed up, and walk into the office like they were supposed to be there, and then just grab one and leave. Because there were people everywhere, spending 30 seconds doing something shady to a laptop lock is probably not something they would want to do. Especially since there were plenty of non-locked machines laying around.
Need Free Juniper/NetScreen Support? JuniperForum
Combination locks are usually just as easy. It took me a couple of hours to work out how to open these Targus Defcon CL locks, but now I can do it in under a minute, with no tools, and find the combination. Or, I can find a digit in 15 seconds and come back later.
These days I get emails in my work when people forget the combination on their locks to come and remove them. It's really easy, and I think if everyone knew it would be barely worthwhile using them.
If you're going to be pedantic, try for accuracy. From
Main Entry: product
Pronunciation: 'prä-"d&kt
Function: noun
1 : the result of work or thought
2 a : the output of an industry or firm b : a thing created by manufacturing
3 in the civil law of Louisiana : something (as timber or a mineral) that is derived from something else and that diminishes the substance of the thing from which it is derived --compare FRUIT 2a
Source: Merriam-Webster Dictionary of Law, © 1996 Merriam-Webster, Inc.
dictionary.com
Ummm..... you have to understand the context of the joke. A while back, there was a slashdot article about Sony touting its new high tech copy protection stuff for its CDs. Ironically, this copy protection was circumvented by a humble felt marker pen. So, there was a joke on slashdot that Sony would use the DMCA's anti-circumvention clause to ban felt markers. My comments above is to poke fun at these cases.
Loosen up dude! It's funny... laugh.
"There is no spoon." - The Matrix
We use them at work. And while I use them to lock my laptop to my cubicle (of if I have to travel), I really don't trust them.
At most, they're like "The Club (tm)". Sure, they MIGHT deter a thief from wanting to risk stealing the laptop or tempt them to steal someone else's laptop (that ISN'T secured).
But unlike cars, you rarely see a number of laptops in a row to choose from, unless it's after-hours in an office or school lab. So, if a thief sees it sitting on a desk in a library, there's a good chance they'll take it since it's just so damn tempting.
Personally, I never let my laptop leave my sight. If I'm staying at a hotel, I either take it with me when I go out, or (if it's a nice hotel) I place it in my backpack and hide it somewhere.
I once accidentally left a $300 radio in a car with the driver's side window fully open sitting in Hyde Park (Chicago) while out of town for two weeks. Came back to find the front seat covered with tree leaves that had blown in, and the stereo right where I'd left it.
There are benefits to driving a car so old and filthy that no one even bothers to look at the dash. }8^)
... the language to make the insurer liable only for events that could occur in an alternate universe where our laws of physics and causality have no meaning?!?! At least we have the a comfort of knowing that that hollering at people works in either universe.
I think the poster didn't see it as a joke because it's not particularly funny.
I'd wondered how the thief managed to cut the cable without making any noise, but I was picturing bolt-cutters, not a pair of scissors and a pen!
Danny.
I have written over 900 book reviews
I have a (non-Kensignton) laptop cable with a 4 digit combination lock. During one boring stay overnight in a hotel I discovered that if I pulled the removable locking mechanism (as if I was legitimately removing it) and twisted the number rings I could FEEL when the right numbers were in place. After about 15 minutes of practice I could remove the lock with my eyes shut in about 10 seconds. I verified this with my wife's lock - same type, bought at the same time. I use mine as a vidual deterrent only now!
AT&ROFLMAO
Thanks, I had a sneaking feeling that I had that mixed up. I have the black Miho blanket - the Aussie dollar was in much better shape while the black one was available than back when the blue one was. Once I realised what a nice blanket it was, I wished I'd not held back, and instead bought both of them!
Hey look, .signature updates on slashdot are retrospective!
I find your ideas intriguing and I wish to subscribe to your newsletter.
I just posted a reply further down the thread about this - I can do complete 4 digit laptop combination locks in about 15 seconds now, by feel.
AT&ROFLMAO
That's one of the funnier things I've heard in a long time. And after a particularly dismal day, it really perked my mood. Thank you.
You're welcome.
:)
Oh, how I wish I could get one of those blankets -- but, of course, by the time Fred mentioned that the blankets wouldn't be in the new store, they were already out of stock at ThinkGeek.
WE NEED BLANKETS! YOU HEAR ME, FRED? MEGATOKYO READERS EVERYWHERE DEMAND BLANKETS!!!
In what looks like the 6th post at 7:29PM, someone suggests a dremel or cable clippers. Your post at 7:47 PM mentions a cordless Dremel.
To be fair, "cordless" was unique. Dremel was redundant.
After all, it's not a really secure lock like a cylinder, the number of combinations of the impressions on the rim of a key is limited so I guess there are only a few different lock combinations. Anyone could buy a Kensington and get one with the same key as yours.
In other news, I'm glad Fred went and did his own store (or at least 'another' store). I dunno why, but I can't help wondering if it's 'cos ThinkGeek gave him the same crap overpriced non-service as they gave me!
I find your ideas intriguing and I wish to subscribe to your newsletter.
Why not just strap a bra around the laptop?
That would at least prevent male thieves from stealing the laptop.
- Peter Brodersen; professional nerd
The scissors are used to torque the lock, they are jammed in the notch and twisted. Then you push the pins down and they will lock in place if tension is applied to the scissors. I figured this out in like five minutes. I am currently looking for a better tool to torque the lock.
2*31*37*263
This is like bicycles in the Netherlands. Everybody has one (or more), but they get stolen a lot (in 2000, about 900,000 bicycles were stolen, on a population of around 16 million). In the big cities, you need a good lock or three for your bike. Some people claim you need an extremely good lock (for student types, lock price equal to bike price is not uncommon, but that's because of the bike).
But that isn't true. All you need is a better lock than the bikes that are parked near yours. Getting that "The next one they find may be that much easier" effect is what you need, nothing more.
I believe posters are recognized by their sig. So I made one.
I've been to Amsterdam once, for work, and was amazed at how many people were riding bikes. I can imagine that it makes it pretty easy to make a bike disappear, when everyone has one (or more).
The only thing that was weirder was, while standing near Centraal Station, looking across the canal, an old Chevy truck that I'd expect to see in backwoods America, went driving by..
Other than that truck, it was a beautiful city. They almost couldn't get me to go back to the US. My first morning there, I felt like I belonged there.
Serious? Seriousness is well above my pay grade.
Want to buy a bike then? Only 10 euro ;-)
I believe posters are recognized by their sig. So I made one.
[i]I'd be willing to bet that this lock sets itself when you slide the end of the cable in. Kinda like a door latch. It slides over the angled bolt, and once it's over it is trapped til you use the key.[/i]
...) and then pass the locking cylinder through the loop (so basically you have a sling, wrapped around your desks feet, ...) and then you attach the locking cylinder itself to your laptop (notice the small rectangular hole? In there goes the lock and when you turn the key by 90 degrees, the lock's in place).
That's not how Kensington Locks work. Basically you have a cable with the locking cylinder on one side and a 'loop' on the other. To attach your Laptop (or TFT display), you wrap the end with the loop around some fixed part (desk,
Here's the online documentation of the original test.
Nope.
Look at how tubular lock picks work. Now consider that the plastic used with Bic pens is soft. Now look at the diameter of the pen.
The only reason you need the scissors is to cut the Bic.
This
I have a powerbook. what loc should i buy if the Kensington one sucks?
:-) - fold it up and take it with you.
Don't buy a lock. Maybe buy an extra battery to run your PB of the grid longer.
Whenever you're in a cafee and have to go to the loo - that's what I do when I'm dining out my iBook
Then again if you really want a lock to stop the quick grab and run strategy of Powerbook theft you might aswell just use a piece of thin rope and a knot.
We suffer more in our imagination than in reality. - Seneca
Wasn't MIT full of great locksmiths? (By no means, I'm not one!)
.sig:
Your
Want to crack Windows passwords? Check out my journal!
Heh.
Hmm... I can't believe it took this long for this 'exploit' to surface. Any geek with a laptop, some boredom and a paperclip should have figured this out already.
Anyhoo: what you need is a pair of scissors and a paperclip. if you have no scissors, a second paperclip will work, if not so well.
Jam one point of the scissors into the rectangular hole on the circumference of the circular key slot. Twist the scissors so that the inner part of the lock turns into the 'open' direction. Keep applying a gentle pressure, and use the paperclip to push in the little pins in the circular groove, one by one. Push down lightly and slowly until you feel the pin 'snap'. If you release the pin, it should be held in place and not spring back up again. If it does, just try first with another pin. Eventually you'll get them all and the lock will turn open. You can close the lock again in the same way.
Some of these locks have a security feature... when you've twisted the cilinder halfway to the 'open' position, it will lock again. In this case you'll need both points of the scissor to apply torque to the lock cilinder.
This isn't hard... with some practice, you can open these locks in a minute or 2. We used to do this at the office, going around during luch break to swap everyone's Kensington locks around, then watch the frustration at the end of the day, as everyone discovered that their key did not fit anymore. I know, it's lame, but we were bored okay?
I don't have any qualms about revealing the 'secret' of Kensington lock picking, as I would have with revealing a hot new exploit. This trick is years old, and asa I said: any bored person with a paper clip can figure this out for himself.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
I don't need yours, that next one doesn't even have a lock on it.
Serious? Seriousness is well above my pay grade.
Aw, there went one perfectly good guess.
:)
:) It took me a good 2 minutes to break into the garage at my current residence. I was being careful not to damage anything that was expensive. Masterlock padlocks are easy to cut off with a dremel and a cut-off blade. I could have had it in less than 10 seconds, if I had bolt cutters with me, or 15 seconds with a pry bar, leaving some damage. :)
:)
I'm tempted now to go to the store in the morning and get one, just to figure out how to pick it.
I'm one of those people who likes to know how to do everything, even if I don't use it for the typical bad reasons. I've done lots of potentially 'illegal' things, at the request of legitimate owners, because people aren't perfect. Getting root on their machines (because they lost the root password), opening those cheap money boxes (20 seconds with a paperclip). One that I giggle about is the key-locks on Dells. Between 10 seconds and 90 seconds, depending on the machine, and I'll have it wide open.
It's kinda funny, I don't steal things. I just don't deal well with people saying "You can't do this." I've been told it's a problem with authority. Maybe that's why no 3 letter agencies will hire me.
Serious? Seriousness is well above my pay grade.
How about a fake battery pack which is actually a couple of pounds of high-explosive?
Of course, it carries a risk to the legitimate user who forgets that the fake pack is connected...
-- The universe began. Life started on a billion worlds...
-- Except on one where stupidity was there first.
"What's a *man* doing with a *bobby pin*?"
Unlikely for a laptop lock, surely?
To have a right to do a thing is not at all the same as to be right in doing it
For what it's worth... The reply to my inquiry of the author:
"Use a papermate pen and impression the lock. Simple. Soft plastic
does it in seconds."
Is that with the lock unlocked? How does that help you with a locked device?
The sentence in question looks fine to me. The first part is an abstraction of the parent post. Alone, it is redundant, and raises the question of why the author bothered. The second part answers this so that the reader is not left hanging. It also reveals the author's thoughts which led to his question.
However, this is a moot point. The author was trying to be funny by speculating that the parent poster in fact worked at Starbucks. Since this wasn't a natural conclusion to reach, he used the colon to force the question and set up the punchline.
Thus I find no fault with his syntax. BTW boss, can I have next Thursday off? Squirrel season opens at first light, and there's a $50 prize for the first kill.
"A goldfish was his muse, eternally amused"
Ha! this story caught my attention because my laptop was stolen despite having one of those locks on it. Fortunately because it was locked down I got a nice widescreen Inspiron 8600 on the insurance. Still would be nice to get $1500 though. Curses.
If you buy a lock with an attached warranty, shouldn't it then also cover if the lock is so poorly designed that it can be picked so easily?
I'd feel screwed over if they denied my claim because they'd designed an inefficient lock.
Instead of locking the laptop to a desk or table, loop the cable around a body part - preferably a body part where constriction will not kill you (neck = bad, waist=good). When you stand up to walk away, the laptop will be dragged along with you.
This also serves as a work-around for many short term memeory disorders - answering once and for all the age old question of: crickey, where did I leave my laptop?
Next week we will tackle the problem of leaving valuable files in insecure filing cabinets. (hint: think backpack)
... was the Ford Escort. Mainly because they are so pathetically easy to steal.
I've used a Compucage lock for a long time, and so has my company. We've never lost a single laptop.
Check them out: www.compucage.com
I strongly recommend them.
pi=sigma{n:0-infinity}[(1/16)^n][(4/(8n+1))-(2/(8n +4))-(1/ (8n+5))-(1/(8n+6))]
I've never had a problem with IBEW or UAW. Treat them with respect; they'll treat you with respect.
If that's not good enough for you, then call State Farm.
Around here, you can tell the new engineers because they always cable up their laptops. After a month or so, they quit using the cables.
Never heard of one getting stolen off the shop floor.
"Reality is that which, when you stop believing in it, it doesn't go away." - Philip K. Dick
You're right. Cell phones cost much less than $50. It's contracts, R&D, and other mark ups that get added to the price that make them cost so much more. At an independent dealer you have to add in more markups as well as the additional cost from not having the market volume.
Never confuse volume with power.
Here's a clickable URL for those too lazy to copy and paste:
http://www.compucage.com
Divide by zero hurts my brain.
but didn't you agree to their terms when you bought their lock? they only warrant their cable - they'll say you should have read and understood that.
I should have posted longer, but was trying to keep it short. A plain old dremel worked almost as quickly, but needed two discs. We played around with it for quite a while after the first cut-- there's very little those locks protect against.
I don't think you'd have an issue carrying a battery-powered dremel and a dozen cutting discs to wherever you wanted to cut the lock.
Bolt cutters couldn't do it, to be sure. Abrasive cutting discs, no problemo.
Kids around here use a jack stolen from a car.
Any of those thumbwheel combination locks take me about a minute in good light. I can't quite do them by feel, but I can imagine that you could.
New South Wales (where Sydney is) Australia
It is truly sad that it takes all this specification in order for people to know where NSW is located. Saddest part is that most of the ignorance would be from my fellow Americans.
www.wavefront-av.com
...and put the flashlight under the seat.
I am very small, utmostly microscopic.
The fraud is by Kensington who tells you how secure their cable lock is and then say "ha ha ha, we said CABLE, not CABLE LOCK. Sorry!".
Actually knowing how to pick locks in of it self is not that big of a deal, anyone who's a locksmith or even a nerd can be properly trained and certified etc. The issue like anything else is what do you do with your knwledge? I know some rudimentary password cracking schemes some work some don't, am I theif god know! It is howevery very handy for helping little old ladies who rutinely forget their password while working in a computer lab. This "secret" is just using a torque pick, BFD. Kengsington on the other hand should make a better lock and own up to their garunte
There are several more affordable ways to pick a Kensington lock. One for example only requires two strands of human hair and a kleenex. But in the interest of giving people time to stop using the locks... I'll leave the actual method of opening the lock up to the reader.
Manual transmission cars use this lock on the clutch pedal. Obviously used on cars that can't start unless the clutch pedal is pressed down.
If you want to be reimbursed for your laptop if it is stolen, buy an insurance policy to cover it.
Yes, it might cost a bit more than a "good" lock, but not a lot more (my girlfriend insured her PowerBook for two years for $90), and you're guaranteed to get your laptop back if it is stolen. Or if it burns in a fire -- let's see your Kensington warranty cover that. Just make sure your policy gives you "replacement cost," not just "market value." And back up your friggin' data!
Seriously, why bother with a lock?
My uncle was doing it. He used a thin wooden board with multitude of straightened up hooks nailed into (kinda like a fakir bed) and put it under the cover of the driver's seat. Actually there was once a guy still sitting there in the morning. Good payback, but don't do it. He had to pay for the medical treatment of the chap. Law's stupid...
The shortest quine: 10 LIST 10 BASIC rules
No, with the lock locked.
:)
Again, you use the exact same technique as you would with a conventional tubular lock. Insert the pen, apply torque, apply forward pressure, wash rinse repeat...
This
Are you aware how fucking stupid your reply is? Exactly how different is a battery powered Dremel versus the air powered one? About the only difference is the size of the bit allowed, the available torque and the speed it spins. With a battery powered Dremel, you can cut through just about anything... it will just take more time.
For fuck's sake, just because a lock is only designed to protect against hacksaws and bolt cutters doesn't mean those are the only tools a thief will use. Hell, it might actually be a good idea for a thief to drive around with an air compressor in his van (assuming stealth isn't an issue).
Like I said, there is very little that cutting discs can't go through. But you have to remember that bike thieves aren't likely to carry around a Dremel tool and take the time to cut through a lock. They'll just steal a bike that isn't locked. Locks are mainly deterrents anyway.
'Standards' in computing only impress those who are impressed by things like 'standards'.
Better yet, do it even before your lock has been cleanly picked, get $1500, sell the laptop, 2. repeat, 3. profit!!!
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."
In other words, lock picking 101. How impressive. This news is really worth posting on the Slashdot frontpage under the security topic.
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."
Yeah. I noticed that some time back. I think that it is less than ideal. That is why mine has been as below for some time. But you'll have to take my word on it.
All my previous sigs now look like this one, I wish they were permanetly recorded when used.
This reminds me of an incident in New York City where people took advantage of thieves to solve a problem.
There was a garbage collector's strike, and I think people had to keep their garbage on their property, and it was backing up. Well, if you toss your garbage someplace else, that's littering and you can be fined. So, what some people did, was they put their garbage in boxes wrapped with nice paper, possibly a bow, and put it on the seat of their car, with the window open. You can guess what happened to their garbage...
The lessons of history teach us - if they teach us anything - that nobody learns the lessons that history teaches us.
I mean not exactly *how* to do it, but the first time my co. gave me a laptop and a Kensington lock, I was like "This is it? Is it safe enough?". Thankfuly, my office was safe enough! :)
He's lucky he wasn't sued into backruptcy and put in prison. Man-traps are very illegal.
For fuck's sake, man, you are totally missing the point! He wasn't saying "this is the way thieves will steal your bike." His point was that no security device can ever be trusted and that it's ridiculous how easy it is to bypass them.
Would thieves carry around a Dremel? Well, I used to be a car stereo thief and would carry whatever tool I thought I needed. Would they take the time? If the prize was worth taking and there weren't people around, yes.
As a reply to your earlier post mentioned, all you need is an iron pipe to pop the lock off. Simple, fast, quiet, effective. An iron pipe is something that a thief would carry and that locks should be designed against. You can't design against everything, but the whole point of the original post is that consumers should be aware of how easy it is to break the security and shouldn't put much trust in them (not leaving them locked outside overnight).
I wonder if you could get away with it if you properly marked your car: "Warning - mantrap under seat".
---
Mod me down, you fucking twits. Go ahead. I dare you.
(I read with sigs off.)
Man-traps are illegal no matter how they may be signed. This is because children can't read. Neither can some adults.
There was one post here about someone getting off because he posted signs on a man-trap that killed someone, but I simply do not believe it.
Actually, his wasn't a man-trap; I remember the post to which you referred. He was a ham op who used a high-voltage power supply to power a transmitter. Since he'd marked it as dangerous and properly locked it to prevent use by anyone who wasn't malificent, he was in the clear.
Similarly, if you locked your car and posted about the mantrap, its hard to argue that you weren't trying to prevent anyone from hazarding their health if they were acting legally. The question becomes, is it legal to use force in the defense of your vehicle? It's legal to use electrified or barbed fencing, without even posting a sign (well, in the case of barbed, I believe you have to post for electrified). I suspect a signed and locked man-trap, such that in order to activate it the trappee would have to be acting illegally, is probably legit. However, I would assume that if you were using it intentionally it would have to be at minimum force necessary to dissuade the illegal act the trap is designed to prevent.
---
Mod me down, you fucking twits. Go ahead. I dare you.
(I read with sigs off.)
no, the post i was replying to had fishhooks under the seat.
However much you might rationalize it, no amount of signs or warnings will protect you if you set a man-trap, particularly if it kills someone as did the high-voltage trap. it matters not one bit if the intruder was acting illegally or not. this may not sit well with you logically, but it is the law.
Did the availability of the thief's blood help the police to catch him, or the prosecutors to convict him?
John Sauter (J_Sauter@Empire.Net)
Stop referring to the high voltage one as a trap, please. It wasn't. It was a legit reason for HV in his car, he didn't intend it as a trap, it was intended to power a large transmitter. This is like saying if somebody lifts my lawnmower up and cuts their hand off on the blade I have a lawnmower man-trap.
If that is the law, how do you explain the legality of barbed-wire and electrified fencing?
---
Mod me down, you fucking twits. Go ahead. I dare you.
(I read with sigs off.)
when i read it i read that it was done to protect the car. if that is not the case then you are correct, it was not a man-trap.
barbed wire is not a trap as it is clearly visible and identifiable for what it is. however, if you put the barbed-wire in a pit that was disguised so an intruder would fall into, it it would be a trap and illegal. but i believe you are referring to strung wire used as a security device.
as for electric fences, electrical fencing that would be lethal to humans IS illegal except in extraordinary circumstances (i'm thnking military). if *you* strung a lethal electric fence around your house it would be called a man-trap since the electricity is essentiall "hidden" no matter how many signs you posted (remember kids can't read).
property owners are not allowed to impose the death penalty for trespassing - via an electric fence or any other means. in cases where trespassers have been shot the legal defense has been that the homeowner was in fear of his life, NOT that the person was trespassing. the self-defense argument would not be available in the case of a lethal electric fence designed to kill whether or not the owner was even there.
I was thinking of a non-lethal electric fence - a shock designed to warn "Stay the hell away", not to harm. Similarly, something designed to inflict minor injury but not to maim/kill might be legal if signage is posted (including a non-lettering graphic) and the deterrent is behind measures obviously designed to restrict illegitimate access. The courts have ruled that if the person on your property is trespassing/ordinary license (not invited, in other words), you have essentially no duty of care in regards to their safety.
A trap that is clearly visible/marked is what I'm talking about. Making it obvious there's danger if you break in. I think that might cover your bases.
That said, I neither care enough nor have a cruel enough sense of humor (or enough money to pay a lawyer) to test my theories in court.
---
Mod me down, you fucking twits. Go ahead. I dare you.
(I read with sigs off.)