Kryptonite U-Lock Security Flaw

An anonymous reader writes "Once upon a time, a magic marker was able to defeat the Key2Audio copy protection scheme of older Sony CDs. Now, it has been shown that a Bic pen can easily open several models of Kryptonite U-locks. Please patch your systems, or install a tracking device on your bikes!"

people suck.

[mstich]

Too bad we couldn't just live in a society where we wouldn't have to worry about theft! :(

Re:people suck.

[SagSaw]

Too bad we couldn't just live in a society where we wouldn't have to worry about theft!

I fear that as long as there are things not everybody has (money/power/fame/etc.), some portion of the population will turn to illegal, immoral, or socially unacceptable means to achieve their goals. Unless we really want to live in a society where equality is enforced and nobody is allowed to have anymore than anyone else, the presence of thieves and other criminals is something we will always need to deal with.

Re:people suck.

[Groo+Wanderer]

You mean like.... umm.... Nope, can't think of an example on this planet. You have one?

-Charlie

Re:people suck.

Even that won't fix it. There's still crime for crime's sake.

Re:people suck.

[clifyt]

" Unless we really want to live in a society where equality is enforced and nobody is allowed to have anymore than anyone else, the presence of thieves and other criminals is something we will always need to deal with."

I doubt it. There will always be a percentage of the population that is not happy with having the status quo. For instance, the crack dealers down the street from me have sent their friends to try to break into my house -- I know the one guy the police have caught is someone I'd seen hanging out in their den.

Sadly, they have better shit than I do. They think since I'm white and a home owner I'm fair target. One of the kids that lives there asked me to help him with his computer because someone told him I was good with these things (I generally don't tell folks what I do in this neighborhood) and it was a better laptop than I had for work -- and this is a 12 year old boy. Not his dads laptop, *HIS*.

Seems there was some sort of bios lock on the machine that was enacted after not signing it in after so many sessions (I'm not up with all the CompuTrace kinda shit that my work is always telling us we need to have on our machines).

So, no matter how much one person has in comparison to those around him, it will never be enough for some people. Its good to think that some magic hippy star trek future would eliminate hunger and greed, and as this kind of future will never happen, it doesn't really harm anyone to believe in this -- at least until you start an economical ideology based around this and then start realizing that the common laborer doesn't need the same equipment that a research scientist does and you start to pass out equipment based on need, and you realize you have just created an unequal society once again and need to set up a draconian society to ensure everyone is equally unhappy in one way or another.

Thieves are thieves and there will always be someone that wants something for nothing and wants to have more than those around him...

Re:people suck.

[Bull999999]

Even if we did, the RIAA or some similar organization would find a way to define whatever we did as theft...

As Homer once said, it's funny because it's true.

Re:people suck.

[aidbo]

Not being happy with your situation is what drives a capitalist society. Thievery is just a side effect of this.

Re:people suck.

[sqrt(2)]

That's like saying that you can eradicate cancer by killing all people with cancer.

It would work for a few years, until the trailer parks, and slums started churning out yet another generation of criminals.

Re:people suck.

[andersa]

I can't prove it was stolen, its most likely it is, but then again, one can't go around calling the police simply because you think something is stolen.

Why the hell not?

If it was your own laptop that was stolen and someone else found it, would you want them to call the police? You know if nobody ever helped out the police, society would go down the tube pretty quickly. The police need these tips to do their work. This info gets thrown into the mix with all kinds of other pieces, like a jigsaw. Your tip could be the final crucial bit of evidence that was needed to crack a wider case.

It's your damn duty to call the cops, when you see something like this.

Re:people suck.

[clifyt]

I call the police on these guys quite often anyways.

The fact is, in a free society you don't go calling the police on suspicions that cannot be proven unless there is a perceived immediate danger.

I call the police when I'm pretty sure they have a deal going on as noted by a dozen thugs in cars hanging outside and bags are being exchanged. Thats a danger because these guys are bringing in armed criminal elements into my neighborhood. Several have been arrested over the last few months.

But to call and say hey! I think he has a stolen laptop but I have no proof and I could be wrong (for all I know its a pawnshop laptop -- those are vetted for legality in some small ways) or otherwise. It wasn't strong enough proof to do anything about it.

In a free society, you don't just bring in the Gestapo everytime you have a twitchy nerve telling you something ain't right.

Re:people suck.

[clifyt]

The kids have done nothing wrong. The sins of the father do not equate to the sins of the son.

Neighborhood kids come over to my place and hang out -- outside, never inside near my shit. I keep it clean and they have a nice front yard they can play in. And I bribe them with a coke or a dollar to clean up the neighborhood. A few weekends ago, I was mowing the lawn, and we ended up mowing 6 yards and they picked up all the trash from the streets and for this, I was out a case of coke and $20. This was about 6 or 7 kids from a few families.

Maybe if the kids learn to take care of shit and work for stuff, they will not live the same life their father does. Half the kids around here are on welfare and I hope I'm helping them see how it is to do something for a living...

Re:people suck.

[MedHead]

So that makes it okay? Not trying to be a troll... it just seems that many users here bring up the "copyright isn't theft" argument, and it appears very often that it is in defense of copyright infringement, rather than just a clarification.

Re:people suck.

I hope you realize that you should be comparing bicycle thefts to the number of bicycles, not the number of people.

Even if those numbers show similar things, it's probably because more people in Sweden leave their bikes out in public. In the US, there are plenty of people who keep their bicycle in their garage and only take it out for exercise, and never leave them out (locked or unlocked) in public.

Re:people suck.

[spacecowboy420]

That's bullshit. When I was a juvenile, I would do some stupid shit just because it was illegal - just to challenge fate. Do you think vandals, not those that spray paint their names or make a pretty pictures, but those that break shit - do it for fame, fortune or otherwise? What do serial arsonists gain? Nothing. Just the satisfaction of decadence - it is easier to destroy than to create.

Re:people suck.

[farble1670]

For the record: the number of bicycle thefts per 100 people in America in the year 2000: 2.7. In Sweden: 9.4.

you should be quoting per 100 people THAT OWN BICYCLES. is that what you meant? if not, your stats are misleading (at best).

Re:people suck.

[mgv]

Crime for crime's sake? Any psychologist will tell you there is no such thing. After all, crime is risky. Why make a risk if there is no gain? There is always some reason, even if it's small or obscure.

That assumes that the person has a reason. Or has reason. 1% of the world's population gets mania, a similar percentage schizophrenia, 20% get depressed, and there are other conditions which aren't well defined yet in terms of population incidence or effect (eg post traumatic stress disorder).

Yet in some studies, 50% of prison populations have major psychiatric disorders. You could say that these were crimes committed in sane periods (certainly, the judges did say that), but you cant get around the number of "criminals" that have a history of major psychiatric disorders.

Then there is the "sociopathic" personality, which can be born that way or become that way with certain brain injuries. People who just can't feel or see things from another person's perspective. Humans do this alot as a survival tactic - how else do you drive a tank around Iraq and shoot at people and not want to suicide? You do it for the greater good, or whatever, maybe. But you still sit in relative safety and point weapons of minor distruction (like your cannon) at real people who will feel pain or die. Its a trait most of us have, and it has survival value.

But some people just are like this all the time. So they are good on the battle field, and never get stress disorders from hurting others.

Doesn't mean that they are all homicidal maniac's - in fact many of them are just nasty people, and we have all met a few of them. Self centred. Whatever. You see actors play that role on most soapies - the office bitch type of role - and its based on real life personalities who aren't that uncommon. We have all met them.

Some people don't percieve risk the same way you do, either. Some people have to jump out of airplanes with parachutes just to feel alive.

And some people don't know that they are commiting a crime - Taping your TV show's to watch later is a crime in some countries (like Australia).

In essence - its not that simple. There are lots of reasons for crime, lots of motiviations, and lots of times where the person didn't really understand the risk/reward relationship for crime the same way you do.

Michael

Re:people suck.

[crazy_monkey]

Yet in some studies, 50% of prison populations have major psychiatric disorders. You could say that these were crimes committed in sane periods (certainly, the judges did say that), but you cant get around the number of "criminals" that have a history of major psychiatric disorders

I'll bet some studies didn't take into account that people with psychiatric disorders probably do stuff that gets them more jail time, and probably didn't look too remorseful at trial, either.

Re:people suck.

[clifyt]

I don't know why anyone rated your post as flamebait, just another reason the realize the fuckwads on Slashdot don't fucking know shit. Hell, most of my posts are far more flamebait that yours.

But you are right. Most likely they won't amount to anything, but thats not my problem. I will do whats right while they are around me and hope that something wears off.

By day, I work for an educational facility...I generally hire folks in the tech world that have no knowledge of the area -- but want the jobs much more than the ones that do know the area and interview with me -- these guys sound bored and one actually threatened me that if I didn't hire him it would only be because I thought he would take my job. Please -- no one gets fired or promoted in academia no matter how good or bad you are.

Kids that were probably looking at getting out with a mid $20k job are finding out that working for me after 3 years, they were getting jobs worth almost double that. I've got one employer that calls me all the time because he's never been dissatisfied with one of my students. Interestingly, most of the kids weren't even pursuing tech degrees but wanted my jobs because I paid the highest for student work on campus -- which is actually how I got my first job in the tech field -- I went for the highest paying one which happened to be a geek position.

So I have made a change in some folks lives. If people are exposed to situations like this where they are given a chance to be around positive situations, they will change somewhat. It might mean hesitating before pulling the trigger one night and deciding not to kill someone and walking away after robbing him. One of the kids in the neighborhood has violent tendencies where he picks up rocks or sticks and attacks animals. His father has taught him that animals are worthless and one can hurt or kill them without thinking. I've let him play with my animals and he actually seems to like them now. I saw him a few days ago with a leash walking my next door neighbors dog. Its not a big jump from saying that animals are worthless and need to be beat down than saying humans are worthless and need beat down.

Most of the time, I feel just the opposite -- I'd never hurt an animal, but I'd beat the shit out of a person in a heartbeat.

So changes happen. Its not seismic changes, but little ones.

As for the batman costume -- who needs the suit? I was thrown out of my first colleges dorm because I threw a dealer out of a 3rd story window after he kicked in the wrong (slightly open) door with a gun pointed. I beat the shit out of some homophobic racists that were slipping notes under black folks doors as well as the little gay kid that lived across the hall. I caught them laughing about it on the other side, and after seeing the kid come to my room every other night crying and asking why folks hated him, I took action. They never proved that I was the one that threw the guy out the window (or my buddy Mike or our friend that was in the room that was a state police officer there to play Doom I) -- he never pressed charges. They did note that I single handedly beat the shit out of 3 guys and kicked on in the nuts so hard he lost a testicle. Never mind that one of them threw the first punch after I said I was calling to police, never mind that the noted had been saved and the fingerprints matched theirs, nevermind the ringleader was ordered to stay away from several women in the dorm because he was accused of stalking them, but they said I was overly violent because there was no way that anyone could have beaten the shit out of 3 guys and left them in the condition I did if I wasn't slightly nuts -- I ended up going to jail that night, not them. We all got kicked out of the dorm, but I was the one that was almost kicked out of the university (actually I was for a while...a judge reinstated me and reprimanded the officials involved).

What did I learn from all of this? Sometimes you do need to crack heads. but more importantl

Re:people suck.

[clifyt]

As one of the ACs mentioned, hiding isn't a way to go about things. As the other mentioned, drugs and crime aren't just a big city problem -- I live in the midwest. Yeah, a bigger city, but no where near Chicago, LA or NYC.

I live close to town -- I can bike to where I need to. I don't have to worry about snow in the winter keeping me in. I always have something within 3 miles to do thats entertaining.

That and this was the biggest house I could afford for university wages -- I had to look within to get it. in the suburbs, I couldn't have found a structurally sound historic home with hand carved wood and detailed inlaid floors for anywhere near the money I put into this.

Since I've been calling the police more often, the other neighbors have too. In the 7 months I've been here, we successfully had a section 8 house closed and another double that was slated to be section 8 denied by the city. Section 8 housing are those that are reserved for the poor and most of the rent is paid for by the state...I don't mind poor, I mind the criminal elements they bring with them. Quite a few poor folk that are good friends here. And I'm not sure why they are considered 'poor' because they have more shit than I do. Probably poor because they spend like a fiend and let credit cards catch up with them where I'm just content to have a home of my own.

So, instead of removing myself, I'm trying to change it. Trying to encourage more families to move in. Trying to encourage folks to buy as opposed to renting. Once folks have ownership, they start to have pride and want to be out of bad situations. When its someone elses problem, you can fuck things up and move on to the next place...owning doesn't allow you to do this.

So, all in all I'm happy. There are no perfect situations. I'm hoping that it will get better and I'm sure it will. I've lived in neighborhoods almost as bad as this one only to see run down homes go for a quarter million with another half put into them. My last neighborhood had my current governor living there (well back when he was Lt. Gov) as they had cleaned it up and turned some of the shitty tenements into high class condos. All over the course of 10 years I'd lived there. Right now, my home is an investment...its the only form of investment I can make with my current income level (trying to keep my side business afloat these days...argh!). The houses in my old neighborhood went through a 100% increase in pricing in 10 years. And now city expansion is pushing directly towards my path with the yuppies that couldn't get into my old neighborhood in time (I knew I should have bought when my landlord offered it to be 5 years ago), this area is slated for urban renewal as well. I am just east of where they tore down Indianapolis's Market Square Arena and in its stead are going to be luxury condos -- most going for a half mill. Folks in my situation that want to be near that action but couldn't come near to paying for those prices will be looking at the area that is up and coming and they will be moving in next to me in the next few years.

So, I'm happy -- just not happy with ALL the elements. Hell, once this all happens, I'm going to be screaming about the property tax increases -- so it never changes...always pissed off about something...

Re:people suck.

[CaptainZapp]

[...]some portion of the population will turn to illegal, immoral, or socially unacceptable means to achieve their goals.[...]

Man, you're description sure reminds me of the current lot in the white house.

Look people

Give them a break. ANY security device can be defeated using specialized tools.

Re:Look people

[DLR]

No, locks just make a cost/benefit analysis necessary to the theif. True security is a dream, a myth. Any lock or security system can be broken, the question is how valuable is whatever's behind the security system to the assailant, and is it worth the risk/effort?

Remember...

[k4_pacific]

For less than the cost of a decent bike lock, you can buy a bike that's not worth stealing.

Re:Remember...

[SealBeater]

There's no such thing. You'll be surprised how many crackheads and kids will
steal a bike.

SealBeater

Re:Read slashdot.

[Spyro+VII]

Profit!!!! ??? Go To Jail. Go directly to jail. Do not pass go. Do not collect 200 dollars.

Oh this is a BIG help.... class action anyone?

[SlideGuitar]

If you are like me, you may own, say 3 kryptoloks, purchased over the last five years which you never bothered to register, and can't remember where you purchased them, or maybe you remember that you purchased them somewhere in Los Angeles and now you live in PDX... will this apply to unregistered locks? with no receipt? LIKE THOSE PROBABLY OWNED BY 90% OF FOLKS? ... and it sounds like they are only offering to let you spend more money on a new product by a company that sold you a defective product the first time around. "Please reward us for our mistake."

Unless they are willing to replace the defective product, maybe it's time for a class action law suit?

Re:Hasn't this been posted before, like 2 months a

[wdd1040]

NO NO! That was about KENSINGTON locks. These are Kryptonite locks. So different they deserve their own dupe. Expect story posted next week about servers being able to be stolen with just a screwdriver to remove them from the rack!

Re:New York Lock...

[kfg]

I even use sturdy locks on my junk-built singlespeeds, after one of them got stolen.

The essential problem for those of us that use the bicycle as our primary means of transportation is just the same as for the afficianados of the automobile, the cost of the bike is somewhat irrelevant. The problem comes when you're 25 miles out and your bike isn't there when you return to it, leaving you stranded.

I always try to lock even my crudiest "rain" bike as securely as is reasonable.

KFG

Simple solution...

[emag]

Pass a law declaring Bic pens to be "burglary tools", which can only be carried by "licensed professionals", and arrest anyone found in possession of one without a license. It works so well for lock pick kits...

Re:New York Lock...

You can be informative without resulting to name calling. Get a grip and lose the attitude, and you'll lose the troll mods.

Re:New York Lock...

[SealBeater]

Granted, but I don't like it when people try to tell me I am wrong in a public
forum on a subject that I am authoritative on when they don't know what they
are talking about. Being so quick to try to point out a wrong, is a good way
to ensure that you end up wrong yourself.

SealBeater

Re:Having equiped my bike...Bike's name is "spike"

[entitude]

You know, he's probably intending to ride it himself, if he's trying to protect it from theft.

Equal opportunity.

[Grendel+Drago]

Don't get so cocky. Dictatorships are available in new crunchy Right-Wing Flavor (tm) as well.

--grendel drago

Only to "special" customers

[fmaxwell]

Kryptonite today announced it will provide free product upgrades for certain locks purchased since September 2002

What they don't mention is that the flaw was first documented in the trade publication "Bicycle Business" magazine in 1992. So they've been knowingly selling defective locks for 12 years since then hoping that this day would never come.

I've got five Krytonite locks:

Two KryptoLok ATB U-Locks, one of which was never taken out of the package.
One KryptoDisco-C motorcycle disc brake lock.
One 6' x 5/8" Kryptonite Flex Security cable lock.
One Kryptonie Flex Security U-Lock.

All of the locks are in very good to new condition and all of them are older than two years old. That means I get no replacement locks from Kryptonite nor do I get any upgrades. I hear tell that I might get coupons for rebates on new Kryptonite locks. But it will be a cold day in hell before I ever buy another Kryptonite product if they don't fix or replace the locks I have at no charge to me.

I am not being unreasonable. A lock, if well-cared for, is a lifetime investment. A well cared for lock that's five years old is no less useful than one which is 1 year old. Why should Kryptonite customers suffer because Kryptonite chose to knowinging, and deceptively, sell a defective product for over a decade? Anyone who bought a Krytonite lock with this flaw since the original article was published in 1992 should get a free upgrade/replacement.

Re:Volvo Jacks ---- U-locks are worthless

[supertsaar]

Meanwhile in Amsterdam, Bike thieves use _your_bike_ as a cantilever if you forget to use two locks in such a way that the bike can't be rotated. Off course, many bikes are destroyed (especially the lightweight ones) when they try stealing them like this.... I guess Amsterdam is at least as bad as New York when it comes to stealing bikes (but I've never been there), there's a whole black market economy here based on '2nd hand' bikes (btw: if people stop buying stolen bikes, thieves might stop stealing them....don't blame it all just on the thieves...) My tactics : Use at least two completely different locks (thieves specialise in certain lock types) (I use three normally) Try to get the locks as tight as possible, making sure the bike itself can't be used to exert brute force on them. Park your bike in a spot where everybody can see it. Use a bike that looks like sh*t and is f*cking old but despite its looks still rides well. I've had about three bikes stolen in ten years, usually when I used only one lock or made some other mistake. Bottom line is: if they really want your bike, they are going to take it....no matter what you do.