Slashdot Mirror
Kryptonite U-Lock Security Flaw
An anonymous reader writes "Once upon a time, a magic marker was able to defeat the Key2Audio copy protection scheme of older Sony CDs. Now, it has been shown that a Bic pen can easily open several models of Kryptonite U-locks. Please patch your systems, or install a tracking device on your bikes!"
sure this site will be /.ed soon....
$> man woman
$> Segmentation fault (core dumped)
They probably figured that would be theives wouldn't know how to write anyway. I'm sure it was found ver secure against a crayon.
Buy a pen.
Win a free bike.
Lockpick Video one
Lockpick Video two
Lockpick Video three
Lockpick Video four
Lockpick Video five
python -c "x='python -c %sx=%s; print x%%(chr(34),repr(x),chr(34))%s'; print x%(chr(34),repr(x),chr(34))"
I tried it out with my own lock. 30 seconds and it was open. I called the Kryptonite company. At the time they were aware of the problem and are rushing their next generation of cylinders into production.
Interestingly enough, the problem was first reported in Britain in 1992. But it didn't go anywhere. Hurray for the age of fast information dissemination. And fast technology transfer to the bad guys.
The man who never alters his opinion is like the stagnant water and breeds Reptiles of the Mind -- William Blake
This is a flaw in the barrel style key system. I'm hardly a locksmith, but I've tried this on several of my locks and others just to prove the point, and the majority are not kryptonite locks. All of them have opened without more than 30 seconds of effort.
The sick part is the problem has been well known to manufacturers since 1992, and nothing has been done about it.
"Quando Omni Flunkus Moritati" -- Red Green
For less than the cost of a decent bike lock, you can buy a bike that's not worth stealing.
Unknown host pong.
But I bet Bicycle Repair Man could fix it!
Spine World
Quick! Sue BIC under the DMCA as a device that can defeat a security lock
" Unless we really want to live in a society where equality is enforced and nobody is allowed to have anymore than anyone else, the presence of thieves and other criminals is something we will always need to deal with."
I doubt it. There will always be a percentage of the population that is not happy with having the status quo. For instance, the crack dealers down the street from me have sent their friends to try to break into my house -- I know the one guy the police have caught is someone I'd seen hanging out in their den.
Sadly, they have better shit than I do. They think since I'm white and a home owner I'm fair target. One of the kids that lives there asked me to help him with his computer because someone told him I was good with these things (I generally don't tell folks what I do in this neighborhood) and it was a better laptop than I had for work -- and this is a 12 year old boy. Not his dads laptop, *HIS*.
Seems there was some sort of bios lock on the machine that was enacted after not signing it in after so many sessions (I'm not up with all the CompuTrace kinda shit that my work is always telling us we need to have on our machines).
So, no matter how much one person has in comparison to those around him, it will never be enough for some people. Its good to think that some magic hippy star trek future would eliminate hunger and greed, and as this kind of future will never happen, it doesn't really harm anyone to believe in this -- at least until you start an economical ideology based around this and then start realizing that the common laborer doesn't need the same equipment that a research scientist does and you start to pass out equipment based on need, and you realize you have just created an unequal society once again and need to set up a draconian society to ensure everyone is equally unhappy in one way or another.
Thieves are thieves and there will always be someone that wants something for nothing and wants to have more than those around him...
The pins in the lock are vunlerable to being raked because they're all set in roughly the same position. If they were disparate, you couldn't successfully rake them (except if you were very lucky and could bite chunks out of your bic pen to match the right key :)
The solution to the problem, THAT is the issue. Let's gather around and think of what the big organizations/individuals would do to solve a problem such as this.
US goverment: Liberate bike from thief using a squadron of B2 bombers. At one point or another, several brits die, even if Rhumself has to find them and kill them himself. Bic pens linked to Al-Qaida.
Australian goverment: Send in Steve Irwin. If he gets killed, it's a good thing. If catches the thief, it's a better thing.
Brittish goverment: Sod the thief, fancy a scone, dear chap?
United Nations: Convene in an emergency session, go into recess after 10 minutes for cookies and tea. In the end, they condemn the theft but none of them manages to do fuck all.
European Union: The French and the Brits start bitching at eachother about which country has superior Bic pens. Germany and Spain wonder since when the damn Brits are part of Europe. The rest of Europe tried to talk tough before getting bitchslapped into submission by Germany and France.
RIAA: Claim that people who open locks use it to fund terrorism. Randomly sue locksmiths.
Microsoft: Vehemently deny existence of faulty locks. Release hotfix for existing locks, which consists of pouring glue in keyhole.
SCO: Sue Bic, 3M, Canada, a random seagull and the tooth fairy for copyright infringement on their proprietary way of opening locks with ballpoints.
Richard Stallman: Proudly proclaim the bike simply wanted to be free.
Eric S Raymond: Something irrelevant that contains a plug for "The Cathedral and the Bazaar".
Larry Wall: Make all locks so confusing that thieves don't know how to open them. Nor do the owners. Or manufacturers, for that matter.
George Lucas: Make a movie about bikes being stolen with Bic pens. Milk this movie out until 2050.
Bruce Willis: Get a bunch of oil drillers to find the thief and shove a nuke up his ass. And for the love of Eris, someone PLEASE screw Liv Tyler!
I would agree, but since I'm typing this on my stolen copy of Windows. I'd better not.
"Was it a millionaire who said 'Imagine No Posessions?'" -- Elvis Costello
Pass a law declaring Bic pens to be "burglary tools", which can only be carried by "licensed professionals", and arrest anyone found in possession of one without a license. It works so well for lock pick kits...
"The urge to save humanity is almost always a false front for the urge to rule." --H.L. Mencken
Kryptonite today announced it will provide free product upgrades for certain locks purchased since September 2002
What they don't mention is that the flaw was first documented in the trade publication "Bicycle Business" magazine in 1992. So they've been knowingly selling defective locks for 12 years since then hoping that this day would never come.
I've got five Krytonite locks:
Two KryptoLok ATB U-Locks, one of which was never taken out of the package.
One KryptoDisco-C motorcycle disc brake lock.
One 6' x 5/8" Kryptonite Flex Security cable lock.
One Kryptonie Flex Security U-Lock.
All of the locks are in very good to new condition and all of them are older than two years old. That means I get no replacement locks from Kryptonite nor do I get any upgrades. I hear tell that I might get coupons for rebates on new Kryptonite locks. But it will be a cold day in hell before I ever buy another Kryptonite product if they don't fix or replace the locks I have at no charge to me.
I am not being unreasonable. A lock, if well-cared for, is a lifetime investment. A well cared for lock that's five years old is no less useful than one which is 1 year old. Why should Kryptonite customers suffer because Kryptonite chose to knowinging, and deceptively, sell a defective product for over a decade? Anyone who bought a Krytonite lock with this flaw since the original article was published in 1992 should get a free upgrade/replacement.
When stationed at Kunsan AB korea, circa 1993, the only transportation option open to enlisted people was a bicycle. You could buy one at the base BX for about $100 bucks. For an additional $4.oo dollars, you could buy a chain with a built in combination lock. The biggest problem with the entire system was this.......EVERYONE had the same model bike, and the same chain/lock. You could literally spend a half hour trying to find the bike and chain that belonged to you. This was quite a problem for some of us, untill we learned that with a bit of tension on the lock, and a bit of manual dexterity, you could open any of the locks in about 45 seconds. After that, we all adopted the idea that those of us that had purchased a bike, but couldnt find it anymore, could just go ahead and ride what ever bike was handy. After all, EVERYONE had the same bike and lock, so really...........all bikes were secretly the one you bought. Therefore, if you were able to pick the lock, you were entitled to ride the bike. This Utopia breaks down when you consider that in most cities, not everyone buys the same bike and lock. Therefore, it is incumbent on the government to provide everyone with a bike, thus insuring that there is no need for anyone to steal a bike. I will be putting this idea to my senator soon.....hopefully everyone will have a new bicycle in time for the novemeber elections
Today's show is brought to you by the number 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0: 25
That's bullshit. When I was a juvenile, I would do some stupid shit just because it was illegal - just to challenge fate. Do you think vandals, not those that spray paint their names or make a pretty pictures, but those that break shit - do it for fame, fortune or otherwise? What do serial arsonists gain? Nothing. Just the satisfaction of decadence - it is easier to destroy than to create.
ymmv
I was expecting to see a free Service Patch on their website to fix the security flaws. As far as I know that's how businesses take care of flawed products nowadays.
That's SO pre-DMCA. The way companies deal with it *nowadays* is attempt to sue the pen manufaturers.
I don't know why anyone rated your post as flamebait, just another reason the realize the fuckwads on Slashdot don't fucking know shit. Hell, most of my posts are far more flamebait that yours.
But you are right. Most likely they won't amount to anything, but thats not my problem. I will do whats right while they are around me and hope that something wears off.
By day, I work for an educational facility...I generally hire folks in the tech world that have no knowledge of the area -- but want the jobs much more than the ones that do know the area and interview with me -- these guys sound bored and one actually threatened me that if I didn't hire him it would only be because I thought he would take my job. Please -- no one gets fired or promoted in academia no matter how good or bad you are.
Kids that were probably looking at getting out with a mid $20k job are finding out that working for me after 3 years, they were getting jobs worth almost double that. I've got one employer that calls me all the time because he's never been dissatisfied with one of my students. Interestingly, most of the kids weren't even pursuing tech degrees but wanted my jobs because I paid the highest for student work on campus -- which is actually how I got my first job in the tech field -- I went for the highest paying one which happened to be a geek position.
So I have made a change in some folks lives. If people are exposed to situations like this where they are given a chance to be around positive situations, they will change somewhat. It might mean hesitating before pulling the trigger one night and deciding not to kill someone and walking away after robbing him. One of the kids in the neighborhood has violent tendencies where he picks up rocks or sticks and attacks animals. His father has taught him that animals are worthless and one can hurt or kill them without thinking. I've let him play with my animals and he actually seems to like them now. I saw him a few days ago with a leash walking my next door neighbors dog. Its not a big jump from saying that animals are worthless and need to be beat down than saying humans are worthless and need beat down.
Most of the time, I feel just the opposite -- I'd never hurt an animal, but I'd beat the shit out of a person in a heartbeat.
So changes happen. Its not seismic changes, but little ones.
As for the batman costume -- who needs the suit? I was thrown out of my first colleges dorm because I threw a dealer out of a 3rd story window after he kicked in the wrong (slightly open) door with a gun pointed. I beat the shit out of some homophobic racists that were slipping notes under black folks doors as well as the little gay kid that lived across the hall. I caught them laughing about it on the other side, and after seeing the kid come to my room every other night crying and asking why folks hated him, I took action. They never proved that I was the one that threw the guy out the window (or my buddy Mike or our friend that was in the room that was a state police officer there to play Doom I) -- he never pressed charges. They did note that I single handedly beat the shit out of 3 guys and kicked on in the nuts so hard he lost a testicle. Never mind that one of them threw the first punch after I said I was calling to police, never mind that the noted had been saved and the fingerprints matched theirs, nevermind the ringleader was ordered to stay away from several women in the dorm because he was accused of stalking them, but they said I was overly violent because there was no way that anyone could have beaten the shit out of 3 guys and left them in the condition I did if I wasn't slightly nuts -- I ended up going to jail that night, not them. We all got kicked out of the dorm, but I was the one that was almost kicked out of the university (actually I was for a while...a judge reinstated me and reprimanded the officials involved).
What did I learn from all of this? Sometimes you do need to crack heads. but more importantl