Slashdot Mirror
11-year-old Proves Locks Not So Secure
An anonymous reader writes "A new security column at Engadget details the new 'old' threat of bumping locks. The article goes on to describe and demonstrate an 11-year-old girl bypassing a standard 5-pin lock at a recent DefCon Hacker Convention. The girl had no prior experience and didn't even understand the theory she was applying. Scary!"
. The girl had no prior experience and didn't even understand the theory she was applying.
Sign her up as a /. editor, quick!
A feeling of having made the same mistake before: Deja Foobar
So now we have to worry about the lockpicker's equivalent of a script kiddy.
Dont forget you can do the same with bike locks and a pen. It seems people find more obvious ways to break things every day.
Warhammer forums
But did someone genetically engineer a mouse to do such a task yet? And another one to resist arrest but in most mice that is natural I guess.
The girl had no prior experience and didn't even understand the theory she was applying.
Reminds me of high school.
I believe most British insurers have insisted on deadlocks on doors for house insurance for many years because of lock bumping, they're also often easily bypassed with credit cards anyway.
It's certainly very uncommon for doors to be left with just that kind of lock in this country.
As if we didn't have enough to worry about, now we have to deal with 11 year old girls breaking into our homes.
it involves a sledge hammer.
.cig
Have these peoploe not heard of youtube
Locks are to honest people honest, and keep insurance companies satisfied.
The finest safes are only rated by how many minutes it will take a determined theif out.
"Prefiero morir de pie que vivir siempre arrodillado!"
The Kwikset that she opened is sold in every hardware and DIY store in the country, and is believed to be secure by the public.
As with any security measure, be it a physical lock, a cipher, encryption, anything, it only works if you know how to use it properly. A cheap cylinder lock is secure enough to deter a passing opportunist (eg, not someone who carries a bump) and should be used as such. To secure your house or office you shouldn't look at anything less than a Mortis or a deadlock, and you should have at least two on each entry point. Windows should lock from the inside, again with deadlocks.
A cylinder lock is the equivalent of using ROT13 to secure a password file. It'll stop someone who's not trying to get in, but that's about it.
http://twitter.com/onion2k
The concept of security is as much about perception as effectiveness.
This article's enlightening example just drives deeper a little concept I recently heard called security theater,
Human psychology is certainly interesting - because on one hand we have people scared of box cutters, but on the other hand we drive 70mph mere feet away from each other every day.
Maybe it could be argued that security is primarily about perception.
My Computer Music Tutorial Videos
Note that wmv9 now plays with ffmpeg/mplayer in FC5+livna.
So you can watch this video...
Last time I checked, it was illegal to test on 11 year old girls.
In all states, but Kentucky and Georgia.
I use to pick the lock to the computer room at home with duck tape and a paper clip, AND I LIKED IT?
P.S. I also use to walk up hill both ways in the snow to school.
"There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed H
Does that make her a door kiddy?
Would you kindly mod me +1 insightful?
I've done this simply by wiggling a key that fits the keyway. You don't need that much force. You don't need a "tomahawk" you need to vibrate the key.
I amazed my upstairs neighbor when I managed to open his door when he was locked out, with the wrong key.
I didn't know the technique had a name.
There are locks that will resist this, like the Medaco locks that require the pins to rotate to open. I don't think bumping alone will get those lined up.
Ever dream you could fly? Get up from the Flight Sim. I Fly
Here is a video of Key Bumping: http://www.youtube.com/watch?v=7Uv45y6vkcQ&search= bump%20key
Quite fascinating how easy it is, and in the end of the video they even show a 17-pin lock being bumped!
If you are interested in the guys in the video, here is their URL http://www.toool.nl/index-eng.php
Round and round we go.
Adam & Jamie on the Discovery Channel's MythBusters just had a show last night where they showed all sorts of ways to defeat some of the newer, high tech devices. Fingerprint scanners were pretty much busted, including one really high tech fingerprint scanner that the company said had never been broken into, EVER,. . . which Adam & Jamie broke into within about 10 minutes using three different techniques! They also found ways around heat sensors (a piece of glass), sonic motion detectors (a bedsheet, or walking really slowly), and breaking into a safe with an underwater explosion,... Quite an interesting episode,...
Yikes! The poor girl...she might get the wrong impression that this how she should make a living.
Age 11 - 5 pin lock with wrong key
Age 14 - 7 pin lock with picks
Age 18 - Safes
Age 21 - Bank Vaults
So many banks...so little time
2 cents,
QueenB
HDGary secures my bank
I've been reading about this a bit lately and found an interesting paper on bumping locks at http://www.toool.nl/bumping.pdf
They also have a section on locks that resist bumping:
There are mechanisms that do not allow for the two pins to separate except when slid sideways, such as used in the Emhart interlocking lock (which is not being produced anymore). As far as we can see, such a mechanism would successfully foil the bumping attack. Also some mechanisms which have a one-piece locking mechanism (such as a 'sidebar') may resist bumping. Locks that involve rotating discs (such as Abloy Protec) or magnets (such as Evva MCS and Anker) are also not susceptible to this attack. Klaus Noch sells modified standard Euro profile locks which lock up (i.e. 'broken but closed') upon most attempted manipulations, including bumping.
I found the Abloy Protec lock (with rotating discs) especially interesting and I'm going to get this for my own front door when I get the chance. On the same website they have an paper on the Abloy Protec as well: http://www.toool.nl/abloypart3.pdf
...than picking 'em.
Years ago I was at a tech flea market and - on a childish whim - bought a fairly nice set of lock picks (which are legal to sell in that state, unlike some). FYI - I am of the "Man from UNCLE", "T.H.E CAT", "The Prisoner", and "007" generation so I always wanted to be able to pick locks like the spies.
I even bought a lockpicking book ("Lock-picking Made Easy" by Lenny the Wire) I always liked that name.
I soon found out how incredibly easy it is! After picking my first lock (a random key lock I had laying around) I went to Home Depot and bought about a dozen key locks of various mfgrs and proceeded to pick 'em! I then did all the locks on all the doors on my house. Then I worked on my suitcases. I even did the lock on the li'l box I stored my 5 1/2 PC diskettes in. Then I did both cars.
What I learned was:
"No key lock is really secure. None are pick-proof."
"Most are ridiculously easy to pick. Even those circular-key vending machine ones."
"The bigger they are, the easier they are to open."
"Car locks are a lot harder."
The "skill" I developed has come in handy once or twice, but that's not the real virtue of it. It teaches you that locks are jokes. They keep out the already-honest, and the occasional lazy thief.
Cloned foods give the statement "We had that last week!" a whole new meaning.
This isn't news...
:)
Locksmiths can buy a pick gun from locksmith suppliers. It's looks like a handheld staple gun, and you slot the straight strenghtened steel tip (looks like a small metal cable tie) into the gun.
It works by bumping the whole steel tip up about a 16th of an inch, at which point you twist the entire gun anti-clockwise to open the lock while all the pins have been knocked just as the article describes.
This came as part of a back-of-the-magazine locksmith "diploma"
"We know what happens to people who stay in the middle of the road. They get run over." - Aneurin Bevan
i'd bump that..
I used to use ROT13 to protect my files until I found out how unsecure it is. Now I ROT13 twice, just to make sure.
"Old man yells at systemd"
Insurance companies generally only honour your claim if there are signs of breaking and entering... A bumped lock will make it look like you left the door unlocked, and could lead to your insurance company not parting with the pennies... Scary.
- Frans.
A key (either cut or blank) for the proper keyway must be possessed or obtained in order to create a bump key to open a lock. This becomes the most critical issue in success or failure of bumping.
You would think that a bent piece of music wire would do the trick. All the key provides is a series of ramps and torque. A zigzag can provide both, though a second wire might be better for torque. So much for that obstacle.
This is an issue for post office boxes, safe deposit boxes and that kind of thing. Stealthy entry to homes is much easier through the windows with a rag to muffle the noise.
Friends don't help friends install M$ junk.
The funny thing about doors is that there are no firmware updates on the internet...
Do you work for Microsoft's Linux Labs?
"Free software" is a matter of liberty, not price.
I ROT13 my super secret files 48 times! Nobody is gonna get their grubby mits on my plans for world domination OR my secret recipe for iced tea!
blah blah blah
Sure it might be easy to bump a lock, but how many 11 year olds can afford a "kinetic energy tool"?
http://en.wikipedia.org/wiki/Hammer/
Kryptonite recalled the locks and fixed the vulnerability years ago when it was discovered. Pens can't fit in the new locks, much less unlock them.
For those of you here who are into video... maybe you noticed at the end of the demo the blue screen with the names coming up from the bottom. There are lines going down from the words in a striping pattern. Would anyone care to point out how those artifacts are caused? Is it in his analog to digital converter or is it simply from his compression methods?
Thanks.
Cwm, fjord-bank glyphs vext quiz
When you can enter any modern house with little more than a leatherman pocket knife and 20 minutes, why bother screwing asround with locks?
Hint - siding -> insulation -> foam -> plastic -> drywall. All cuttable with a decent pocket knife. Find a nice secluded area at the rear of the house and you're in and out, no noise no fuss.
Most secure facilities that I've been in require Sargent and Greenleaf combo locks.
Fascism starts when the efficiency of the government becomes more important than the rights of the people.
I can bump a lock too. I have no idea what the hell I'm doing but I can read some instructions off of a sheet of paper and bump a lock. What? You're not worried? That's odd. I guess age and gender are directly linked to how well you can not understand what the hell you're doing and still accomplish something. Thus, an 11 year old girl with no idea what she's doing is scarier than a 25 year old guy with no idea what he's doing.
As other people have stated, this isn't anything new; and that was an insecure lock anyway.
The only thing scary about the movie is that they let an 11 year old girl into DEFCON 14 and apparently there aren't any parents nearby.
-1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
If you patent something you have to disclose exactly how it works, there's no way around this. A trade secret is a process that you keep to yourself because you believe no one will ever figure it out. The former prevents duplication by law, the second prevents duplication by inginuity and originality.
e nts_tradesecrets.html
http://www.northwestern.edu/ttp/investigators/pat
Just the typical 11 year old girl, as commonly found in typical settings like a DefCon convention. Yep.
No, she didn't know what theory she was applying. Just a plain old 11 year old girl, like all the other 11 year old girls who attend DefCon conventions.
Why is this whole thing hard to swallow?
It is easy to pick that kind of lock. I picked one when I was about that age on a bike rack out in front of school. Just because I wanted to see if I could. I had no interest in the bike. Thank god I wasn't caught. Would have been tagged a hopeless nerd years earlier than I was.
While your statement of "no lock is pickproof" is true, the rest really isn't. If you want a big lock that you probably won't be able to do anything to, try a Medeco. Your lockpicking knowledge is essentially worthless against it. Blank tricks don't work, since you can't get blanks unless you manage to compromise a dealer. Likewise normal pick tricks don't work because the pins aren't the right shape, they rely on being rotated as well as lifted to function.
That does not mean, of course, you can't pick one, but it's much harder, and requires a lot more training. They aren't a perfect system, but they sure aren't a joke. Also, despite being quite large, they are quite secure.
There's other brands of high security locks too, and they are similarly hard to deal with. It's just not more common because the construction needed for them is quite a bit more. A Medeco Maxium will run you like $200.
I'm sorry for all those slashdot readers feeling safe in their parents' basement. If the word gets out on the media they're going to be bumping their way in to claim it back.
Wait until she's 18, and she can have grown men handing her the money, no lock picking required.
The average person locks their front door and goes to bed feeling secure.
They also probably have several windows, glass patio doors, and the like at easy-access level around their home. Most don't have bars on them.
Even those that do have bars probably live in framed out housing, where going through a wall is a trivial feat for a determened intruder with a simple sledgehammer.
But the reality is that locks are deamed necessary because they keep out the casual intruder. The person who will enter only if there is not the most minimal level of effort required to do so.
Beyond that, they are not a security device. They serve that one, minimal function well, but that's all they do.
For instances where a lock is actually protecting something of value, it is usually only one aspect of a much more sophisticated security system. In those instances, the lock serves as an authentication device "this person has a key, therefore they are authorized," and could just as easily be replaced by any other type of authentication system. As again, it can't provide protection on it's own.
That's something that any good locksmith will tell you -- if they can install it, they can bypass it. And so can any other person with access to the right tools and knowledge.
... why bump keys are making such a stir now. I don't mean to sound like an "I heard it first" snob, but bump keys have been around for quite a while. Why the sudden resurgence of interest?
what is an 11-year old girl doing at DefCon?
I repeat...what is an 11-year old girl doing at DefCon?
what 'tween' (that's what she is - not a kid, not a teenager) goes to DefCon for fun?
semper ubi sub ubi
There is an even simplier method to break a lock. This works on most every front door locks and most every house. Get a large flat blade screw driver and a hammer. Pound the screwdriver blade into the key slot. Next place a vicegrip plier on the screw driver and rotate the screw driver as if it were a key. You will share off all the tumblers. The whole process takes about 15 seconds.
We knew windows were very unsecure. Now we know locks are unsecure either. People switch to Linux. NOW
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Comment removed based on user account deletion
Deadbolts can use normal keys. A deadbolt is just a type of lock that throws a bolt in to the door jamb. It's a distinction aside from something like a handle lock that just stops the handle from turning. A deadbolt is more resistant against things like trying to kick the door in, but the locking mechanism can be anything.
Some deadbolts have no external component and can only be locked and unlocked inside. Totally pick proof, but only useful if you are home. Most have a normal pin lock on the outside. That makes them, pick and bump wise, no better than any other lock. There are high security deadbolts with better locking mechanisms, but you can get those better mechanisms on anything, including padlocks.
For *decades* there were only a couple of dozen generic GM keys. Car thieves loved that era, and to this day I have no idea why the insurance companies and banks let them get away with it.
An 11 year old, with no prior experience in locks and clearly little interest in it not only attends the Defcon Hacker Convention, but takes the time to furnish us with a demonstration. The event took place from Friday 4th to Sunday 6th. Does she honestly have nowhere better to be?
Won't somebody please think of the children?
"No, no, no, don't tug on that! You never know what it might be attached to."
I happened to have two Fords that used the same key.. A 1975 Ford Granada and a 1989 Mercury Tracer.. Made the discovery one day when I accidentally inserted the old Granada key I still had into the Escort..
(at least I think it was the Tracer.. it might have been the 91 Tempo or the 93 Tempo.. I went through cars so fast from 16-20 that it's hard to remember..)
SYS 64738
... strange, the burglar entered the house by the door and forced the windows with a crow bar to exited the house... on the 14 floor?!?
note to you: check where is possible to enter and if is the right direction!!
Higuita
b) You can greatly mitigate the possibility of running into bad guys by going somewhere where they are not (if you can afford it).
c) Put better locks on your door.
d) Arm yourself in a appropriate fashion (if your municipality still allows this reasonable option.)
BTW. "bumping" a lock is nothing, compared to what a sledge hammer can do.
This issue is a bit more complicated than you think.
But this key wouldn't get you into smart persons house. Only the idiots don't use Dead Bolt Locks.
And why would someone buy a safe that needs a key? The only safe I would use is Code and Finger Enabled Magnetic lock with backup Internal DeadBolt.
\
Just wondering, if 90% of the locks on the market are not bump-tapping proof, then what lock should one buy to protect a home? And do manufacturer's claims have to be supported by industry standard tests?
vibration picking? Why is everyone calling it "bumping" now? Just because someone invented a new buzzword? Or does "bumping" refer to vibration picking with a special filed-down key? What's the deal?
It didn't work, so I reached through the dog door and opened it from the other side.
Yeah, we're really secure around here.
The thing that is most scary about this attack is that it leaves no trace of the crime, unlike a broken window. This means that some unfortunate people won't be able to convince their insurance company to pay up because there is no evidence of forced entry. The insurance company will try to claim that you forgot to lock your door and refuse to pay up.
I'll probably be modded down for this...
So this will be the new question of great importance when shopping for your homeowners policy.
"do you provide adequate coverage against lock bumpers?"
those that dont cover it don't get business.
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
The only reason I lock my door is to keep the guys upstairs from coming in when they get to drunk to remember where they live. And to keep the maid from walking in while I'm masturbating.
As for keeping valuable things and thieves separate, the only thing that makes that happen is the knowledge that someone else in my building has left the door unlocked.
Have a look at Larry Wall's daughters for a nice example.
Do 11 year old girls frequently wander into Hacker conventions with no prior experience or idea of how to hack and start picking locks?
C'mon -- that post shoulda' been modded up for humor, not down for trolling!
Unless the scorer was from Kentucky or Georgia.
In which case, I'm very glad to see that somebody taught you basic computing skills.
'Too bad nobody helped with that sense of humor.
1. Intrusion Alarm
2. Dogs
3. H&K
.
Man shoots four and kills two after breaking up with his girlfriend
Man shoots girl for walking a few steps onto his property
FWIW, I'm not entirely anti-gun, I think there are situations and occupations they're certainly warranted. But I don't buy the whole "2nd amendment is my God-given right, guns solve everything and make the world a perfect place" argument either.
In the 80's I read a BBS text file that described how to pick locks.
Made a set myself out of small allen keys.
They described the 'rake' technique where you put tension on the cylinder and just
zip a zig-zagged piece of metal against the pin.
With a little practice I opened many locks...didn't even have to bother going
pin by pin. As soon as you got one pin above that line, the upper pin
kinda 'snapped' over and stayed up.
Worked great on old worn out locks.
Blar.
No, a patent requires the inventor to divulge how one implementation of the invention described by the claims works. The inventor does not have to divulge how the commercial variant works, even if the commercial variant also fits one or more claims.
Because an implementation of the entire WMV format requires both implementation of the patented container and implementation of the trade-secreted codecs.
It's been a while since I've thought about defeating locks. The first time was in high-school in 1991 when I used to pick the lock to the filing cabinet in the main computer lab.
I'm not sure if the technique is similar to the one being described here, but what I used to do was insert a file --- or even a bent paperclip --- and "jiggle" it until all of the pins had cleared the the shear line.
At that point, the lock opened. I did the same to my friend's dad's RVs that he had at a campsite. The idea was to jiggle the pins while putting pressure
on the plug so that when one pin had cleared the shearing point its edge would get caught on the plug and not be able to move downward again. After enough jiggling, all of the pins would get bound up in the same
manner and the lock would eventually open.
A few years ago someone had entered my apartment and taken my bookbag. Granted, I had left the lock unlocked since I was home and awake. It had never crossed my mind that someone would enter
my apartment while I was home and wide awake. With a "That does it!" attitude I then bought some hardware (electronic keypad, LCD display, miscellaneous electronics components, etc.) and built my own Linux-powered security
system that required a key code in order to unlock the door. It featured an intrusion detection and alarm system, sentry light, automatic lock-out, and a TCP/IP-based paging/doorbell system. It worked beautifully during the time that I
had it running. I no longer needed to fumble with keys, which was especially nice when coming home with my arms full of groceries.
I'm inspired again to try picking a few locks. Maybe one of these days.
We have three bigs dogs. Unlike a lock, they won't let anyone in who isn't authorized. Also, most burglars will move on to the next house if they think they'll have to deal with an unfriendly dog. I'm sure there are ways around dogs but it's a good deterent.
Hey now! Windows won't stand up well against being hit with a stick either!
Interior locks in general commercial and residential are refered to as "privacy" locks, not "security" locks. Privacy locks give just that, privacy. They are designed to to able to be released with a pen or screwdriver through the access hole that in the door handle. Check out a bathroom door with a 'privacy lock' on it some time.
Architectural plans are like computer source code with a couple of differences: You only compile once.
Anyone can add worms, viruses and spyware to the Linux source disguised as drivers.
Yeah, provided they can get their spyware patches past the guys on the kernel mailing list. Are you naturally a moron, or did you have to study Stupid 101?
Locks keep lazy people honest.
Insurance companies (at least on the west side of the pond) haven't required proof of forced entry in decades. Burglary coverage was changed to theft eons ago.
Plus, any half-decent residential insurance policy will insure you for straight loss of contents, anyway. No need to even file a police report.
Anyone who's had a claim denied because they forgot to lock their doors really needs to shop around for better coverage, and possibly talk with a lawyer.
Note: this doesn't apply to commercial entities. If you're running a business and all you've got is an easily defeated lock to protect your interests, well...
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
I think what might have inspired the GP's comment was a few high-profile cases recently of auto insurers denying theft claims to people who've had cars stolen, because the cars were equipped with supposedly "un-stealable" anti-theft systems.
So there is some basis for wondering if the insurance companies (generally) put too much faith in mechanical systems to deter criminal activity. However, as you pointed out, most residential homeowners and renters policies are written a bit differently than auto-theft policies.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Medeco uses special keys, and isn't available from just anywhere. So you've got to get a lock from the same dealer as your target, or at least a dealer that gets a key with the same sidebar code. They aren't consistent. For example we use Medeco locks at work (we are actually licensed by Medeco and have our own lock shop for campus) and I also have one at home that I bought form a local dealer. The keys, though the same shape, size and appearance, are not at all interchangeable. They won't even go in the lock at all.
So, assuming you get a lock with the correct key design, you then have an additional task. Medeco keys are biaxial, meaning they aren't just cut along the vertical. The pins must be lifted and rotated to open. The rotation is achieved by the correct horizontal angle of the cut. Without that, you can't move the pins. So one you have the correct design of key, you have to cut the correct angles in first before making a bump key. If not, you can't bump anything since the pins won't move.
Finally, you have to hope it's an older one, because with the newer sidebar interface, that doesn't work at all.
Given that the point of bumping is simple entry with minimal tools or experience, that doesn't sound at all practical or simple, which is my point. This "all locks are a joke" is oversimplified bragging. No, they aren't. Many, perhaps even most locks are a joke but there are some real good ones out there that are a real bitch to deal with.
Read the PDF linked from the article if you want some more info, it's fairly complete.
Firstly, most home insurance policies cover loss due to THEFT, not just burglary. The difference? Burglary requires proof of forced entry, whereas theft is simply someone taking your things. Theft claims are honoured even if you left your front door wide open.
Secondly, if you ever have a claim denied due to lack of proof of forced entry, talk to a lawyer. Next time, look around for some better insurance. A good insurance buzzword to look into is "All Risk". This sort of coverage even covers you if you do something stupid like drop your TV down the stairs "by accident". Available on most residential insurance policies.
Thirdly, advising people to commit insurance fraud is just about the stupidest thing you can do. Believe me, it's fairly easy to tell the difference between a legitimate break-in, and some stupid homeowner trying to make his claim look "worse". Insurance adjusters can spot this sort of thing a mile away, and you can go to jail for this sort of thing.
If you do actually find yourself in a situation where you only have coverage for buglary, it's better to suck it up and lose a bit of money, rather than risk very large fines, possible jail time - oh, and never being able to get insurance coverage again.
(Note: the above may not apply to non-western countries)
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
*shrug* I'm not sure what difficulty you are having. The whole reason you're reading an article about an 11-year-old doing this is not because she's a prodigy (that is orthogonal to this discussion), but because the vulunerability is so severe they can pick a random person out of a room and have her doing it in a couple of minutes.
If it had been me, I don't think the headline would've been as impressive, ``28-year-old Proves Locks Not So Secure.''
That's not picking, it's bumping. But yeah, she picked several locks (including a five pin that had one ``pick resistant'' spool driver in under a minute). I had only taught her to pick locks the day before.
Knowing one thing about something doesn't make you a hopeless nerd. Bumping a lock doesn't make her a thief. Skating the half at our local park doesn't make her a thug. Driving the WRX doesn't make her a sideshow kid. Getting an amateur radio license doesn't make her a 60 year-old man.
We can all do many interesting things if we stop worrying about labels and just try.
-- The world is watching America, and America is watching TV.
I don't understand why disk tumbler locks haven't gained popularity in US. In Scandinavia, due to harsh environmental conditions, all house locks are this type. They are practically unpickable (you need pro tools) and you still will leave break in marks. Well... people are fools and it's marketing dollars which matter.
From http://www.crypto.com/papers/notes/picking/
Disk Tumbler Locks
Some high security locks, such as those manufactured by Abloy and Abus, use round disk tumblers that are rotated into position by a specially designed key bitted with angled cuts corresponding to each tumbler. These locks are unusual in not requiring springs on the individual tumblers and are therefore especially well suited to outdoor use under extreme conditions. In the United States, disk tumbler cylinders are used primarily for padlocks situated in harsh environments, especially by public utilities and railroads. They require special picking tools to manipulate the tumblers and apply torque.
Well, it's sorta like this:
/. every day.
Short story: this is what you get when ivory-tower nerds get a glimpse of what everyone else knew all along.
Long story: As you said, yes, IRL everyone knew that locks aren't "secure", and won't keep a determined thief out. Locks aren't even a deterrent. They're a bit of a delay and mostly a "if we catch you past this point, we'll throw your sorry arse in jail" marker. The deterrent is the law. If you went through all the trouble of climbing over the fence (or lockpicking the gate) and lockpicking the door too, we have all the proof we need of intent, and we'll throw your arse in jail.
IRL it's not even possible to make something 100% burglar-proof. Even if you had a 100% burglar-proof lock, someone could break a window instead, or hack down the door, or whatever.
IRL that's our security concept, and it worked for maybe 10,000 years. People don't even expect anything to be more secure, computers included. See all the SF settings where people find it natural that a computer from 10,000 years in the future can be hacked by just shooting the keyboard, or that a high-tech computer-controlled door can be defeated with two wires and a PDA. Or by just shooting the control pannel, Star Wars style.
Now enter the ivory tower of OCPD computer nerds, and trying to apply boolean rules to a RL that's made of continuums, and to problems that are more of a min-max problem than if-then-else binary constructs. In their world, either you're 100% secure or you're 100% unprotected and not even trying. Either something is 100% lock, deterrent, judge and jurry rolled into one, or it's crap. And, oh, unless you 100% secured your property or computer or you're an idiot. You see the kind on
So now one of those basically just discovered, "whaaaat? you mean RL locks have exploits and can be hacked?? and people just put up with that and didn't patch them yet???" It runs contrary to their whole (utopic) mental model. So of course they'll make a big fuss out of it, and think they've discovered some secret that noone else knew.
A polar bear is a cartesian bear after a coordinate transform.
ABLOY makes some of the best locks in the world, their system is completely different from the basic American pin/tumbler system.
Read some professional lock hacker reviews of them from The Open Organization of Lockpickers (right side, pdf, 4 parts)
The weak point is the door frame. A while ago I forgot my keys, it took 8 seconds to open the door with my shoulder. I've since added a couple of mortice locks to distribute the force.
Deleted
Um, locks that are actually in service are embedded in doors and until unlocked cannot be removed. And unless they're removed, you can't rotate them around in your hand to find the magic bump spot. So unless the bump spot is on the face of the lock, the security impact of the girl's talent is zero.
Here in finland most locks are abloy ones, it's really rare to see any other kind everywhere except in cheap padlocks. But even abloy classic locks can be picked with few gizmos quite easily (there have been few criminal cases few years back) but I haven't heard of any easy attacks against the exec variant.
Always remember that cheap poorly designed locks will be easy to pick, and to some extent using a different kind of lock than the majority will add some lock security due to the needed research compared to just attacking all locks of the same kind, but then again as noted elsewhere, the locks aren't usually the weakest entrypoints to a house.
11-year-old Proves Locks Not So Secure
from the from-the-hands-of-babes dept.
CowboyNeal describes an eleven-year-old girl as a "babe"! Lock him up!
Thieves used a hydraulic ram to knock a section of wall down to get into my gran's house. This was they could do it hidden behind the house instead of having to go in the front door. All the windows and doors had steel bars on them, and the front door was seriously heavy with 3 different locks on it. They did it on bastille day (french holiday) when loads of fireworks going off so noone would be suspicious of a few bangs. Luckily, she's moved to a slightly less dodgy area now.
If they want to get in, they will.
http://www.frenchgeek.com/
Not all locks are bad - for example most of the locks manufactured by FAB (Czech Rep.) http://fab.cz/catalogue/list/cylinder-locks/all have been bump-proof since 2003. (Sorry, the certificates are only in Czech :( )
Seriously, energy is CREATED? The very fundamental idea of energy is that it can not be created or destroyed!
GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
Unless I have the meaning of "burgled" wrong, has this house been hit multiple times? Instead of buying every security system on the market, they might want to just spend the money on a new house in a new area.
We carved our locks out of mastedon bone, and whittled keys from soon to be petrified wood.
P.S. - we walked to school uphill both ways, barefoot except for the barbed wire we wrapped around them for traction.
Busy aligning my non-linear thoughts.
I have known about this for years, hell a locksmith tought me how to bump locks.
It also works on padlocks as long as you can stop the lock from moving around.
That's why my house has bio-metric locks, and a few really big dogs.
Actually the sign at my gate says it all, "If you can read this, you are in range."
-- I am the NRA, enough said...
If somebody wants to break into your house, esp. these shitty "McMansions" with their Cell-O-Tex exterior walls and vinyl siding, all the need is a box cutter.
"Reality is that which, when you stop believing in it, it doesn't go away." - Philip K. Dick
But don't let the fact that you haven't a clue what you're talking about deter you in any way from claiming that "the security impact of the girl's talent is zero." The fact is the girl has no special talent or training, and this technique works on an obscene percentage of the world's tumbler locks.
"Not a very realistic threat," indeed.
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
It is most likely her parent(s) were the ones interested in going had no choice but to bring her along for whatever reason. It really isn't that uncommon for parents to drag their kids to all sorts of strange places that the kid wants no part of.
I also fail to see the association of lock picking with being a nerd. More non-nerds know how to lock pick than nerds. You would be labeled an untrustworthy punk before a nerd for what you did.
Look kiddo, it's "hear, hear" and if you want to be taken seriously there's two things you have to do:
If you actually knew anything about the history of development of Windows NT and of Linux, you'd know precisely why Linux is more secure. Hint: Part of it is simply because it's not Windows NT. NT has always been secure, and will always be insecure, short of a complete, line-by-line security audit that would probably break backwards compatibility all to hell in microsoft-land, simply because they have never given a fuck about security and we're constantly finding exploits that have been in the code literally for years upon years, because they have been carried from version to version.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
The USPTO is hiring. :p
I do not fail; I succeed at finding out what does not work.
There was a talk about this at the most recent HOPE conference by the head of Toool. The audio is avalable for download (128kbps, 16kbps).Toool also has a paper on the subject.
Doheth. That'll teach me to follow the video link without following the article link. You are of course quite correct. Sorry.
then why can't I open my locked door with the correct key to the lock?
The front door to the building where I live does not close and/or lock properly, and the owner(s) don't care to do more than pretend to repair the problem. So I was robbed one weekend, where it was determined that they easily picked at the mutiple locks on my door as there no sign of forced entry. I replaced the locks for better and more varied ones, and had a monitored alarm system installed.
I live on a busy street and I've since witnessed an average of three attempts a week at opening the door to my appartment, and I'm mostly not at home during the daytime during week days, which is when these predators/opportunists operate. (So there might be many more attempts.) Please note that by this I mean walk-in theft; they enter appartment buildings, and then simply try the handle on most doors, to see if they'll get lucky.
Once while stuck at home sick, I'd let my keys hang on the inside door handle (but while keeping the door locked) so that they would fall to the floor when the handle was turned; this is where I got my first taste of how often this takes place. They don't try all the doors, it seems that after two or three doors, they just get out of there, so at best you confront them and they just claim that they walked into the wrong place and are simply lost. One guy made up a story of being curious about the fire that had ruined a nearby building, which he was apparently looking at from my rear balcony, I let him go, but later found out that the fire had taken place 8-9 years ago.
Even if they try your door, and it wasn't locked because you were there, what crime have they really commited by opening it? This predicament seems frustrating at best to me so far.
Once I had taken my sweet time downstairs reading my mail before I'd proceeded up to get to my own door, and I'd thus witnessed a guy trying to walk in after me to do his round, THREE TIMES, I kid you not, he came up to the door three times! -They act without fear, plain and simple.
My sister does exactly the oposite: she leaves the backdoor open all the time. Friends, neighbours, family know this. My nieces can always come home from school and they never have the door locked. They have a little old television set and an old DVD player and that's about it in terms of valuables you'll find there. Perhaps an few old computers upstairs, some kids toys...She and her husband think that too much TV is not good for the kids anyway. And they never get robbed, never had even the slightest issue with it. There is a morale in it somewhere, I'm not sure what it is though :-)
My uncle has left all of his cars open all the time everywhere he goes, and at home. Period. Every car he's owned. One story is he parked at the "really crappy/high crime" mall (they have signs that, to paraphrase, say your car is likely to be punked) in his city and the car BESIDE his got busted into. Broken windows, busted dashboard, the works...his truck? Nothing. His windows were down! He even does this with his new truck.
It's so crazy, it works. He says he thinks that the punks that would bust in probably think it's being watched or something, or...there's nothing of value in it...because he doesn't leave anything of value in it and if someone wants to check, he doesn't have to replace the busted window, if they take the truck, it's covered 100%...so, I agree with the other poster that says if you LOOK like you have something to protect, it might become more attractive.
Inject.
Thankyou very much, I'll be here all week.
The lock were carved out of a mastedon bone while t' mastedon were still alive, and the key had to be gnawed from the distal phalanx of me index finger!
But you try telling that to kids of today.