Slashdot Mirror
11-year-old Proves Locks Not So Secure
An anonymous reader writes "A new security column at Engadget details the new 'old' threat of bumping locks. The article goes on to describe and demonstrate an 11-year-old girl bypassing a standard 5-pin lock at a recent DefCon Hacker Convention. The girl had no prior experience and didn't even understand the theory she was applying. Scary!"
Locks are to honest people honest, and keep insurance companies satisfied.
The finest safes are only rated by how many minutes it will take a determined theif out.
"Prefiero morir de pie que vivir siempre arrodillado!"
The Kwikset that she opened is sold in every hardware and DIY store in the country, and is believed to be secure by the public.
As with any security measure, be it a physical lock, a cipher, encryption, anything, it only works if you know how to use it properly. A cheap cylinder lock is secure enough to deter a passing opportunist (eg, not someone who carries a bump) and should be used as such. To secure your house or office you shouldn't look at anything less than a Mortis or a deadlock, and you should have at least two on each entry point. Windows should lock from the inside, again with deadlocks.
A cylinder lock is the equivalent of using ROT13 to secure a password file. It'll stop someone who's not trying to get in, but that's about it.
http://twitter.com/onion2k
Er... linking to one on the front page of /.?
It's WMV, which is both patented and trade-secreted. MPEG-4, by contrast, is only patented.
Er, aren't most breakins done when the person is NOT at home? What possible use is something that only locks and unlocks from the inside in that case?
Why? Why is it disturbing? The state of the universe did not change because an eleven year old girl opened a lock. As a matter of fact, I'd wager that locks are pretty much just as secure as they were before a girl opened a lock (which is to say, not terribly secure, but worth having anyhow).
What changed?
Why yes, I AM a rocket scientist!
...than picking 'em.
Years ago I was at a tech flea market and - on a childish whim - bought a fairly nice set of lock picks (which are legal to sell in that state, unlike some). FYI - I am of the "Man from UNCLE", "T.H.E CAT", "The Prisoner", and "007" generation so I always wanted to be able to pick locks like the spies.
I even bought a lockpicking book ("Lock-picking Made Easy" by Lenny the Wire) I always liked that name.
I soon found out how incredibly easy it is! After picking my first lock (a random key lock I had laying around) I went to Home Depot and bought about a dozen key locks of various mfgrs and proceeded to pick 'em! I then did all the locks on all the doors on my house. Then I worked on my suitcases. I even did the lock on the li'l box I stored my 5 1/2 PC diskettes in. Then I did both cars.
What I learned was:
"No key lock is really secure. None are pick-proof."
"Most are ridiculously easy to pick. Even those circular-key vending machine ones."
"The bigger they are, the easier they are to open."
"Car locks are a lot harder."
The "skill" I developed has come in handy once or twice, but that's not the real virtue of it. It teaches you that locks are jokes. They keep out the already-honest, and the occasional lazy thief.
Cloned foods give the statement "We had that last week!" a whole new meaning.
not to self:
if robbed, use crow bar to force open window before calling the police.
The Kruger Dunning explains most post on
Either way, Windows are still vulnerable.
Never argue with a man carrying a water buffalo
That's true. The deaths on 9/11 are about the same as one month's worth of traffic fatalities in the US. In the last five years, in the US, you were 60 times more likely to die in an auto accident than in an act of terrorism.
Anybody who had the vaguest desire to open a lock could learn how to do so. It's not very complicated. So, again...what has changed?
Why yes, I AM a rocket scientist!
Yeah, and then when the police question neighbors they find out YOU were the one who forced the window open. That'll be fun.
Are you serious about not undersanding why bumping might be preferable? It takes no more time, destroys nothing, makes very little noise if done right, doesn't require hammer, screwdriver, or pliers, and can be carried out while looking relatively inconspicuous if you've got some amount skill and coolness.
The lack of damage is key here (no pun)...passers-by don't see a busted lock, person coming home doesn't realize right away there's been a robbery, cops can't be sure if there's been a lock picked/bumped, door left open, or owner staging a crime. Insurance companies fight and claim there's no evidence of break-in.
What's simple about grunting and jerking and making a racket and leaving a door hanging open? If you're going that route, you can minimize the incriminating tools you're carrying and just use a sledgehammer to knock the door out of the frame. Or just pick up a cinder block and heave it through the front window. Or just burn the house down and sift through the ashes for coins and gems.
The thing that is most scary about this attack is that it leaves no trace of the crime, unlike a broken window. This means that some unfortunate people won't be able to convince their insurance company to pay up because there is no evidence of forced entry. The insurance company will try to claim that you forgot to lock your door and refuse to pay up.
I'll probably be modded down for this...
I think most people are over reacting. Locks are not in place to keep out someone who wants to come in, as previously mentioned, a lockcutter or hammer will always work. Rather, these locks are meant to keep the majority of people out, people who, upon finding a locked door, will go away.
This sig is definitive. Reality is frequently inaccurate.
If my wife's diamonds are protected only by a cheesy padlock, I must not care about them very much, do I?
For the record, diamonds are slavery, and I won't have anything to do with them. My wife feels the same way.
Why yes, I AM a rocket scientist!
Mod Parent Up.
I just bought a house a few months ago, and as one does when one buys a house, the first thing I did was to change all the locks, and throw some padlocks on the gates to the back yard. Then I had a security monitoring system installed (Brinks, recommended for their professionalism), and finally, the wife and I bought a small fireproof safe to store some documents and valuables in.
This whole process sparked off a discussion about security with a coworker who lives in a house valued at approximately four times my own, his house also being located in a gated community. The gist of the discussion was that there's no way to make your house totally secure, all you can do is add enough deterrants to make it less desirable for the common theif to break into your home. If someone really wanted to get into my place, they could, and if they knew exactly where to go and what to grab, they could really screw me and probably get away before the police were notified and showed up.
However, each layer of security, the locks, the security system, and the safe, adds a deterrant. There's the time that has to be invested getting in, the fear of someone hearing the alarm going off and the ticking clock of the authorities being notified and dispatched, not to mention the hassle of locating and gaining access to the inside of the safe. Only someone who invested some serious research time and effort could gain access to my valuables and get away with it. And for what? My passport, some petty cash, and copies of my legal documents?
The level of security has to match the value of what the security is trying to protect, and the common door lock is probably plenty of security for 90% of the people who have one. Only the truly paranoid, or those with something really valuable (or irreplacable), need more, and even in that case, not that much more.
In the end, my wife and I joke every time we set our alarm and lock our door that we hope no one steals our Fabrige Egg or Hope Diamond.
The typical burglar's biggest needs are to avoid detection and to take things that are easily converted to cash. Method: Shake hands with the house's doorknobs, try the ground floor windows, and if nothing is unlocked, kick in a door not visible from the street. Get in and out in under five minutes. Go straight to the bedroom and start tossing: Look under the bed, under the mattress, in the nightstand, through the dresser drawers, in the jewel box, on the top shelf of the closet. The priority items are money, guns and jewelry. Don't bother with anything else, just put it all in your pockets and get the hell out.
That covers most bases. The first time I was robbed, the idiot took my VCR, but the remote to my stereo. For months I actually had to walk across the room to press "play". It was like being in hell.
This is not my sandwich.
I have no idea what you do or don't know, but if you honestly think you understand everything you use, you're both foolish -and- arrogant.
there is no need to sign your posts. this isn't usenet. your username is right there above your post. stop it.
Anyone can add worms, viruses and spyware to the Linux source disguised as drivers.
Yeah, provided they can get their spyware patches past the guys on the kernel mailing list. Are you naturally a moron, or did you have to study Stupid 101?
Firstly, most home insurance policies cover loss due to THEFT, not just burglary. The difference? Burglary requires proof of forced entry, whereas theft is simply someone taking your things. Theft claims are honoured even if you left your front door wide open.
Secondly, if you ever have a claim denied due to lack of proof of forced entry, talk to a lawyer. Next time, look around for some better insurance. A good insurance buzzword to look into is "All Risk". This sort of coverage even covers you if you do something stupid like drop your TV down the stairs "by accident". Available on most residential insurance policies.
Thirdly, advising people to commit insurance fraud is just about the stupidest thing you can do. Believe me, it's fairly easy to tell the difference between a legitimate break-in, and some stupid homeowner trying to make his claim look "worse". Insurance adjusters can spot this sort of thing a mile away, and you can go to jail for this sort of thing.
If you do actually find yourself in a situation where you only have coverage for buglary, it's better to suck it up and lose a bit of money, rather than risk very large fines, possible jail time - oh, and never being able to get insurance coverage again.
(Note: the above may not apply to non-western countries)
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
*shrug* I'm not sure what difficulty you are having. The whole reason you're reading an article about an 11-year-old doing this is not because she's a prodigy (that is orthogonal to this discussion), but because the vulunerability is so severe they can pick a random person out of a room and have her doing it in a couple of minutes.
If it had been me, I don't think the headline would've been as impressive, ``28-year-old Proves Locks Not So Secure.''
That's not picking, it's bumping. But yeah, she picked several locks (including a five pin that had one ``pick resistant'' spool driver in under a minute). I had only taught her to pick locks the day before.
Knowing one thing about something doesn't make you a hopeless nerd. Bumping a lock doesn't make her a thief. Skating the half at our local park doesn't make her a thug. Driving the WRX doesn't make her a sideshow kid. Getting an amateur radio license doesn't make her a 60 year-old man.
We can all do many interesting things if we stop worrying about labels and just try.
-- The world is watching America, and America is watching TV.
Well, it's sorta like this:
/. every day.
Short story: this is what you get when ivory-tower nerds get a glimpse of what everyone else knew all along.
Long story: As you said, yes, IRL everyone knew that locks aren't "secure", and won't keep a determined thief out. Locks aren't even a deterrent. They're a bit of a delay and mostly a "if we catch you past this point, we'll throw your sorry arse in jail" marker. The deterrent is the law. If you went through all the trouble of climbing over the fence (or lockpicking the gate) and lockpicking the door too, we have all the proof we need of intent, and we'll throw your arse in jail.
IRL it's not even possible to make something 100% burglar-proof. Even if you had a 100% burglar-proof lock, someone could break a window instead, or hack down the door, or whatever.
IRL that's our security concept, and it worked for maybe 10,000 years. People don't even expect anything to be more secure, computers included. See all the SF settings where people find it natural that a computer from 10,000 years in the future can be hacked by just shooting the keyboard, or that a high-tech computer-controlled door can be defeated with two wires and a PDA. Or by just shooting the control pannel, Star Wars style.
Now enter the ivory tower of OCPD computer nerds, and trying to apply boolean rules to a RL that's made of continuums, and to problems that are more of a min-max problem than if-then-else binary constructs. In their world, either you're 100% secure or you're 100% unprotected and not even trying. Either something is 100% lock, deterrent, judge and jurry rolled into one, or it's crap. And, oh, unless you 100% secured your property or computer or you're an idiot. You see the kind on
So now one of those basically just discovered, "whaaaat? you mean RL locks have exploits and can be hacked?? and people just put up with that and didn't patch them yet???" It runs contrary to their whole (utopic) mental model. So of course they'll make a big fuss out of it, and think they've discovered some secret that noone else knew.
A polar bear is a cartesian bear after a coordinate transform.
I live in Holland and around here bikes are all over the place and it's very common for bycicles to be stollen.
..... 2 locks.
Thus everybody locks their bikes when leaving them outside (for example at the train station). Still, locked bikes also get stollen.
If you leave your bike out around here, the easiest way to NOT have your bikes stollen is
Simply put, a bike with 2 locks is not worth the trouble for a thief if right next to it there's a bike with 1 lock (keep in mind the this is happening in an open parking area for bikes filled with more than 100 bikes)
Same principle really, make it less attractive for thiefs to steal your stuff and they'll mostly leave you alone and go for easier targets.
PS: This same principle applies to mugging - people that look and act like victims are more likelly to actually become victims of mugging than those that look confident and unafraid.
My sister does exactly the oposite: she leaves the backdoor open all the time.
:-)
Friends, neighbours, family know this. My nieces can always come home from school and they never have the door locked.
They have a little old television set and an old DVD player and that's about it in terms of valuables you'll find there.
Perhaps an few old computers upstairs, some kids toys...
She and her husband think that too much TV is not good for the kids anyway.
And they never get robbed, never had even the slightest issue with it.
There is a morale in it somewhere, I'm not sure what it is though
you're not arguing with the GP man. He's saying that each layer of security helps as a deterrant and you're just being an argumentative bitch. He's saying how nothing will make him un-robbable, but if you have enough of these security features the "junkie" that's after your radio will look at his house with the extra things to overcome, then he'll look at the next house over, which simply has locks on the door. The risk of getting caught breaking into the house with a lock is definitely far less than the one with the lock, the alarm, the dog, and the motion-detect lights.
Even junkies know to break into the first house.
disclaimer: I've been known to store numbers in my ass for which to dig out when quantities are required.