Slashdot Mirror
11-year-old Proves Locks Not So Secure
An anonymous reader writes "A new security column at Engadget details the new 'old' threat of bumping locks. The article goes on to describe and demonstrate an 11-year-old girl bypassing a standard 5-pin lock at a recent DefCon Hacker Convention. The girl had no prior experience and didn't even understand the theory she was applying. Scary!"
Locks are to honest people honest, and keep insurance companies satisfied.
The finest safes are only rated by how many minutes it will take a determined theif out.
"Prefiero morir de pie que vivir siempre arrodillado!"
The Kwikset that she opened is sold in every hardware and DIY store in the country, and is believed to be secure by the public.
As with any security measure, be it a physical lock, a cipher, encryption, anything, it only works if you know how to use it properly. A cheap cylinder lock is secure enough to deter a passing opportunist (eg, not someone who carries a bump) and should be used as such. To secure your house or office you shouldn't look at anything less than a Mortis or a deadlock, and you should have at least two on each entry point. Windows should lock from the inside, again with deadlocks.
A cylinder lock is the equivalent of using ROT13 to secure a password file. It'll stop someone who's not trying to get in, but that's about it.
http://twitter.com/onion2k
...than picking 'em.
Years ago I was at a tech flea market and - on a childish whim - bought a fairly nice set of lock picks (which are legal to sell in that state, unlike some). FYI - I am of the "Man from UNCLE", "T.H.E CAT", "The Prisoner", and "007" generation so I always wanted to be able to pick locks like the spies.
I even bought a lockpicking book ("Lock-picking Made Easy" by Lenny the Wire) I always liked that name.
I soon found out how incredibly easy it is! After picking my first lock (a random key lock I had laying around) I went to Home Depot and bought about a dozen key locks of various mfgrs and proceeded to pick 'em! I then did all the locks on all the doors on my house. Then I worked on my suitcases. I even did the lock on the li'l box I stored my 5 1/2 PC diskettes in. Then I did both cars.
What I learned was:
"No key lock is really secure. None are pick-proof."
"Most are ridiculously easy to pick. Even those circular-key vending machine ones."
"The bigger they are, the easier they are to open."
"Car locks are a lot harder."
The "skill" I developed has come in handy once or twice, but that's not the real virtue of it. It teaches you that locks are jokes. They keep out the already-honest, and the occasional lazy thief.
Cloned foods give the statement "We had that last week!" a whole new meaning.
not to self:
if robbed, use crow bar to force open window before calling the police.
The Kruger Dunning explains most post on
That's true. The deaths on 9/11 are about the same as one month's worth of traffic fatalities in the US. In the last five years, in the US, you were 60 times more likely to die in an auto accident than in an act of terrorism.
The thing that is most scary about this attack is that it leaves no trace of the crime, unlike a broken window. This means that some unfortunate people won't be able to convince their insurance company to pay up because there is no evidence of forced entry. The insurance company will try to claim that you forgot to lock your door and refuse to pay up.
I'll probably be modded down for this...
I think most people are over reacting. Locks are not in place to keep out someone who wants to come in, as previously mentioned, a lockcutter or hammer will always work. Rather, these locks are meant to keep the majority of people out, people who, upon finding a locked door, will go away.
This sig is definitive. Reality is frequently inaccurate.
Mod Parent Up.
I just bought a house a few months ago, and as one does when one buys a house, the first thing I did was to change all the locks, and throw some padlocks on the gates to the back yard. Then I had a security monitoring system installed (Brinks, recommended for their professionalism), and finally, the wife and I bought a small fireproof safe to store some documents and valuables in.
This whole process sparked off a discussion about security with a coworker who lives in a house valued at approximately four times my own, his house also being located in a gated community. The gist of the discussion was that there's no way to make your house totally secure, all you can do is add enough deterrants to make it less desirable for the common theif to break into your home. If someone really wanted to get into my place, they could, and if they knew exactly where to go and what to grab, they could really screw me and probably get away before the police were notified and showed up.
However, each layer of security, the locks, the security system, and the safe, adds a deterrant. There's the time that has to be invested getting in, the fear of someone hearing the alarm going off and the ticking clock of the authorities being notified and dispatched, not to mention the hassle of locating and gaining access to the inside of the safe. Only someone who invested some serious research time and effort could gain access to my valuables and get away with it. And for what? My passport, some petty cash, and copies of my legal documents?
The level of security has to match the value of what the security is trying to protect, and the common door lock is probably plenty of security for 90% of the people who have one. Only the truly paranoid, or those with something really valuable (or irreplacable), need more, and even in that case, not that much more.
In the end, my wife and I joke every time we set our alarm and lock our door that we hope no one steals our Fabrige Egg or Hope Diamond.
Well, it's sorta like this:
/. every day.
Short story: this is what you get when ivory-tower nerds get a glimpse of what everyone else knew all along.
Long story: As you said, yes, IRL everyone knew that locks aren't "secure", and won't keep a determined thief out. Locks aren't even a deterrent. They're a bit of a delay and mostly a "if we catch you past this point, we'll throw your sorry arse in jail" marker. The deterrent is the law. If you went through all the trouble of climbing over the fence (or lockpicking the gate) and lockpicking the door too, we have all the proof we need of intent, and we'll throw your arse in jail.
IRL it's not even possible to make something 100% burglar-proof. Even if you had a 100% burglar-proof lock, someone could break a window instead, or hack down the door, or whatever.
IRL that's our security concept, and it worked for maybe 10,000 years. People don't even expect anything to be more secure, computers included. See all the SF settings where people find it natural that a computer from 10,000 years in the future can be hacked by just shooting the keyboard, or that a high-tech computer-controlled door can be defeated with two wires and a PDA. Or by just shooting the control pannel, Star Wars style.
Now enter the ivory tower of OCPD computer nerds, and trying to apply boolean rules to a RL that's made of continuums, and to problems that are more of a min-max problem than if-then-else binary constructs. In their world, either you're 100% secure or you're 100% unprotected and not even trying. Either something is 100% lock, deterrent, judge and jurry rolled into one, or it's crap. And, oh, unless you 100% secured your property or computer or you're an idiot. You see the kind on
So now one of those basically just discovered, "whaaaat? you mean RL locks have exploits and can be hacked?? and people just put up with that and didn't patch them yet???" It runs contrary to their whole (utopic) mental model. So of course they'll make a big fuss out of it, and think they've discovered some secret that noone else knew.
A polar bear is a cartesian bear after a coordinate transform.