Slashdot Mirror
The Study of Physical Hacks at DefCon
eldavojohn writes "DefCon usually focuses on electronic security, but Saturday a talk was held that focused on possibly the oldest form of hacking — lockpicking. As software security becomes better and better, the focus may be shifting towards simple hacking tips like looking over someone's shoulder for their password, faking employment or just picking the locks to gain access to the building where machines are left on overnight. From the article: 'Medeco deadbolt locks relied on worldwide at embassies, banks and other tempting targets for thieves, spies or terrorists can be opened in seconds with a strip of metal and a thin screw driver, Marc Tobias of Security.org demonstrated for AFP ... Tobias says he refuses to publish details of 'defeating' the locks because they are used in places ranging from homes, banks and jewelers to the White House and the Pentagon. He asked AFP not to disclose how it is done.' I'm sure all Slashdot readers are savvy enough to use firewall(s) but do you know and trust what locks 'physically' protect your data from hacks like these?"
Why do they put door locks on a convertible?
What?
You seem to know a thing or two about Medeco locks (like the fact that there's a diff. between the original and Biaxial). If you know/see something about the article I don't, please let me know. My father worked for Medeco (and I briefly worked in their factory one summer) and I'm sure he'd love to know.
Also, last I heard, there was still a reward offered by Medeco for picking a lock at their headquarters in Salem VA.
$7.95/mo, 200 GB disk, 2TBxfer, MySQL, PHP, RoR.
One summer I was forced to park right in the same neighborhood as crack houses, etc, because of where I had to work. As did my co workers. They all locked their doors and trunks, result, all of them got busted glass and popped trunks. I warned them too, I really did, I said "look at reality, these cars are targets now". Nope, none of them listened. I left my doors unlocked and the trunk slightly open, just eased down. The ride was so old and ratty I wasn't afraid of it getting stolen, albeit that was a chance. There was nothing left in the car to steal, a very cheap in dash radio not even worth a dollar at a pawn shop, but I made it easy for the crooks to ascertain that, because I knew they would look.
Ya, it sucked doing that,the principle rankled me, but my practical nature took over, because it was better than having to replace a door window.
Most modern stick frame construction houses are vulnerable to a razor knife. Just pick a section of wall and slice a hole. You got plastic siding, a thin tyvek sheet, some cheap ass pressboard stuff,(glorified cardboard really), some spun fiberglass insulation, then drywall. That's all you need, a couple minutes with a razor knife and any thief can get in easy, let alone if they use something like a cordless sawzall thing.
A big problem with mechanical locks is the form factor. Anything that has to fit in a standard US cylinder lock hole is inherently weak. It's just too small.
There are some good locking systems out of Israel. Mul-T-Lock makes door locks that extend three or four deadbolts through the door and into the frame, like a vault door. These are made to work like ordinary door lever locks.
The best residential doors are found in older HUD-financed housing projects in bad neighborhoods. Apartment doors are steel fire doors mounted in steel frames, and walls are reinforced concrete. Those things will resist a battering ram. The lock mechanisms usually aren't that great, but the threat there is generally brute force, not lockpicking.
It's surprisingly hard to get good doors and locks in the US. There are better locks in parts of the Third World.
This isn't borne out by any evidence. I call a foul and remove the argument from play. No yardage on the call.
"We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
I'm currently managing a transition to using only encrypted file systems, using loop-aes. As the parent says, one reason to use encrypted file systems is protection against burglars. The access keys for the data disappear as soon as the power is disconnected, so the burglar gets the hardware but no data. Thieves have to be unusually smart if they want to copy the plaintext - they'll have to trick you into revealing the key to them somehow.
But it doesn't just protect my data from burglars. It also enables me to return hard disks for warranty replacement without worrying that the manufacturer will be able to look through my files. I don't have to scrub my disks before sending them off. Disk scrubbing is never 100% effective, and might not even be possible if the controller has failed.
Loop-aes is now supported by Debian stable. I just needed to apt-get two packages, loop-aes-utils and loop-aes-modules-$KERNELVERSION. Through this, it is very easy to add non-root encrypted filesystems to your machine. An encrypted root filesystem is harder to arrange, but well worth having. There are HOWTO guides to help you set one up. The usual implementation requires you to enter a passphrase as your machine boots.
>north
You're an immobile computer, remember?
I remember buying a Samsonite briefcase with digital lock. Two weeks later I had a bunch of people try to open it over a weekend. Nobody managed to crack the 4 digit lock during the two days despite trying all available combinations and despite me opening it every time when I was handed it.
:-)
Why?
Because they DIDN'T try all available combinations. I discovered that the Samsonite digital lock with 4 positions from 0..9 can have a total of 11110 combinations instead of 10000 because you do not need to use all positions (which is not even in the little manual). In other words, the number of possible combinations is 10000 + 1000 + 100 + 10. The combination in use was "9" with me pretending to press the remaining 3 digits so there was a little bit of misdirection involved
Having said that, that specific lock has a more fundamental flaw that allows it to be easily reset, and this type of briefcase is not popular with airport security so I eventually stopped using it.
Insert
It depends. My grandfather keeps an unloaded handgun in a drawer by his bed. It's his contention that a burglar isn't going to ask to see the magazine when they're on the wrong end of the barrel.
Or you could do what Pat McManus does, and have an alarm system that doesn't beep, it plays the sound of a pump-action 12-gauge. A gun doesn't have to be dangerous to be a deterrent.
I see your informative link, and raise you a pithy comment.
It's much more effective to have an alarm system than it is to back up your deadbolt locks with a gun.
You sir, are a fucking idiot.
So you're saying it's better to have an alarm system which usually takes over a minute to alert the alarm company, then about 30 seconds for them to call your local dispatch center. Then another 30 seconds for the dispatcher to get the information. Then they have to give the info out to the officers...and in a lot of places (other than Big City USA) it can take 15 minutes or more for the officers to arrive.
My wife used to be a dispatcher. Most nights in our county there would be one officer on. And their policy on a break-in was to wait for another officer to get out of bed, get dressed, get in his car, and drive 30 minutes from the middle of nowhere to your house.
So you're saying you should have no defense against someone breaking in to harm you and/or your family for a minimum of 5-10 minutes?
Like I said, you sir are a fucking idiot.
I am a man, and I will stand up and defend my family.
There's no place like
I really don't want to advertise but here in Finland about 99.99% of households and companies use Abloy locks. Yes, they have sort of monopoly here but that's gained on true merits. The locks are so hard to pick, that if you lose your key, locksmiths will just break your door or the lock if possible. It's not worth spending 10 hours picking it. A second good reason for using Abloy is that it doesn't freeze or get jammed as like pinlocks. There does exists tools to open Abloy locks but they can be used only on models made in the 70's so they basically useless.