Slashdot Mirror
The Study of Physical Hacks at DefCon
eldavojohn writes "DefCon usually focuses on electronic security, but Saturday a talk was held that focused on possibly the oldest form of hacking — lockpicking. As software security becomes better and better, the focus may be shifting towards simple hacking tips like looking over someone's shoulder for their password, faking employment or just picking the locks to gain access to the building where machines are left on overnight. From the article: 'Medeco deadbolt locks relied on worldwide at embassies, banks and other tempting targets for thieves, spies or terrorists can be opened in seconds with a strip of metal and a thin screw driver, Marc Tobias of Security.org demonstrated for AFP ... Tobias says he refuses to publish details of 'defeating' the locks because they are used in places ranging from homes, banks and jewelers to the White House and the Pentagon. He asked AFP not to disclose how it is done.' I'm sure all Slashdot readers are savvy enough to use firewall(s) but do you know and trust what locks 'physically' protect your data from hacks like these?"
You seem to know a thing or two about Medeco locks (like the fact that there's a diff. between the original and Biaxial). If you know/see something about the article I don't, please let me know. My father worked for Medeco (and I briefly worked in their factory one summer) and I'm sure he'd love to know.
Also, last I heard, there was still a reward offered by Medeco for picking a lock at their headquarters in Salem VA.
$7.95/mo, 200 GB disk, 2TBxfer, MySQL, PHP, RoR.
One summer I was forced to park right in the same neighborhood as crack houses, etc, because of where I had to work. As did my co workers. They all locked their doors and trunks, result, all of them got busted glass and popped trunks. I warned them too, I really did, I said "look at reality, these cars are targets now". Nope, none of them listened. I left my doors unlocked and the trunk slightly open, just eased down. The ride was so old and ratty I wasn't afraid of it getting stolen, albeit that was a chance. There was nothing left in the car to steal, a very cheap in dash radio not even worth a dollar at a pawn shop, but I made it easy for the crooks to ascertain that, because I knew they would look.
Ya, it sucked doing that,the principle rankled me, but my practical nature took over, because it was better than having to replace a door window.
Most modern stick frame construction houses are vulnerable to a razor knife. Just pick a section of wall and slice a hole. You got plastic siding, a thin tyvek sheet, some cheap ass pressboard stuff,(glorified cardboard really), some spun fiberglass insulation, then drywall. That's all you need, a couple minutes with a razor knife and any thief can get in easy, let alone if they use something like a cordless sawzall thing.
A big problem with mechanical locks is the form factor. Anything that has to fit in a standard US cylinder lock hole is inherently weak. It's just too small.
There are some good locking systems out of Israel. Mul-T-Lock makes door locks that extend three or four deadbolts through the door and into the frame, like a vault door. These are made to work like ordinary door lever locks.
The best residential doors are found in older HUD-financed housing projects in bad neighborhoods. Apartment doors are steel fire doors mounted in steel frames, and walls are reinforced concrete. Those things will resist a battering ram. The lock mechanisms usually aren't that great, but the threat there is generally brute force, not lockpicking.
It's surprisingly hard to get good doors and locks in the US. There are better locks in parts of the Third World.
I remember buying a Samsonite briefcase with digital lock. Two weeks later I had a bunch of people try to open it over a weekend. Nobody managed to crack the 4 digit lock during the two days despite trying all available combinations and despite me opening it every time when I was handed it.
:-)
Why?
Because they DIDN'T try all available combinations. I discovered that the Samsonite digital lock with 4 positions from 0..9 can have a total of 11110 combinations instead of 10000 because you do not need to use all positions (which is not even in the little manual). In other words, the number of possible combinations is 10000 + 1000 + 100 + 10. The combination in use was "9" with me pretending to press the remaining 3 digits so there was a little bit of misdirection involved
Having said that, that specific lock has a more fundamental flaw that allows it to be easily reset, and this type of briefcase is not popular with airport security so I eventually stopped using it.
Insert
It's much more effective to have an alarm system than it is to back up your deadbolt locks with a gun.
You sir, are a fucking idiot.
So you're saying it's better to have an alarm system which usually takes over a minute to alert the alarm company, then about 30 seconds for them to call your local dispatch center. Then another 30 seconds for the dispatcher to get the information. Then they have to give the info out to the officers...and in a lot of places (other than Big City USA) it can take 15 minutes or more for the officers to arrive.
My wife used to be a dispatcher. Most nights in our county there would be one officer on. And their policy on a break-in was to wait for another officer to get out of bed, get dressed, get in his car, and drive 30 minutes from the middle of nowhere to your house.
So you're saying you should have no defense against someone breaking in to harm you and/or your family for a minimum of 5-10 minutes?
Like I said, you sir are a fucking idiot.
I am a man, and I will stand up and defend my family.
There's no place like