Slashdot Mirror

← Back to Stories (view on slashdot.org)

Book Reviews: Lockpicking Books From Deviant Ollam

Posted by samzenpus on from the read-all-about-it dept.

benrothke writes "It is well known that the password, while the most widespread information security mechanism, is also one of the most insecure. It comes down to the fact that the average person can't create and maintain secure passwords. When it comes to physical locks, the average lock on your home and in your office is equally insecure. How insecure it in? In two fascinating books on the topic, Deviant Ollam writes in Practical Lock Picking, Second Edition: A Physical Penetration Testers Training Guide and Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks that it is really not that difficult. When it comes to information security penetration tests done on the client site, the testers will most often have permission to be inside the facility. On rare occasions, the testers need to find alternative means to gain entrance. Sometimes that means picking the locks." Keep reading to learn if you'll be picking locks soon. Practical Lock Picking, 2nd ed. / Keys to the Kingdom author Deviant Ollam pages 296 / 256 publisher Syngress rating 9/10 reviewer Ben Rothke ISBN 978-1597499897 / 978-1597499835 summary Two excellent books on the fundamentals of lockpicking All of the information in the books is long known to professional locksmiths. For those whose responsibilities include physical security, it is hoped that they are at least at the level of the locksmiths, and have designed their physical security plant accordingly.

Ollam is a member of The Open Organization Of Lockpickers (TOOOL), a group whose goal is to advance the general public knowledge about locks and lock picking. TOOL'S mantra is that the more that people know about lock technology, the better they are capable of understanding how and where certain weaknesses are present. This makes them well-equipped to participate in sport picking endeavors and also helps them simply be better consumers in the marketplace, making decisions based on sound fact and research. In these books, Ollam stays true to that mantra.

The two books have some overlap. Practical Lock Picking is meant as a beginners guide to lock picking, and is intended to be a hands-on guide with hundreds of pictures and diagrams.

Ollam writes in a clear-cut and systematic manner, describing all of the details needed. Nearly every page includes pictures and diagrams to illustrate the point. In 6 easily readable chapters, Ollam covers the core areas needed to gain a comprehensive understanding of the topic of lock picking. By the end of the book, you won't be a locksmith or even close. But for those that have locksmithing in their blood, or want to get greater insights, the book will be a great resource that will help them get there.

Chapter 1 starts the book on the fundamentals of pin tumbler and wafer locks; which are two of the most common types of locks in use. Ollam notes that while there are a multitude of lock designs on the market today produced by many different manufactures, the bulk of these locks are not in widespread use. With that, he notes that if the reader can understand the basics of just a few styles of locks, he is confident that the reader should be open top open with great east at least 75% of the locks they are likely to encounter, and even more as you become more skilled with them.

After the introduction, chapter 2 gets into the basics of lock picking and how to exploit weaknesses that most locks have. Many of these weaknesses are due to errors in the manufacturing process, which the book details. Information security guru has observed that "security is a tax on the honest majority". He writes that security often does not keep that bad guys out. Similarly, insecure physical locks will do little to keep the bad guys out, which Ollam so persuasively writes about.

In chapter 5, Ollam details what he terms quick-entry tricks, which is done via shimming, bumping and bypassing. Lock bumping has gotten a lot of media exposure in the last few years, but has been around for nearly 100 years. Specifically, it is a pin tumbler lock picking technique using a special bump key. Not that there is a universal bump key that can open all locks. Rather the bump key must correspond to the lock in question. Ollam shows that if one has such a key, many of these locks can quickly be compromised.

The book closes with an appendix that provides a list to the types of tools and toolkits necessary to pick locks.

After completing Practical Lock Picking, one should check out Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks, which is a great follow-on reference.

The main difference between the two is that the latter provides a lot of details on impressioning, which is a covert technique to create a usable key for a lock without picking the lock or taking it apart, in addition to some other types of more sophisticated attacks.

Chapter 2 of the book is on soft medium attacks and is particularly fascinating. Ollam writes of mold-and-cast attacks, which is a technique of opening a lock by covertly copying a legitimate key by making a cast of it in a soft material, then using it to imprint and fabricate a working key. Such a technique was used in real-life and detailed in the 1979 movie The First Great Train Robbery. Ollam writes how the movie was very true to the methods and technology available at that time, when the train robbery occurred in the 1850's.

The chapter walks the reader through the Quick-Key duplication kit method, in which most common key forms can be replicated with the kits molding and casting forms. The kit Ollam references is for the serious student of the craft, as it costs over $700- and can only be purchased from a firm in Germany.

Chapter 3 on master-keyed systems is particularly interesting as Ollam shows how a master key privilege escalation attack can often be easily done. Master-key systems make the logistics of granting access easier. But with that ease of use, comes the potential for abuse, as that single key will now have global access to the physical site.

Ollam writes that dedicated attackers who have the ability to spend a bit of time will often have the ability to compromise the code for the top master key (the one with the most access privileges) in nearly all master-keyed systems, even with only a small amount of preliminary information and a small number of blank keys.

In the same way that passwords often provide very little network security, Keys to the Kingdom shows that much of the security provided by physical locks is an illusion, given the ease at which these keys can be manipulated and copied.

Practical Lock Picking, Second Edition: A Physical Penetration Testers Training Guide is a great introduction to the topic of lock picking, while Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks takes that base knowledge and builds upon.

For those who perform physical penetration testing, these two books will prove to be invaluable. For those that simply want to understand what their locks are and aren't doing, they will find these to be a fascinating read.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Practical Lock Picking, Second Edition: A Physical Penetration Testers Training Guide and Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

123 comments

  1. Wait a Second by Anonymous Coward · · Score: 1

    This isn't published by Packt... I've been had!

    1. Re:Wait a Second by TwezerFace · · Score: 1

      Dark Star!

  2. Some sacred questions by Anonymous Coward · · Score: 0

    you stroke my locks

  3. Locks by Anonymous Coward · · Score: 0

    Are really there to keep honest people honest.

    1. Re:Locks by Dins · · Score: 2

      That or to keep out drunk people and kids. My wife and I always lock all of our doors every night. We both realize those locks would never keep a professional out, but they will keep out drunk people who think they are home when they aren't, and kids playing games for the most part.

    2. Re:Locks by Culture20 · · Score: 1

      "Why won't my key work? I. I have to get inside. It's raining out here. I'll just throw a rock through my window and fix it in the morning." When you drive a friend home; make sure to give him is keys back, or he will smash his own window. Bonus points for driving him to the right house.

    3. Re:Locks by knarfling · · Score: 5, Interesting

      My dad was a locksmith, so I learned a bit here and there about lock-picking as well as physical security.

      It was best expressed to me this way. Most people believe that locks are meant to prevent access. This is incorrect. Locks are there to allow access. After, all, if you want to prevent access, build a wall, not a door with a lock. The lock is there to limit access. Ideally, a standard lock limits access to those people with a key or with knowledge of the combination. But a simple lock only prevents access to honest people or to those without the time or desire to enter. (These days, that is a very small segment of the popluation.) With each group of people that you wish to keep out, the cost of security goes up. Reinforced doors, sturdier frames, multiple locks, higher quality locks, combinations of different types of locks, electronic keys and biometrics are all steps to preventing different groups of people from entering. With each level of security, there is an increased cost, and, with most levels, and increased inconvenience to those who have permission to enter.

      I am sure that most people here know the questions to ask when determining computer security, and the same questions apply to physical security. It comes down to How can someone gain access?, and What am I willing to spend to prevent it?

      I think it is good that these books are published, because many people are clueless about physical security. "Put an expensive lock on it. We should be okay." I was surprised to learn how much of my prossesions I kept, simply because it wasn't worth someone's time or effort to steal it.

      --
      Great civilizations have lived and died on false theories. Don't mess up mine with a few facts.
    4. Re:Locks by AvitarX · · Score: 2

      Of course Windows are generally a quicker way to get access, and breaking them is pretty quick.

      There are very few professional thieves, and the ones there are don't generally use the door.

      If you can prevent someone that is going door to door looking for an open one, you've blocked the vast majoraty, after that, if you don't have much more than the next schmo, you're pretty safe.

      --
      Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
    5. Re:Locks by knarfling · · Score: 3, Informative

      Windows in buildings actually follow the same principle. (Computer Windows is a completely different topic not addressed in these posts.) Windows are built to allow access as well. The primary access for windows is light. Either sunlight to warm or provide illumination, or for vision of what is on the other side.

      To secure windows, you either need to limit how much light is allowed, such as making the window only 6 inches square, or placing barriers on either side of the window to make it more difficult for things other than light to enter. Such barriers coud include signs to discourage, hedges, bars, dogs (on either side), traps, moats, and/or landmines. (Some of those options may have questionable legal issues depending on where your building is.)

      As with doors, the questions remain, is the stuff inside worth someone's time or effort to get in, and how much am I willing to spend to prevent access. The books dealt specifically with raising awareness about locks, so I concentrated on that aspect. But, if the stuff inside is sufficiently valuable, whole perimeter security needs to be addressed. Is tunnelling a viable option? What about vents? Even if the vent or window is too small for a person to enter, can something be put inside that will compromise the security from the inside?

      --
      Great civilizations have lived and died on false theories. Don't mess up mine with a few facts.
    6. Re:Locks by AvitarX · · Score: 1

      Yes, the not having value is what I do for security...

      --
      Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
    7. Re:Locks by flyneye · · Score: 1

      I'm guessing Mr.Deviant doesn't cover the alarm triggered when my locked door is opened, whether I or someone else do it.
      I'm absolutely sure he doesn't cover what to do in the case that you hear a gun cock and feel a .45 caliber muzzle coldly resting on your occipital.
      For everything after that, I suppose there is the Bible or other sundry books dealing with those sort of details.
      Perhaps his second edition........

      --
      *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
    8. Re:Locks by Anonymous Coward · · Score: 0

      >>>I think it is good that these books are published, because many people are clueless about physical security.

      Agree with you.

      But locksmiths often get bent out of shape when books like this are written.

    9. Re:Locks by Anonymous Coward · · Score: 0

      Is this ever the truth. Locks have kept me out of my house several times after some excessive nights at the bar.

      And no, the keys weren't the only thing I couldn't get into the slot.

    10. Re:Locks by Anonymous Coward · · Score: 0

      "These days, that is a very small segment of the popluation." What?

    11. Re:Locks by neonsignal · · Score: 2

      And of course you need to consider other risks, not just theft. If the place catches fire, you may not be able to get out of the window.

    12. Re:Locks by TwezerFace · · Score: 1

      Windows are in the operating system :)

    13. Re:Locks by tehcyder · · Score: 2

      But a simple lock only prevents access to honest people or to those without the time or desire to enter. (These days, that is a very small segment of the popluation.)

      That is paranoid bullshit. The vast majority of people are not criminals or psychopaths and will respect other people and their property quite happily.

      --
      To have a right to do a thing is not at all the same as to be right in doing it
    14. Re:Locks by Anonymous Coward · · Score: 0

      Yes - but you're focusing on the wrong subset. It's the other 20% that you have to watch out for.

  4. I don't know... by omnichad · · Score: 4, Funny

    How secure it in?

  5. slightly overegging it by MagdJTK · · Score: 4, Insightful

    "insecure physical locks will do little to keep the bad guys out"

    I think this is unfair. The lock on my front door has a 100% record of keeping bad guys out. That's because it's intended to deter casual thieves, not secret agents. Knowing what your security is protecting against and choosing the right level is important. And I could buy the best lock in the world and someone could just smash a window...

    1. Re:slightly overegging it by localman57 · · Score: 3, Insightful

      Lisa, I'd like to buy your rock.

    2. Re:slightly overegging it by Joehonkie · · Score: 2

      Sadly, most most locks are easily opened by "bumping," (http://en.wikipedia.org/wiki/Lock_bumping) which is something any casual thief can do, and which is discussed in one of the books. I wish it got more time in the review.

    3. Re:slightly overegging it by TwezerFace · · Score: 1

      One of the books is about bumping...no?

    4. Re:slightly overegging it by localman57 · · Score: 3, Informative

      The lock on my front door has a 100% record of keeping bad guys out.

      You don't know that, unless you've caught someone trying to get in. It's possible that the denominator of that percentage is zero. Maybe nobody ever tried to get in. In that case, we don't know that your locked door is any more effective than an unlocked door, a door with a fake lock painted on the front, a door with no lock at all...

    5. Re:slightly overegging it by Paracelcus · · Score: 3, Insightful

      If you live in a condo complex/apartment building it's more than likely that the doorway to your unit/apartment is in a common (publicly accessible) hallway with Sheetrock walls that can be easily breached with a fist! Why have a heavy door with a Medico lock in a shitty wall? or between sidelights (flanking glass panels)? or an iron gate in front with ground level glass windows on the sides/sliding glass doors in back?

      Why have a pick proof padlock when a cordless 4" angle grinder with a carbide cut off wheel can go through a boron shackle in seconds?

      --
      I killed da wabbit -Elmer Fudd
    6. Re:slightly overegging it by Anonymous Coward · · Score: 1

      Unless you have a heavy steel door and frame, the lock is nothing more than decoration. A high dollar Medeco cylinder is pointless in a door you can open with a well placed kick :/

      If the door is deemed secure, they'll simply smash the window.

      Don't get me wrong, knowing how to pick a lock is useful in the right situations, but they are rare. Most of your common thugs aren't this sophisticated and they'll just brute force the door.

    7. Re:slightly overegging it by localman57 · · Score: 1

      Why have a heavy door with a Medico lock in a shitty wall? ...Why have a pick proof padlock when a cordless 4" angle grinder with a carbide cut off wheel can go through a boron shackle in seconds?

      Because it makes them feel safer, which in turn makes them happier. If your point is that they're equally likely to be compromised regardless, but they feel happier for the X number of months or years before it actually happens, then it still may be money well spent...

    8. Re:slightly overegging it by TwezerFace · · Score: 1

      Precisely. that is the notion of 'security theatre' Where u have the 'feeling' of security, but no real security.

    9. Re:slightly overegging it by mlts · · Score: 4, Insightful

      The same reason I use pick-resistant padlocks on storages: Someone getting the lock off will leave a signature.

      Yes, the angle grinder will knock a boron shackle off in seconds flat, there will be some sort of proof of forced entry, either because the lock is missing, or the fact that there are obvious cuts on the wall. When placing a claim with an insurance company, it is a LOT easier to get them to play when there are obvious signs that someone forced their way in, as opposed to a picked/bumped lock which in some cases gives zero signes of entry.

      Insurance companies are a lot more likely to pay when the adjuster comes by and sees chainsaw marks on a wall, as opposed to no signs of any forced entry whatsoever.

      Then, there is the criminal aspect. If a thief picks a lock and enters... they may score a trespass charge, but no B&E. Forcing their way in, that is a definite felony, assuming they ever get caught.

      So, I'll keep my high security locks. Yes, they are by-passable, but they give protection in another arena, the legal one.

    10. Re:slightly overegging it by Anonymous Coward · · Score: 0

      Angle grinders are loud. Forcing a would-be thief to use power tools (even if only for 10 seconds) is like having an alarm that only goes off when someone is trying to break in, and never in a thunderstorm or when some asshat with no mufflers on his motorcycle goes by.

    11. Re:slightly overegging it by gknoy · · Score: 1

      That is the best reason I've ever read for having nice-resistant locks when the rest of the house isn't completely secured: Don't make it hard to get in, make it hard to get in without leaving evidence of a break-in. Thanks!

    12. Re:slightly overegging it by MartinSchou · · Score: 1

      If you live in a condo complex/apartment building it's more than likely that the doorway to your unit/apartment is in a common (publicly accessible) hallway with Sheetrock walls that can be easily breached with a fist!

      That has to be a US thing. Right?

      I would pay good money to see someone try to break through the walls in any of the apartment buildings I've lived in in Denmark and Sweden.

      I think the thinnest outer wall I've seen was at least 15 cm concrete.

    13. Re:slightly overegging it by Anonymous Coward · · Score: 0

      Why have a heavy door with a Medico lock in a shitty wall?

      It should be noted that Medeco locks have also been shown to be shitty (at least until semi-recently):

      http://en.wikipedia.org/wiki/Medeco#Cracking
      http://medecoproblems.com/fixes

      I think the general consensus is that Abloy's Protec (non-CLIQ) is the only system that doesn't have any publicly known, non-destructive attacks against them.

      On a side note, both Medeco and Abloy share the same parent company. AFAICT, there isn't actually a lot of variety of companies out there, and the majority of manufacturers are owned by one groups. (Kind of like the sun/glasses industry and Luxottica.)

    14. Re:slightly overegging it by Anonymous Coward · · Score: 0

      Because it keeps the insurance rates down.

    15. Re:slightly overegging it by Anonymous Coward · · Score: 0

      It's a North American thing. New construction here is uniformly shoddy and of truly pitiful materials.

    16. Re:slightly overegging it by Anonymous Coward · · Score: 0

      You must be an actuary.. :)

    17. Re:slightly overegging it by azalin · · Score: 1

      You might want to try one of these: http://www.sunbeltrentals.com/equipment/equipment.aspx?itemid=0200120&catid=s512

    18. Re:slightly overegging it by MartinSchou · · Score: 1

      I never said you can't get through the walls. They aren't built out of a rare combination of unobtanium and thatllbehandium.

      I said I'd love to see someone try to punch through a typical Danish or Swedish wall.

    19. Re:slightly overegging it by tehcyder · · Score: 1

      Precisely. that is the notion of 'security theatre' Where u have the 'feeling' of security, but no real security.

      No, that's simply not true. The reason you have a feeling of security is because as a normal person you actually are pretty secure in most civilised countries.

      You're not going to be secure against a Navy SEAL team landing in helicopters, blowing your roof off and shooting you dead when you try to resist, but that really doesn't matter if you're not a terrorist or major criminal.

      --
      To have a right to do a thing is not at all the same as to be right in doing it
    20. Re:slightly overegging it by tehcyder · · Score: 1
      Yeah, because a massive great fucking chainsaw is standard burglar equipment.

      In other news, burglars armed with enough plastic explosive can probably blow your whole apartment complex up.

      --
      To have a right to do a thing is not at all the same as to be right in doing it
    21. Re:slightly overegging it by TwezerFace · · Score: 1

      ok... i hear ya

    22. Re:slightly overegging it by GLMDesigns · · Score: 1

      Sheetrock is not shoddy. In NYC the main reason for using metal framing and 5/8" sheetrock on corridor walls is for fire safety. NYC requires a 2 hour safety window. Yes. A thief can kick in through the walls and enter your apartment. It's easy to get through cinderblock too. Put up a construction sign; put up plastic sheathing to "keep the dust contained," and 5 minutes later you're taking a drink, relaxing in the apartment.

      --
      If you're scared of your govt then you need to further restrict its powers
      Vote 3rd Party in 2016 and beyond
    23. Re:slightly overegging it by Anonymous Coward · · Score: 0

      The lock on my front door has a 100% record of keeping bad guys out

      Pffft... btw, start buying milk again or else.

    24. Re:slightly overegging it by Paracelcus · · Score: 1

      "doesn't matter if you're not a terrorist or major criminal"

      And, of course, nobody's ever been shot dead in their own home by out of control cops, in full body armor "by mistake" or "he/she made a threatening movement", buck naked at home /wrong address, elderly/crippled/blind, in the back, holding a vegetable peeler/crutch/golf club, 4" serrated butter knife?

      The ONLY thing that can guarantee you safety is to give $100,000+ to your congress person/senator and to live in a RICH neighborhood!

      --
      I killed da wabbit -Elmer Fudd
  6. Locks are just one layer by crazyjj · · Score: 3, Insightful

    Any place with any real security is going to have a LOT more than just key locks in place. It's the same layered security stuff that applies to network security. The userid/password is just ONE PART of the security. If someone isn't watching for abnormal behavior on the network too, you're already asking for trouble.

    --
    What political party do you join when you don't like Bible-thumpers *or* hippies?
    1. Re:Locks are just one layer by Anonymous Coward · · Score: 0

      However they are the first step, and if breached, enables the attacker to get a foothold. That alone can be more dangerous than anything. Once they get past a physical deterrent, they have more room to operate, probe and experiment to see where to hit next.

    2. Re:Locks are just one layer by localman57 · · Score: 3, Insightful

      This.

      Along with this is the question of whether you think of society in terms of wolves or sheep. Ask someone if it's a good idea to put your name and address on your keys. People who see society as sheep will say yes, so that your keys can be returned if you lose them. People who see wolves will understand that now the bad guys have not only your key, but the address of the house it goes to.

      I had a discussion with someone at my office about this with regard to their car. He had no problem leaving his keys in the ignition because it was a piece of shit car, and our small town is relatively sparcely populated with criminals. He didn't care if his car got stolen. I told him if i were a criminal, I'd leave his piece of shit car, and take his keys and the address from the registration in the glove compartment. Then i'd watch his house till he left for work the next day, and go in and help myself to whatever I wanted. He stopped leaving his keys in the car...

    3. Re:Locks are just one layer by greg1104 · · Score: 1

      How does the victim here leave for work the next day if a thief has taken their keys? Even the biggest sheep should realize that when their keys have been stolen, they might need to change their locks at home.

      The right scary story here is that a thief finds your car unlocked, gets your home address (which is possible just from your tag), and immediately drives it to your house to loot it. Once that's done, they return the car to your office parking lot. Now there's not even a getaway vehicle required in the crime! Your own car will be used against you. It solves all sorts of issues. If the neighbors notice someone looting the house, the thief can tell them "I'm helping my buddy move some things, that's why he loaned me his car".

    4. Re:Locks are just one layer by tlhIngan · · Score: 1

      How does the victim here leave for work the next day if a thief has taken their keys? Even the biggest sheep should realize that when their keys have been stolen, they might need to change their locks at home.

      The right scary story here is that a thief finds your car unlocked, gets your home address (which is possible just from your tag), and immediately drives it to your house to loot it. Once that's done, they return the car to your office parking lot. Now there's not even a getaway vehicle required in the crime! Your own car will be used against you. It solves all sorts of issues. If the neighbors notice someone looting the house, the thief can tell them "I'm helping my buddy move some things, that's why he loaned me his car".

      Or said theif doesn't steal keys, but merely borrows them unknowingly. So copy of key, plus address from registration (or portable GPS - I bet 99% of them have an addressbook entry named "Home", and 99% of those contain the real address!).

      The latter scenario is possible too if the thief spends the time to monitor your activities to see how much time he has to drive, loot your place, and drive back (assuming they can find parking, too...).

      House tip: Put about $100 in the kitchen drawer, and keep the rest of the cash in a more secure location. A thief going through your stuff will most likely find that $100 and move on. A thief who doesn't may get pissed and trash your place "just because" you made it more difficult for him and waste his time. In the latter case, he's not walking out with much, but he's making sure you're not going to have an easy time cleaning up, either. Better they get $100 in drug money than get angry and do $10,000 in willful damaes.

  7. The real problem by Anonymous Coward · · Score: 0

    The real problem is that it takes time to pick a lock and criminals don't like taking the chance of being seen stooped over looking a lock. They are really easy to pick, however. I taught myself how to pick locks while working one summer for a builders hardware company.

    1. Re:The real problem by foma84 · · Score: 0

      The real problem is private property.

    2. Re:The real problem by TwezerFace · · Score: 1

      You advocating communism?

    3. Re:The real problem by xclr8r · · Score: 2

      The real problem is that it takes time to pick a lock and criminals don't like taking the chance of being seen stooped over looking a lock. They are really easy to pick, however. I taught myself how to pick locks while working one summer for a builders hardware company.

      AC speaks the truth. I was burglarized last year. The door was picked by force (kicked open). Picking locks as described in this book is for those that don't want people to know someone has been in your private spaces.

      --
      Beware of those who profit off the docile and persecute the unbelievers.
    4. Re:The real problem by Anonymous Coward · · Score: 0

      It depends on the lock. Most houses in the US use a 5 pin tumbler mechanism, which is easy prey to any lockpicker of a decent skill level. Next step up are the inexpensive Kwikset Smartkey locks... except those tend to have issues where even the correct key may not work (which is why Schlage abandoned their competing design.) The Smartkey locks are actually decently pick resistant. Best compromise is to buy their "Key Control" deadbolt, so if one cylinder stops working, flip to the second one until you can replace the lock.

      From that, you have high security locks, such as Mul-T-Lock, Medeco, etc. As far as I know, if one wants pick resistance, the king is still the Abloy Protec, which last time I've heard, takes several hours for even the locksport types.

      Of course, with security, you go in layers, such as an alarm system and/or a dog. The trick is not to give an intruder enough time to pick a lock, so they either have to force it open, or know some trick like bumping or magnet spinning in order to release a solenoid fast.

      If wise, you don't just secure the edge doors/windows, you have reinforced interior doors that have stout locks on them. This way, an intruder won't just have to kick down one door, but would have to cut through a hall door, then figure out which bedroom to open next... and this gives plenty of time for the occupant to hear the noise/alarm, and get ready.

    5. Re:The real problem by khallow · · Score: 1

      Nah, the real problem is that it's work to take your stuff. I don't mind you owning stuff, I just mind not having your stuff right when I want it.

      Stooge: "Here is foma84's kid's bike. You know, the one you'll want in five seconds."
      Me: "Did you give that brat a wedgie?"
      Stooge: "Of course"
      Me: "Ok. I don't want it anymore. How about ten learjets? All painted with the appropriate 'Hello Kitty' markings."
      Stooge: "Right away, sir!"

      All the problems I want solved are solved.

    6. Re:The real problem by Anonymous Coward · · Score: 0

      Nah, the real problem is that it's work to take your stuff.

      Not really a problem. Just demand security from the government and they will tax all your stuff away.

    7. Re:The real problem by Anonymous Coward · · Score: 0

      get ready

      to aim and pull the trigger on the .45 from the bedside table as you dial 911 and tell them you are about to shoot an intruder.

    8. Re:The real problem by Jeng · · Score: 1

      Private Property = resources that are dedicated to an individual.

      If your economic model does not allow dedicated resources then it will fail.

      --
      Don't know something? Look it up. Still don't know? Then ask.
    9. Re:The real problem by Anonymous Coward · · Score: 1

      Oh my God! Son, I'm so sorry! I thought you were somebody else!

    10. Re:The real problem by Anonymous Coward · · Score: 1

      Picking locks as described in this book is for those that don't want people to know someone has been in your private spaces.

      Or for when you don't want to have to fix your own door frame. For example, I had a deadbolt lock fail on an outside closet. I couldn't pick it, because it had jammed, but I knew the exact location of the screws holding it on. I went inside, grabbed a cordless drill and the right bit, walked outside to the door and drilled it out in less than 30 seconds. It was scary how fast it was. I still use those locks, because there are two kinds of thieves. The clueless idiots and the unstoppable pros. My security is aimed entirely at the first and I use kick plates.

    11. Re:The real problem by foma84 · · Score: 2

      Can't argue with that, mate, I do agree that my toothbrush should be allocated to me only.
      It's the way the resources are allocated that puzzles me.

    12. Re:The real problem by Jeng · · Score: 1

      It's the way the resources are allocated that puzzles me.

      It's a constantly changing process and it is a process that in general is getting better. Greed though is an ever present problem.

      --
      Don't know something? Look it up. Still don't know? Then ask.
    13. Re:The real problem by Anonymous Coward · · Score: 0

      Did you read the narrative? The intruder broke down two locked doors on the way into the bedroom.... If son acts stupidly when you don't know he's going to arrive, doesn't knock but breaks though two doors on his way to your bedroom where he knows you sleep with a gun, you raised an idiot. Best you shoot him and remove him from the gene pool anyway, in fact, you might want to reload and get rid of all the kids....

    14. Re:The real problem by tehcyder · · Score: 1

      You advocating communism?

      For all important things, why not?

      --
      To have a right to do a thing is not at all the same as to be right in doing it
    15. Re:The real problem by tehcyder · · Score: 1

      It's the way the resources are allocated that puzzles me.

      It's a constantly changing process and it is a process that in general is getting better. Greed though is an ever present problem.

      It used to be getting better, but for the last thirty years or so the vested power interests have been doing a pretty good job of reversing that progress.

      --
      To have a right to do a thing is not at all the same as to be right in doing it
    16. Re:The real problem by tehcyder · · Score: 1

      Private Property = resources that are dedicated to an individual.

      If your economic model does not allow dedicated resources then it will fail.

      It is not necessarily a pure black and white (free market versus communism) issue.

      I have to have shelter, clothing, food and water to live. It's irrelevant to me whether I "own" these things or get given them as part of a communal share out. If I want a luxury hand made silk suit instead of the standard cotton overalls, or a Ferrari instead of a bicycle, that's a question of how non-essential resources are allocated. There just doesn't seem any reason why a few very rich people should have the choice of anything/everything they want.

      --
      To have a right to do a thing is not at all the same as to be right in doing it
    17. Re:The real problem by Jeng · · Score: 1

      You have a job you likely do for a living, and most likely that job requires tools, if anyone can come and take your tools from you will no longer be able to do your job.

      Fuck the rich, I'm talking basic getting shit done. If you cannot allocate resources to an issue, that issue will not be resolved. If anyone can take anything at any time then nothing will get done and everyone will starve.

      --
      Don't know something? Look it up. Still don't know? Then ask.
    18. Re:The real problem by TwezerFace · · Score: 1

      Because communism was an utter failure that collapsed on itself.

  8. American construction... by The+Grim+Reefer · · Score: 1

    I live in America and our constructions standards for homes is pretty abysmal. Frankly to the point that I don't see how even the best lock in going to keep someone out. The door frames are sadly weak and one good kick will open the front door on most homes. If you do get a security door/frame, the walls themselves are rather weak too. Many homes are 2x4 studs that are covered by drywall on the inside and in many cases foam board insulation covered by vinyl siding on the outside. You could probably cut through a wall with a utility knife with little noise in ten minutes. Better built homes will have layer of chip board too. Not that it would slow a determined person down much.

    1. Re:American construction... by TwezerFace · · Score: 1

      how would you advocate 'secure' homes be built?

    2. Re:American construction... by Anonymous Coward · · Score: 0

      Masonry constructed walls, steel doors, bulletproof windows with bars.

    3. Re:American construction... by The+Grim+Reefer · · Score: 1

      how would you advocate 'secure' homes be built?

      Do you mean an actual secure building? Or something reasonably better than Styrofoam?

    4. Re:American construction... by TwezerFace · · Score: 1

      Something reasonably better than Styrofoam. I am talking about a residence.

    5. Re:American construction... by The+Grim+Reefer · · Score: 1

      Actual brick or stone would be a huge improvement. If you live in a earthquake prone area, or just don't want brick, then using roofing plywood over the insulation would at least require something more than a utility knife to get through. Obviously steel security door/frames. You can get security shutters for your windows if you don't want bars. It really depends on how much you want to spend or how far you want to go. You can have steel security mesh in the walls, bars on the windows, varying degrees of bulletproof glass.

      Probably some of the cheapest physical security measures are to keep bushes and plants trimmed so there is no where to hide while breaking in. Also eliminating dark areas with motion detector activated flood lights.

    6. Re:American construction... by couchslug · · Score: 1

      Reinforced concrete with steel door and window frames, bonus being much longer structure life, fire and storm and termite resistance, and good thermal mass.

      If someone really wants in, they can carry a backpack oxy-acetylene torch and breach the metal bits quietly and fairly quickly, but might trigger a fire alarm if the structure is so equipped.

      --
      "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
    7. Re:American construction... by TwezerFace · · Score: 1

      good points. thank you!

    8. Re:American construction... by godel_56 · · Score: 1

      Probably some of the cheapest physical security measures are to keep bushes and plants trimmed so there is no where to hide while breaking in. Also eliminating dark areas with motion detector activated flood lights.

      . . . and gravel pathways leading up to and around the house so that they go crunch, crunch when someone walks on them.

    9. Re:American construction... by Larryish · · Score: 1

      This.

      From outside to inside:

      vinyl siding
      1/2 inch foam insulation
      1/2 inch OSB sheathing
      2x4 or occasionally 2x6 studs spaced 16 inches or 24 inches apart
      1/2 inch sheetrock

      Anyone could enter a typical USA-ian suburban house in about 60 seconds with a cordless sawzall.

    10. Re:American construction... by Larryish · · Score: 1

      Don't forget to plant some big holly bushes under all your first-floor windows.

      Preferably the kind with really pointy leaves, the sort of thing that your gardener absolutely hates.

    11. Re:American construction... by tehcyder · · Score: 1

      And a moat. Filled with sharks. Burglars fucking hate shark-filled moats.

      --
      To have a right to do a thing is not at all the same as to be right in doing it
    12. Re:American construction... by Anonymous Coward · · Score: 0

      Like is required in Europe, a house being designed to stand 100 years. Yes, this may mean the structure gets built out of cinderblocks, but it won't need to be razed and the foundation re-poured like most US houses do.

      In general, any US home made after WWII, especially in the past 10-20 years tends to be barely able to stand up in the first place.

      Of course, cities requiring large windows as part of code (so SWAT teams have easy access to crash their way in) don't help either.

  9. It is not what you think... by bobbied · · Score: 1

    That lock on my door was for *your* protection not mine.

    Say hello to Mr. 9 mm who IS here for my protection.

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    1. Re:It is not what you think... by bobbied · · Score: 1

      Yea, but that .45 is sure lumpy under the pillow... Seriously, modern thugs are going to run like rats when shot at during a break in attempt, even if they have an RPG. If they are jumpy enough to fire first, it doesn't matter what you have in your hand if they hit you. Shoot first (even into the air) and they are going to leave post haste. The only exception to that is if they actually know who you are and they intend to do you harm in the first place, but those situations usually involve driving by and firing out the window towards your house.

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    2. Re:It is not what you think... by MaerD · · Score: 1

      Only if you live in a state with decent castle doctrine :) Otherwise, Mr. 9mm is just going to get you in trouble...

      --
      I put on my robe and wizard hat..
    3. Re:It is not what you think... by bobbied · · Score: 1

      If I have intruders in the house, I'm already in trouble, 9mm in hand or not. I don't care where I am, I'd rather be armed with something more than my skivvies and a pillow if somebody is kicking down the bedroom door in the middle of the night. But the goal is to convince them it's time to leave and a 9 mm will sure help with that.

      In my state you can pretty much shoot intruders in your house with impunity. Most DA's are not going to prosecute you for shooting an armed intruder in your house even in the most liberal of areas (authorized authorities with a valid warrant excepted of course).

      You are right about Mr 9 mm being small potatoes. A short 12 Gauge shotgun would be more effective at close range plus it makes a lot more noise when you chamber a shell or pull the trigger. It's just hard to sleep with it under the pillow.

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    4. Re:It is not what you think... by Anonymous Coward · · Score: 1

      Different AC here:

      You are 100% right about the thugs running off like rats. I've had two break-in attempts in the past few weeks, and the universal rick-rack of a pump 12 gauge gets them going like vermin.

      However, there are those that are looking to get their soldier rank. I know in my neck of the woods, this means a home invasion or two so they earn their "blood in".

      As for choice of weapons, from what I know secondhand, the gangbangers use 9mms because they are cheap and they are deadly. However, their preference tends to be .40 caliber, as because the rounds a middle ground of fitting a lot to a magazine and having one-shot stopping power. .50 caliber weapons tend to be for posturing. They don't have that many rounds, the rounds are expensive, and the firearm isn't really that hidable when the popo comes by... Jack Crackhead isn't going to be spending his cash on a S&W .500 when something smaller like a .38 is good enough to stick in a pocket. Oh, and those .50s are punishing on your hands.

      The thing to remember: Use the firearm you can handle easily. If it is a .25, that is better than nothing. Better a hit with that than a miss with a .50 cal. If a 9mm works, go for it.

      Interesting semi-fact is that a .22 LR (and its friend the .223) have killed more people than any other calibers. (Yes, this is debatable, but mostly true.) I'd personally prefer at least a .38, but in some situations, any caliber is better than none at all.

      All I ask... if you pack it, practice with it and know how to clean it. There are too many firearm accidents as it is.

      PS: Interesting to see a gun thread on /. that has not devolved into pure keyboard warrior-ism.

  10. Passwords by Archangel+Michael · · Score: 2

    "average person can't create and maintain secure passwords."

    This is utterly false. The average, even Dumb people CAN create and maintain secure passwords. The problem is, that what was once considered "secure" is 1) hard to remember meaningless letters, numbers and symbols (some of which can't be used on some systems), and 2) limited to 8 characters, and 3) easy for computers to crack using brute force.

    If we changed short hard to remember passwords with longer easier to remember passwords, they become much harder to brute force.

    Pa55W0rD! Hard to remember (did I use a o or O or 0)? was it d or D?), easy for computer
    RockylovesEmily3Ninjas (22 characters) is much easier to remember, and nearly impossible to brute force crack using today's technology.

    Your average person can easily think of a phrase that has meaning to them, that is long, secure and hard to crack, IF they are taught how to, and IF the systems allowed really long passwords. Changing how we think of passwords is key.

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    1. Re:Passwords by TwezerFace · · Score: 1

      Maybe if you work in an office of 30 year old tech people. Trying supporting a remote office in the backwoods of Tennessee where the users don't understand technology. They CAN'T create and maintain secure passwords.

    2. Re:Passwords by Anonymous Coward · · Score: 0

      Relevant xkcd

      http://xkcd.com/936/

    3. Re:Passwords by Archangel+Michael · · Score: 2

      In Backwoods Tennessee, Log on = More wood on the fire. Log off = fire too hot. I see your point ;)

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    4. Re:Passwords by TwezerFace · · Score: 1

      Thanks. This is not a trivial point. Many people in the tech world work in pristine offices with state of the art software/hardware. I have had to support remote offices recently where the people worked on Intel 486 computers running Windows 95. They had zero budgets for training, let alone security awareness. Strong security to them means Smith & Wesson. I would guess that the notion of strong passwords is a strange concept to at least 50% of the users out there.

    5. Re:Passwords by TwezerFace · · Score: 1

      love it! thanks! says it all.

    6. Re:Passwords by Archangel+Michael · · Score: 1

      486s in remote offices? How did you support that. Almost nothing today will function properly on 486 (lemme guss, 256 MB ram, 12" CRT), and If I had to support it, it would be cheaper to replace the unit than send ANY tech out to fix anything wrong with it. Basically, I call BS.

      And I can do password strength training in about 5 minutes. I explain it two ways, how to secure a password and make it easy to remember (see above) and asking them to hand me their ATM card and Pin, "trust me". The last one gets the point across nicely. Don't give out your password, not even to the "trust me" guy.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    7. Re:Passwords by TwezerFace · · Score: 1

      No longer at that firm. but all their systems were old, all their software was old.... it was like being in a time warp. but my point is that a good part of this country, and all of the third-world, is running on old archaic systems.

    8. Re:Passwords by mlts · · Score: 1

      I can see 486 machines (I'm guessing 4-16 MB of RAM) still being used in embedded controllers because ripping them out and replacing them with modern equipment would screw up the machinery and software timing. MS-DOS isn't pretty, but it can be used as a platform for realtime operations even though the OS isn't technically realtime.

      I can't judge, as I don't know the situation. I've been in situations where I've scoffed at older machines in use, then found that because of a certain embedded task, there was no way to replace them.

      However, if they are "just" being used as workstations, might as well P2V the desktops, replace the 486 machines with machines that have a RAID card and two drives (to minimize the chance of drive failure outages), and let the users boot to their VMs. One also can add another disk or two with use with wbadmin for backups, as well as automatic snapshots of the VM.

    9. Re:Passwords by TwezerFace · · Score: 1

      Similarly...funny that so many people in the US wait in line for a new iPhone, Wii or similar. Most other countries, they are lucky to have a working computer. Heck, they are happy that the power is up. that is why so many people who get scammed are elderly and non-tech, since they are so out of date.

    10. Re:Passwords by Anonymous Coward · · Score: 0

      "Correct Horse Battery Staple" in 3...2...1...

    11. Re:Passwords by Larryish · · Score: 1

      I have 8 machines on the network at home.

      7 of them are Pentium 4 or less.

      1 is a 64-bit Athlon from 6 years ago.

      They mostly run Linux, and the only thing they don't do is MKV.

    12. Re:Passwords by TwezerFace · · Score: 1

      You must be a rich white guy :) Most of the world is not like that...

    13. Re:Passwords by Archangel+Michael · · Score: 1

      So, basically, you're wasting energy. I'm not impressed.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    14. Re:Passwords by Larryish · · Score: 1

      I did not buy those machines new. :) The only one that was bought new is the 6 years old dual-core. My wife bought it for her work before we married.

      The desktop machines are Franken-boxes made from non-functioning units that I either bought at secondhand shops and yard sales or found on the side of the road on trash day and dumpster diving behind computer stores.

      The laptops are bought non-working from eBay, and then repaired with used parts as needed.

      They are connected with an old 3com 10/100 hub that I got for $10 from a thrift store. 2 of the 12 ports don't work. But the other 10 ports work fine. :D

      Only one of those machines runs Windows on the bare metal.

      The down side is that it takes a long time to put together the machines.

      The upside is that I have some fun toys that I got for cheap, and there is now a big pile of non-working machines in the garage so finding parts is sometimes just a matter of pawing through the boneyard.

      Note:
      I did not put together this network of machines by being rich and white. I put it together by being persistent and motivated and taking advantage of the opportunities that came to hand.

      Also a lot of dumpster diving.

    15. Re:Passwords by TwezerFace · · Score: 1

      >>>I put it together by being persistent and motivated and taking advantage of the opportunities that came to hand. More power to you. But other companies are not going to do the same. eBay may not bee seen as a resource.

    16. Re:Passwords by Larryish · · Score: 1

      Have you ever noticed the tendency of some people to complain about what they do not have, or whine about what they can not do?
      - Those people flip burgers and wash cars (if they are lucky).

      Have you ever noticed the tendency of other people to appreciate what what they DO have, and make the most of what they CAN do?
      - Those people rise to the top of their respective heaps.

      Any time you hear someone complaining about how a general race or class (possibly rich and white, as in the example you gave) is preventing them from doing this or that, you will know that you are talking to a whiner.

      Those sort of people are made of FAIL and should be avoided at all costs. Not only do they keep themselves down, but they will drag those around them down into the same shit hole.

    17. Re:Passwords by TwezerFace · · Score: 1

      very true, but does that change anything?

    18. Re:Passwords by TwezerFace · · Score: 1

      ::::Also a lot of dumpster diving. most people won't due that. most wont use ebay for low prices... that means lot of old insecure machines.

  11. Layered security by DaveAtFraud · · Score: 1

    I live in Colorado. A few years back the state legislature passed what has become know as the "Make my day law." Without going into the legal specifics, anyone who enters your home without your permission can be legally shot (or taken out with any other weapon of choice). This includes someone wandering in through an unlocked door let alone picking a lock to enter through a locked door.

    Security layers:

    1) Door lock (keeps honest people honest and alive).
    2) Large dog (probably wouldn't hurt a flea but will bark if someone tries to enter).
    3) Semi-automatic rifle (WW II era infantry weapon).

    Lots of hunters in the state so lots of people have a similar level of security. People stupid enough to attempt to break into a house usually don't live long enough to either become good at it or pass on their genes.

    Cheers,
    Dave

    --
    They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
    Ben
    1. Re:Layered security by mallyn · · Score: 1

      You forgot: 0.5) No Trespassing Sign (keeps really honest people far away)

      --
      Most Respectfully Yours Mark Allyn Bellingham, Washington
    2. Re:Layered security by TwezerFace · · Score: 1

      If you live in CO, bigger issue seems to be forest fires...no?

    3. Re:Layered security by Anonymous Coward · · Score: 0

      This includes someone wandering in through an unlocked door

      So if the guy who lives in the apartment across the hall comes home drunk and accidentally opens your unlocked door instead of his, you can shoot him? Doesn't that seem a little extreme?

    4. Re:Layered security by tehcyder · · Score: 1

      Without going into the legal specifics, anyone who enters your home without your permission can be legally shot (or taken out with any other weapon of choice). This includes someone wandering in through an unlocked door

      Yes, because simple trespass deserves capital punishment. They should bring back hanging for stealing a loaf of bread.

      --
      To have a right to do a thing is not at all the same as to be right in doing it
    5. Re:Layered security by DaveAtFraud · · Score: 1

      Yes. Several court cases have found for the homeowner under pretty much precisely those circumstances. Latest was a drunk chick in Boulder who came in to the wrong house through an unlocked door. She was lucky. The homeowner only wounded her.

      Hint: don't get so drunk that you can't find your own home.

      Cheers,
      Dave

      --
      They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
      Ben
  12. Yeah by Safety+Cap · · Score: 2

    Bonus points for driving him to the right house.

    I usually leave him in a ditch, while I help myself to his wallet.

    I don't have many friends.

    --
    Yeah, right.
    1. Re:Yeah by Culture20 · · Score: 1

      You just won an Internet as compensation.

  13. This, 100 times this. by Anonymous Coward · · Score: 0

    You simply need to be smart about it. Use locks that are known to be bump or rake resistant so that:
    1) It takes a considerable amount of skill or time for an attack to get in, which vastly decreases the likelihood of being targeted by a random criminal.
    2) Leaves conspicuous evidence when it fails (i.e. broken door frame) so that you can easily file an insurance claim, or if it deters a home invader, leaves evidence for the police.

    Also, if you have sidelights at one of your main doors, replace the deadbolt with something that has a captive or lockable thumb turn so that you can put it in a secure mode for when you are out of the house or alone; this prevents someone from simply smashing the window and gaining easy access. Note: some fire codes don't let you lock it when the structure is occupied, make sure to check first.

    And if you upgrade your deadbolts from builder-standard, make sure to upgrade your security strike too. It's best to go bigger so you spread kick force out, and it should be secured with 4 screws at least 2 inches in length.

  14. Question on Practical Lock Picking by will_die · · Score: 1

    I have the 1st edition have read that through and it taught me a lot as a beginner. Is there enough new info in the 2nd edition that it worth the money to get it?

    1. Re:Question on Practical Lock Picking by TwezerFace · · Score: 1

      Not sure that question can be answered here...ask the publisher?

    2. Re:Question on Practical Lock Picking by Anonymous Coward · · Score: 0

      Not a major update...some corrections...better pictures....still worth it I think.

  15. Huh? by tehcyder · · Score: 1
    Was the review dictated in Japanese onto a Microsoft voice recognition system then passed through Google Translate without further proofreading?

    the reader should be open top open with great east

    Please.

    --
    To have a right to do a thing is not at all the same as to be right in doing it
    1. Re:Huh? by Anonymous Coward · · Score: 0

      Cantonese? maybe? who knows.

  16. What's all this talk about security... by gnujoshua · · Score: 1

    The whole point is that lock picking is fun!

    1. Re:What's all this talk about security... by Anonymous Coward · · Score: 0

      So true! There is a lockpicking group at MIT...been around for long time.

  17. Verb / noun by Errol+backfiring · · Score: 1

    At first, I thought this article was about breaking the DRM on a books.

    --
    Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!