Slashdot Mirror
Skip the Picks; Expert Uses Hammer To Open a Master Lock (csoonline.com)
itwbennett writes: Buyer beware. If it's security you're looking for, the #3 Master Lock might not be for you. In a video, locksport enthusiast Bosnian Bill demonstrates how to open a new #3 Master Lock using a small brass hammer — in under 90 seconds. This video is just one of several videos he's produced focusing on defeating the security of Master Locks, and, according to Bosnian Bill, has earned him several lawsuit threats from the company.
technology, news for nerds, stuff that matters
"derp, you can open a lock by hitting it friggin hard with a hammer"
Yes indeed.
Hammering on the lock makes too much noise. Bolt cutters are relatively quiet. Also, lots of locks can be bump-keyed. Google it.
Given the task of breaking in late at night, I'd go with the bolt cutters since I know shit about picking and have no practice. That's not to say that Master locks are good or bad; but come on', get real. Picking is for the movies. Thieves just break shit and/or point a gun at you.
I believe the cheaper and more effective solution would be to make better locks.
But I could probably do the hammer thing with a rock I pick up near the location I want to enter, rather than carry a pair of bolt cutters with me.
macgyver
Just get an Abus.
how to open a new #3 Master Lock using a small brass hammer — in under 90 seconds.
The entire video is 72 seconds long. The actual defeating of the lock takes a grand total of five seconds.
So yeah, technically that is under 90 seconds. But you're really understating it.
systemd is Roko's Basilisk.
Watch this Jedi open 17 locks with nothing but a common lightsaber!
How can I believe you when you tell me what I don't want to hear?
I am sure all the lower end locks are just as easy to defeat.
Troll is not a replacement for I disagree.
I don't
I haven't seen any real stories about breakthroughs in biology, cybernetics, computers, or physics in quite awhile.
If anything it's like the dailymail with a mildly science bent, only it's losing the 'sciencey' part pretty rapidly.
Also, I just wish they'd have somewhere that I could get instructibles to make robots or solor generators etc. Slashdot feels like it's stalled out and stuck trying to be a news magazine instead of really embracing the full multimedia nature and possibilities of the 'net. Their one of the few with resources to expand and where expansion would be good for everyone.
Wait...they don't use nodejs webservers with a websocket, hah, nevermind they wouldn't be able to properly get anything happening with their old crusty PHP apache server.
I just said that to make their web devs cry angry blood, they hate that they haven't learned a proper webserver yet :)
But, can an acetylene torch, bolt cutters, or hydrofluoric acid leave you a complete lack of evidence of tampering? He didn't smash the lock, just tapped it.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
How to pick a lock using a pick (as in pick and shovel)
The Marines would use a 12 ga shotgun
When I was in high school (40 years ago), I had a classmate with the colorful name of Print that could pop open Masterlocks with a textbook.
Subject says it all.
I guess the term "expert" doesn't mean what I thought it meant. We were breaking locks from our bikes' chains, that we lost the keys, like that when we were 10 or 12. I guess with all the facebook and apple users nowadays, the standards have lowered.
Doesn't totally twatting the fuck out of the lock leave the bolt(s) still engaged?
Oh hang on, it's a padlock. Where not only the body of the lock, but the actual bit that links to the door is completely exposed.
Try this one neat trick with an angle grinder!
An angle grinder makes a lot more noise, is harder to keep in a pocket, and prevents you from locking it back up again to hide your tracks.
You can use more than just a hammer. How about an acetylene torch? Bolt Cutters? Hydrofluoric acid? Typical "if all you have is a hammer" tunnel vision. I expect more from you, Slashdot!
True, but with this method, or lock picking, I can gain access to whatever it is that is locked up, remove what I want, and then replace the lock with no visible evidence of entrance. The noise is minimal, the technique and tools pretty trivial, so that at any opportunity, someone who wanted to could gain entrance and leave without leaving obvious clues. If you had a job box, tool shed, or building locked up with one of these, they could easily gain entrance, and remove something, possibly leaving the owner no idea it had been stolen. Locks still there, key still works, perhaps they'll think they put it someplace else and spend days if not weeks looking for it before realizing it's actually missing. Even then they might not be sure it was stolen. If there was more items that could be taken in one trip, they could even come back later.
That being said, unless you're investigated by spooks, any old lock will probably work. Most doors won't stand up to a couple of solid kicks if a credit card won't work, and the best NYC bike messenger lock would last about as long to power tools or a farm jack.
This isn't like "oh, I can eventually break this lock by smashing it", it's "this lock opens if you tap it in the right place". It takes seconds, and requires nothing in the way of fancy technique or specialized tools.
Yes, we all get it, any lock can be defeated - but this isn't the right story to use that stock comment on. This isn't someone smashing a small lock with a big hammer - this is someone demonstrating how defective a particular lock is, and it makes for an entertaining little video.
Let's not stir that bag of worms...
Hammer time!
To their credit, Masterlock Magnum's are a bit tougher to cut. If somebody wants in bad enough, they're going to get in though.
I doubt they'll be able to post at all when milk is pouring out their nose all over the keyboard as they read your criticism that nodeJS is a "real server" as compared with php/apache.
Locks are just there to keep honest people honest anyway. If somebody wants to get in, there is not much you can really do to stop them, especially with a sub $10 padlock. They can brut force (bolt cutters, drill, heat, crowbar etc) or finesse it open (bump key, pick, or what this guy does) and get in, you cannot stop that.
All you can really do is to slow them down by making things difficult enough it takes a long time to break in (Drill the safe, dig though the wall of the vault, or what have you) and provide enough regular surveillance that you will catch them before they get inside. You cannot stop them from trying.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
A set of shims would be nice, quiet, cheap AND fast.
I never get used to these constant resurrections
This is not news. In the 70's it was routine to have 100's of these broken off lockers with a simple hammer. You can use a tiny one and hit it 10 times, or use a larger one and hit it once. Net effect is the same: a couple kids can down a thousand lockers in a hour. Same cheap lock shown here. Combo version also opens with slight tension on shackle and careful rotation of the lock. In Jr. High it was a contest to race to open the other guy's combo locker. /shrug
Basically every pad lock or combo lock with a U shaped shackle is pretty easy to defeat from what I've seen. On at least three occasions I've removed locks with only what I happened to have at hand when I needed to remove the lock. Two steel rods that comprise part of my old Honda's tire change kit stuffed through the shackle and used in a scissor motion did a nice job of applying enough force. Most of the time if it was that hard to defeat the lock it wouldn't be that hard to break whatever apparatus to which the lock is attached. There are secure lock setups of course, but they tend to be bulky and more expensive. Most of the time locks are just an example of how the honor system works better with a modest deterrent.
Hydrofluoric acid sounds cleaver in theory but is a great way to accidentally kill oneself "in real life".
Breaking bad used HFL as a red herring. It was intended to be misleading.
So you lame host guy, do you not have a firewall? I bet it is running bind. Use what you have, especially if it was designed for that purpose.
I also find that all the malware hosts out there don't matter much if you don't let them execute javascript or (cringe) activex.
Yer right; walking around with bolt cutters is like a neon sign that says I'm a thief.
I guess you could hide it under a trenchcoat. Which would be totally low profile.
... it's quite evident that not many posters actually watched the video.
The lock isn't being smashed, bashed, smacked or slammed. It's being gently tapped with a brass hammer.
So mentioning bolt cutters, sledge hammers and acetylene torches is about as pertinent as launching into a diatribe about how Mandarin is a hard language to learn, with all of it's tonal inflections, when the discussion topic is about programming languages...
"I expect more from you, Slashdot!"
Ummm... sorry to disappoint but... You really shouldn't. Slashdot has been shit for YEARS. Only expect it to suck more as time goes on.
You know the old saying "when all you have is a hammer, every problem looks like a nail"?
Who'd have thought it can be right...
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Aspie Punk Kid give it a rest lad, the ladies aren't impressed and you're scaring the children.
These guys really have some nerve. You'd think the least they would do is try to avoid the courtroom.
Such lawsuits will only raise awareness that their locks are total garbage, and only for show. Pin tumbler locks are fundamentally worthless, and easily opened by any novice with desire to do so. That isn't security, and it certainly isn't comforting to know that anyone can purchase a few bump keys for like $10 that will open the majority of home locks.
As another poster suggests, they ought to design better locks instead of funding lawsuits. If they had any sense, rather than attempting to hide the problem, they would recognize it as an opportunity to sell more and better locks. Disc tumbler locks (for example) are fundamentally impervious to bumping, and not only have they been around for almost a century, they are far more secure and reliable. Any proper lock will require it to be destroyed to get it open in a reasonable timeframe, and that also leaves evidence of a breach.
I guess you could hide it under a trenchcoat. Which would be totally low profile.
Only if you're not a detective in the 1930's.
This a new lock:
https://www.youtube.com/watch?...
It's on kickstarter now:
https://www.kickstarter.com/pr...
You'd think Master Lock with all their cash would come up with clever ideas like this lock's mechanism.
yeah, but that leaves evidence.
This method does not leave evidence that the lock was opened. Someone could easily open the lock, take something, and relock it without the owner thinking anything was up. A bolt cutter would leave a broken lock which means the owner knows he was robbed.
That's why this is an important hack - because insurance often won't pay if there's no physical evidence of a break-in. Think of it - you could enter your neighbour's locked shed and steam their power tools, relock the shed, and the owner wouldn't know about it until they open the shed again. It could easily be months before the theft is discovered.
I'm shocked and dismayed legendary hacker Samy "I suck slashdot editor tiny penis" Kamkar isn't in on this hack.
>> open a new #3 Master Lock using a small brass hammer — in under 90 seconds
Or, just haul a big bolt cutter into the locker room in a duffel bag and go "snip, snip, snip."
Yes, but by using the method described in the article, you can re-lock the lock. If I were a thief, I would probably use this guy's method. Not only can you re-lock the lock afterward (meaning whoever owns the shit you're stealing probably won't notice until much later), it looks less suspicious.
Example: If a witness sees you doing anything involving a pair of boltcutters, it looks pretty damn suspicious. If you use a small hammer to open the lock, then stuff the hammer back into your coat, and someone sees you messing with a duffel bag/briefcase/whatever with a cleanly unlocked lock, it doesn't scream "I'm stealing things".
I don't allow javascript typically & I use a software firewall + router native one.
APK
P.S.=> Opera 12.17 64-bit's STILL the most flexible feature laden natively browser there is - I set a GLOBAL preference to NOT ALLOW scripts, cookies, plugins (only on demand too), iframes/frames etc. & DO EXCEPTION SITES (shopping/banking/online commerce etc.) occasionally IF needed, for the ABSOLUTE MINIMUM of what I block to be allowed only (not all usually)... apk
The 5 button door locks are also trivial, we call them 'riff-raff filters'. Anyone determined appropriate your lab equipment will not be stopped by them, or much else.
Anyone bent on doing bad cannot be stopped easily, but those folks are pretty darn rare. Most honest folks don't need much beyond a piece of tamper resistant tape to be kept honest, and a cheesy lock is even better.
I was able to open a Master combo lock by yanking it mildly hard. I found out why that model was on sale for 99 cents.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Today is your last day indeed. I gave someone your address and money to pay you a visit.
Back some time ago, Master went to Slashdot to claim they needed some information security about lock-breaking methods otherwise it'd be game over for locks. New cars today come without physical keys and rely on an RFID-like chip that when close enough unlocks the car. Most important things are now locked with PIN-locks or card locks rather than key locks.
It's basically game over for the products under the Master line... repeated combo locks and key locks just didn't last until today.
A guy showed how to open locks with one of those pressurized cans of cheese spread.
Whether you pick it, shim it, shoot it, clip it, or hammer it, a lock is not undefeatable. It keeps honest people honest, lets others know what is locked up is private and they should keep walking, and to a determined thief it's just a brief detour on the way to stealing. A #3 can be raked in seconds without carrying around a hammer, just using a bit of spring steel that would fit in your wallet.
Not with this particular lock, but another very similar. I bought it when I was 15 or so, for locking up my bicycle. The lock shackle was entirely removable and shaped like a mushroom, the intent being you couldn't cut the hasp because the eyes of the cable lock were in the way. The body of the lock was shaped such that he could tell which way the dog engaged the shackle, so he picked it up, took off his shoe, whacked it, and the shackle popped right out, within about ten seconds of the first time he saw it. That shook my faith in physical security.
A design that uses a rotating tumbler cylinder that has a dog machined on the surface of it, that rotates into and out of the cutout in the shackle as the key is turned, would be proof against bumping. It's only because of the sprung dog that this works.
Nostalgia's not what it used to be.
I have a pair of 36" long bolt cutters, with a capacity of 3/8". I can open that lock in less then 2 seconds.
So what? Your software doesn't come with Windows either. You shouldn't expound on how you dominate people before you even win an argument, it is jumping the gun and makes you look bad.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Yeah, you really taught me a lesson. You taught me a lesson in what incompetence looks like.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
best subject title EVAR
it would be super sweet of you to steam your neighbor's power tools, and I bet they would look super clean afterwards, but why would you bother? maybe you're just a good neighbor?
YOUR software doesn't come with Windows any more than BIND comes with Windows. How is this an argument for APKs hosts files engine that BIND doesn't come with Windows? Do you expect Windows to start shipping your crapware with laptops next?
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
All of this depends on where the lock is. If it's at a remote, unsupervised site, no lock will hold for very long. If it's a cheap padlock at the local gym, not so easy. Some techniques like raking the pins or shimming the bold are quiet enough to work. But even tapping on a lock attached to a metal locker is going to attract the attention of six MMA fighters training with the weights. Even your lookout with his gun is going to get his neck snapped for screwing with their gym bags.
Have gnu, will travel.
See subject: Don't worry - today's the LAST day I do this to Coren22 - it was just to teach him a lesson due to his signature about me... lol!
* Let HIM see how it feels to have it done to him with HIS OWN MISTAKES thrown right back @ him, in his face, here publicly so all can see it!
APK
P.S.=> Google & BING see it by now after a month of it, lol, so that's all I wanted to occur - I could keep it up forever, but his fuckups here http://slashdot.org/comments.p... & here http://slashdot.org/comments.p... did the job for me (as long as he steers clear of me? He has no problems - if he opens his mouth though? Well, his self-upmoderated by sockpuppets posts will get those in them again)... apk
Real smart that psycho. Announcing it.
Who gives a hoot about the lock? Even if the door itself gives you trouble, there's probably some glass nearby that won't. I'm not a security expert, but I'm not aware of anything that will keep someone out who _really_ wants to get in, and has the tools (a brain, for example) to do it.
Oh do please bugger off, apk, there's a good chap.
I remember back in grade school they did not have a lock cutter. The administration would just whack the combination locks with a hammer and they'd pop right open. I remember one of the non-Master locks popping completely apart and spilling its guts. It doesn't surprise me that it works for other types of locks as well. Locks are, after all, good at keeping honest people honest.
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
Then just put your own padlock on it with gum jammed in the keyhole. The owner will need to cut your lock off because his key won't work, but he won't be suspicious because he would have blamed the gum.
These articles are so dumb.
Any padlock no matter how well engineered is simply a deterrent that can be foiled by a $20 pair of bolt cutters. No one is going to be screwing around with brass hammers or lockpicks to get into your stupid tool shed. If they want what you have locked up, they would simply use bolt cutters and be in and out in seconds. The idea that anyone is going to screw around scoping out Masterlock locks so they can tap them with brass hammers is ridiculous.
Padlocks, much like the fancy-pants locks on your house, are not going to keep anyone who REALLY WANTS IN out.
The whole point of locks is a DETERRENT, they are not pure security. They will keep out casual thieves, who will go onto the next house that has no locks at all.
Most of those brass lock I had which failed, actually primarily failed because with age you did not even need the hammer to release the pick, just pressing with the hands and the picks released, the mechanism inside or the picks becoming so used that they lost even a small modicum of tension retention. One i am keeping for demonstration purpose you can simply open with bare hands. This happens the more you open and close the lock. I do wonder if this was a new lock or a somewhat used one.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
Gee, there is gum in the lock. I have no idea how it got there. Those burn marks were not on the wall before. I am not suspicious at all. /sarcasm
The guy who pilfered wallets for weeks on end from my high-school locker-room used the heel of his shoe. But if all you have is a hammer...
Noooo.
The solution is to make the possession of hammers illegal.
If All you've got is a hammer, every problem looks like a lock.
aaaaaaa
If All you've got is a hammer, every problem looks like a lock .
aaaaaaa
Sonic screwdriver. And it has other uses. Well, so do hammers. But the former are less bulky and not as heavy.
A set of shims would be nice, quiet, cheap AND fast.
Actually the lock companies are learning though. Most of the decent companies, and even some of the Master Lock lines are essentially shim-proof now.
Chas - The one, the only.
THANK GOD!!!
The huge "upside" to this method. You require no specialized tools and no real skill with said tools.
Basically ANYONE can perform this attack.
Chas - The one, the only.
THANK GOD!!!
This isn't about "breaking off the lock".
This is about tapping the lock several times to cause the locking bar to release. Leaving an undamaged lock.
Chas - The one, the only.
THANK GOD!!!
Coren22 IMPERSONATES RESPECTED MEMBERS OF THE SECURITY COMMUNITY http://slashdot.org/comments.p...
---
"privilege escalation's a bad thing" - by Coren22 on Tuesday September 22, 2015
How else programmatically update it?
"requires elevation to write hosts" - by Coren22 (1625475) on Wednesday September 23, 2015
Hypocrite later admits it - hosts do vs. WFP/SFP not my ware. Users set it not programmatic impersonation. Security wares need it.
---
"secretary at MalwareBytes took a look at his source code & said it looked all good" - by Coren22 (1625475) on Wednesday November 18, 2015
Mr. Steven Burn of Malwarebytes
"yes I've seen the code & yes it is safe." FROM http://forum.hosts-file.net/vi...
---
"we should avoid your crap it looks like malware." - by Coren22 (1625475) on Monday November 02, 2015 @03:52PM (#50850445)
60++ reputable sources say different:
64-bit model https://www.virustotal.com/en/...
+
32-bit model https://www.virustotal.com/en/...
&
Installer-> http://f.virscan.org/APKHostsF...
MalwareBytes' hpHosts Admin (MalwareBytes employee) hosts & recommends it -> http://hosts-file.net/?s=Downl...
---
"MiTM... his software provides" - by Coren22 (1625475) on Wednesday November 18, 2015
Hardcoded favs users provide = REVERSE DNS verified & my ware filters 5,500++ false positives - security site hosts data = false positives filtered.
---
"Apk doesn't think DNS servers are worth running & believes Microsoft Active Directory can run w/out DNS." - by Coren22 (1625475) on Tuesday October 27, 2015
Show us where I say it? Not illogic logic but where I say it. I say AD needs internal DNS far back as 2007
http://forums.tweaktown.com/wi...
See "To warn users who have ActiveDirectory/AD LAN-WAN setups to NOT use external DNS servers" there.
APK
P.S.=>
"modding you down for trolling in your signature" - by Dog-Cow (21281) on Wednesday November 25, 2015
Dog-Cow's (old acc't. no new sockpuppet from you) thoughts of your signatures about me
... apk
YOU BLEW IT BADLY HERE especially -> http://slashdot.org/comments.p...
See subject & my last post you replied to Coren22: BIND doesn't come w/ Windows, the most used OS there is by the most folks on the desktop!
(LMAO - I own you... YOU, have been DOMINATED!)
APK
P.S.=> You're efficiency is poor - Less IS truly MORE in using what you already have (hosts + firewalls) as I do, & to do more with less... apk
do this all of the time. Not for thievery, but it's a pretty common bike problem for totally legitimate reasons.
So, the idea that this is newsworthy, is the shock to me. In Junior High (a goodly number of years ago) the benefit of a Master lock was that when you forgot or lost your key, you took a buddies shoe, whacked it solid on the top and it came open. If you're buying a Master Lock, or any similar style lock, that it is somehow theft-proof is naive at best. You're buying a deterrent. On your school locker, the school ne'er-do-well' can't simply rummage your stuff as he slinks on through. sure he could take his shoe and whack it open, but that's noisy, and likely draw suspicion. Master Lock sells stuff that generally does the job, just recognize what you're buying and get on with life.
Shite! You can break just about ANY padlock with a 4 foot piece of 1/2" steel pipe. Simply slide it through the padlock hasp, and twist (trust me, you'll have plenty of leverage) and it will either snap, or what it is attached to will snap. Either way, you're in. Same goes for chains on fences with padlocks. In fact, 4 foot is probably overstating it. Hell I've done it with like a 2ft piece. Takes no more than about 20 seconds. Doesn't require significant strength. Physics - it's your friend. Or has often been said, "Give me but a long enough, and strong enough lever, and I can move the world!"
My dad did an old school correspondence course in locksmithing while i was a kid (the resulting business putting me through college.) he used to challenge my brother and I to lock picking challenges. My best record (starting with the pick and tension bar on each side of the master lock in question, hands on hips) was 2.1 seconds, lucky? sure, but no hammer involved. I can to this day pick a standard master lock in less than 5 seconds, and probably the lock on your front door in 15.
...yet possibly even quicker: bolt cutter!
Self-importance and self-indulgence is the root of ALL evil.