The Study of Physical Hacks at DefCon 299
eldavojohn writes "DefCon usually focuses on electronic security, but Saturday a talk was held that focused on possibly the oldest form of hacking — lockpicking. As software security becomes better and better, the focus may be shifting towards simple hacking tips like looking over someone's shoulder for their password, faking employment or just picking the locks to gain access to the building where machines are left on overnight. From the article: 'Medeco deadbolt locks relied on worldwide at embassies, banks and other tempting targets for thieves, spies or terrorists can be opened in seconds with a strip of metal and a thin screw driver, Marc Tobias of Security.org demonstrated for AFP ... Tobias says he refuses to publish details of 'defeating' the locks because they are used in places ranging from homes, banks and jewelers to the White House and the Pentagon. He asked AFP not to disclose how it is done.' I'm sure all Slashdot readers are savvy enough to use firewall(s) but do you know and trust what locks 'physically' protect your data from hacks like these?"
Backstop that lock... (Score:5, Insightful)
Wetware hacking (Score:4, Insightful)
It's not shifting at all. I've done my share of hacking when I was younger (ahem) and the weakest link was always the human link. It was much easier to con the secretary into giving a password than hacking the secretary's computer, and I suspect it's even more the case now with more solid computer systems. That's called social engineering and it will always work very well indeed, because much to my dismay, computer users get dumber and dumber as computer get more and more powerful.
As for lockpicking, it's not really a secret that no lock is safe. Look up "bump key" in your favorite search engine and you'll see what I mean.
No, I don't (Score:2, Insightful)
Re:Backstop that lock... (Score:5, Insightful)
It isn't difficult to slice through or drill most locks or the doors holding them, let alone picking the lock, but if there is an armed human on the other side that changes the game a bit.
Re:Backstop that lock... (Score:1, Insightful)
Personally, I'd have a sign that says "Beware of Dog [dogthebountyhunter.com]" with an appropriate picture on the sign.
Re:Backstop that lock... (Score:5, Insightful)
I have both the ADT sign and the above suggested firearms.
Re:Backstop that lock... (Score:5, Insightful)
Just look at how they derive those numbers...they categorize "loved ones" and "family members" and anyone you have ever met.
If you want the real, peer reviewed scientific analysis on guns in the hands on citizens, just check out the writings of John Lott.
Re:Backstop that lock... (Score:5, Insightful)
The problem we have is that since the 1970s, we've emaciated homeowners and law-abiding citizens by making it difficult to use deadly force.
If, as was the case prior to 1960 in most parts of the US, it was generally assumed that a property owner could use deadly force against an intruder, it would be the equivalent of a "Protected by Smith and Wesson" sign in front of EVERY house, along with criminals having to assume the risk of such crimes.
Re:How to pick Medeco locks (Score:5, Insightful)
The Medeco reward I've heard about in a number of different forms, so I'm not sure the exact details. Last I heard, if someone can pick 3 Medeco cylinders (the six pin type found in deadbolts, not the four or five that are used as replacement for disk tumbler cylinder replacements.), they get a prize. However I have no clue what the real status of that is.
Nothing is unpickable by someone who knows their stuff and has the manual dexterity. Its slowing people down, to where even a skilled lock manipulator will take hours to open the lock, which will most likely mean detection. Its also forcing someone to leave a signature (scratches), so if stuff does get taken, one can prove to an insurance company that a lock was defeated or something was broken.
Mushroom pins help, but are just one security mechanism, forcing locksmiths to jam the pins up, then let them float downward to the shear line, rather than pushing pins up from their resting place. I'm pretty sure the sidebar is pickable by some tool that rotates the pins, as its talked about on various lockpicking sites.
This is one reason I recommend high security locks. If someone kicks down a door or breaks a window, that leaves a noticable signature where a claim with insurance has more ground. If someone's house is robbed by a bumped lock, there is no trace, and it goes to a word against word thing to prove that stuff was there, and is now not.
It may be the security has nothing to do with the tumbler mechanism. In some locks are weaknesses that have nothing to do with the cylinder used. For example, one lock I have has a very pick resistant cylinder, but one can use a shim and the lock pops right open.
Lastly, some people may state security through obscurity, but I'm glad that the methods of opening Medeco deadbolts are not made public. Physical locks can't be updated like most programs can. Every cylinder in a building would need replacing, and that would amount to hundreds of thousands, if not millions of dollars, factoring in parts, labor, the time it takes to deploy a new keying system, getting the new keys to all the employees, etc.
Re:Backstop that lock... (Score:2, Insightful)
Crypto (Score:4, Insightful)
Of course they can then be deleted, but someone who would have access to my computer could only "damage" my most precious data, not read it. A computer does not work like a safe, it can be much more efficient.
Re:Backstop that lock... (Score:5, Insightful)
You mistake shooting a "burglar" for penalizing said burglar instead of SELF-defense. Defending yourself is not to be confused with lynching.
A "burglar" (intruder) is a huge risk to the occupant of a house because the intruder has incentive to kill the householder to shut him/her up, and sometimes does.
Crimes of opportunity in a home invasion include rape, torture, arson to cover up the evidence etc.
Intruders are not typically like Roger Moore in "The Saint".
If you don't want to defend yourself, it is your right not to. To say that I cannot defend myself is to say that I don't matter, and those who would violate me do. I respectfully disagree.
Even in Iraq, the US allows householders one firearm. This is because police response is reactive, not preemptive. All the cops can usually do is collect evidence and maybe arrest the perp for whatever he/she did. This neither does not reverse or prevent damage to the victim.
When I was TDY to Saudi Arabia, some crackheads decided to party on my property. My wife asked them to leave. They told her to fsck off and made threatening statements. (We lived in an area with light police protection and long response times.) She retreated to the house, got our our Mini-14, and put several warning shots into the ground (not towards the crackheads) where the bullets could be retrieved if required. They promptly left and never returned for the remaining three years we lived there. When the police finally responded, the officer was fine with it. (I love the South!
The right to violent self-defense is essential to freedom, because if you are forbidden to defend yourself anyone can do their will to you.
Re:Backstop that lock... (Score:5, Insightful)
Re:It's the form factor, stupid. (Score:3, Insightful)
Of course in such places the criminals simply find ways to not have to open the lock. I'm sure in some of those places the door literally has to withstand a battering ram, car powered one that is, or it isn't of much use. In Poland criminals didn't even bother to pick locks to apartments half the time, they simply found some old lady carrying groceries to her apartment then offered to help carry them for her. Then as soon as she opened the door they punched her out (or killed her or just pushed her out of the way if she was lucky) and robbed her apartment. And I don't mean a few did this, I mean all of them did this.
Re:How to pick Medeco locks (Score:3, Insightful)
Basically, the trick is you don't pick the lock at all. You pass the metal strip THROUGH the body of the lock and out the back, and use it to retract the bolt mechanism behind the cylinder. Damned clever attack.
If guns stop crime then why crime in the USA? (Score:4, Insightful)
If weapons stop crime, how come the USA, one of the most tooled up countries in the world, has so much crime and so many people die from gun injuries?
Re:How Medeco locks work (Score:3, Insightful)
Re:If guns stop crime then why crime in the USA? (Score:1, Insightful)
The trick isn't to have the biggest gun; the trick is to have the most accurate shot. ANY yutz can spray a room with a machine gun, and even miss their target. One shot from a trained sniper, OTOH....
Re:If guns stop crime then why crime in the USA? (Score:5, Insightful)
Also if guns are the cause of all evil how come after they were mostly banned in the UK the crime rate hasn't budged, knife murders are way up, burglaries are 3 times that in the US and rapes are also close to 3 times that in the US (rate wise of course).
Re:If guns stop crime then why crime in the USA? (Score:5, Insightful)
This argument always pops up when the topic is guns. And I always counter by asking why Finland, which is in the top five when it comes to guns per capita, has one of the lowest crime rates in the world.
The roots of the American crime problem lies somewhere else than guns. Try income inequality and poverty if you really want some kind of beginnings of an real answer, instead of reinforcement to preexisting memes.
Re:If guns stop crime then why crime in the USA? (Score:2, Insightful)
But I agree that a big part of the problem is, as you say, income inequality and poverty.
Re:Backstop that lock... (Score:2, Insightful)
So if I buy a gun and keep it in my house, a magical force field will keep all criminals out?
This logic seems horrribly flawed. But then again, I'm not a rabid pro-gun idiot, so I'm obviously unenlightened and unworthy of commenting in this discussion.
Re:If guns stop crime then why crime in the USA? (Score:3, Insightful)
Because of the gun control laws in place, funnily enough. If in this country you could easily and legally carry around a concealed firearm, criminals would be less inclined to attack you because it's legal and easy for you to have a gun to defend yourself. With the gun laws as they are, the odds are in favor of the law breaking criminal who HAS a concealed weapon who bets you aren't armed.
And if you let me walk to the store with my concealed weapon, the fact that I have one and you don't doesn't matter because the CHANCE of you having one is the deterrent.
Re:Backstop that lock... (Score:2, Insightful)
Shooting any burglar because some burglars might become violent is just stupid. If the burglar is coming at you, fine. If he's trying to leave or running away, no.
Cracking, not hacking (Score:3, Insightful)
This used to be news for nerds -- please get it right.
Re:If guns stop crime then why crime in the USA? (Score:3, Insightful)
Re:Backstop that lock... (Score:2, Insightful)
Re:Backstop that lock... (Score:1, Insightful)
Re:Backstop that lock... (Score:4, Insightful)
Agreed.
IMO, any rational burglar will attempt to flee once he or she discovers that the residence is occupied and the occupant is armed.
Any burglar who does not flee once the occupant announces that he or she is armed loses the benefit of the doubt in my book. The burglar is clearly involved in an illegal act and is not making an attempt to flee when discovered. That is not a good sign, and the occupant is justified in assuming that his or her life is threatened, IMO.
Re:Backstop that lock... (Score:5, Insightful)
It is also essential to get those high homicide rates. Your call."
Lawful self-defense
"Self-defense should be proportional to the actual threat.
Shooting any burglar because some burglars might become violent is just stupid. If the burglar is coming at you, fine. If he's trying to leave or running away, no."
The applicable laws cover that. They vary by state, so do read yours.
"Your wife is a psycho. (and apparently you are as well, from the tone of your post)"
Nice troll, but note I mentioned firing into the ground to facilitate bullet retrieval. That is not "psychotic"
We both have military training and are disciplined shooters. Making noise to scare away the crackheads worked, no one was injured, and the situation was de-escalated nicely. What you may (and others who may be unfamiliar with the way criminals like crackheads think) not understand is that they only respect people who appear scary. I'm not some crazed redneck, but I'll emulate one if it is useful. Crackheads are not deterred by the consequences of crack use, so that worldview limits the things that do deter them.
"Then all of a sudden it is the burglar who is being threatened for life, and who feels a need to defend yourself. Do you really want to go into that spiral?"
There is no spiral. Burglar has choice of turning and running or being shot. If he entered an occupied residence he may be presumed willing to attack and subdue anyone in that residence. If he hopped my fence and continued past my barking dogs he was determined to enter.
I'm not advocating trap guns or other nonsense, I'm advocating reasonable latitude in defending myself and other humans in my house where I have the reasonable (through human history) expectation of security. If I get burgled and no one is home, that's why I buy home insurance!
"A burglar has no intent to kill. If he would, why not do armed robbery instead? Why not take people hostage, take them to their home, clear out and kill them?"
He may have no INITIAL intent to kill/rape/assault. Your statement seems to imply burglars are a logical, rational lot. Some meth head who has been awake for thirty days may start out to burgle, but they aren't necessarily going to stick to that. Never assume the bad guy is interested in your logic. I'm not expecting to defend against Slashdotters, so I don't assume crooks think like Slashdotters.
Is there an off topic mod? (Score:3, Insightful)