Announcement

Collapse
No announcement yet.

Hacking locks?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Hacking locks?

    Re: Geoff's blog post here-

    Dealing with criminals trying to find and exploit weaknesses in security was difficult enough. What makes the hackers so difficult for traditional security practitioners to understand is, most of them aren't in it for gain. These people like to find and exploit weaknesses in security for fun. They enjoy it. It's a sport and a hobby to them.

    A criminal is going to looking at the ROI of spending six months trying different bitting combinations to make a set of bump keys that could open, in theory, a few models of a lock and say the heck with it, let's just mug an old lady. But these people aren't criminals per se, in that they figure out the most efficient methods of commiting crimes and will not spend time on something that's a lot of work with a tiny payoff. These are hobbyists who enjoy the challenge. Like this whackjob.

    Let's say you told someone in 1998 that in ten years from now there will be an encyclopedia containing, basically, all collected human knowledge and it would be free, what would their reaction be?

    They would have two objections. First, it would take thousands of researchers decades to write this thing. Second, who would pay for the research and the writing and the editing and the storage space and the servers? You'd have to charge people thousands of dollars to access the encyclopedia just to recoup your investment, and who has that kind of money aside from a few rich universities and research libraries?

    Yet, in 2001, some whackjob anarchists launched Wikipedia and now we have an encyclopedia containing, basically, all human knowledge (especially Star Wars knowledge). Accesible for free. Written and edited by volunteers with servers paid for by donations.

    Same thing. Sure, the whackjob with the Medeco bump key probably only made a key that worked with the particular cylinder he was playing with (he couldn't duplicate it with locks pulled off the assembly line when he went to Medeco) but the thing is, he figured out how to make a key for an allegedly bump-proof, pick proof lock. And if he goes public with the info (and he will, because part of the fun is telling people how you did it, and information on the internet is available to everyone everywhere), well those locks are compromised. And criminals can learn to use YouTube. After all, I know how to pop open a bicycle lock using a Bic pen, because I have the Internet.

    Anyway, my point is 1) security by obscurity doesn't work in the age of the internet, and 2) I'm really really jelous I couldn't go to DefCon, and 3) how come my comments on the SIW blogs never get approved?
    The CCTV Blog.

    "Expert" is something like "leader". It's not a title that you can ever claim for yourself no matter what you might know or might have done. It's a title that others bestow on you based on their assessment of what you know and what you have done.

    -SecTrainer

  • #2
    Sure security through obscurity works, as long as something is really obscure.
    Whens the last time you heard of hackers targeting windows 98?
    Look at linux systems as well, way more secure, well partially because they are open source and the people who make them really care about finding all the holes, but also because only 2% of the internet population uses Linux.
    Also what is really obscure in the age of the internet, if its unique, sure its secure, I have a custom shell for my XP box thats totally unique, the only thing that exists about it on the net is a video on photobucket and some screenshots.
    Want to see if your system or lock is secure, just google it, if it shows up in the top 100 results, its not obscure.
    Darksat Security Forum

    Comment

    Leaderboard

    Collapse
    Working...
    X