Anyone who's been to Defcon has seen the tables full of lock-picks and guides. I had ordered a set online a few years ago from an unrelated vendor, and was happily surprised to see that they passed customs and I wasn't carted off to our arctic gitmo or wherever. Listed on the manifest as, if memory serves me correctly, "hand tools" which although both legal and accurate, was amusing nonetheless.
Here's the secret of lock-picking: there is no secret.
Seriously. Everyone I passed my set to could pull it off in a reasonably short amount of time. My first serious lock took 40 minutes, it was the Schlage that locks the door from my house to the garage. A pretty good lock. My 2nd time: 20 minutes. 3rd time was 5 minutes.
I thought I was pretty bloody good! Until I passed it to my brother who halved the duration of the learning curve. Jen, a friend of ours, turned out to be some kind of a prodigy. Never having tried it before, she was cracking locks in 5-10 minutes (more often closer to 5 minutes) that sometimes took me an hour or two, and I had a significant head start on her.
There's a bunch of locks purchased from the local Home Depot that are kept around the office for anyone looking for a puzzle to do. Everyone that has tried, I believe, has succeeded with at least one. I like seeing other people have fun as well as seeing the knowledge spread that most security, physical or computer, is weak and elusive. Possibly most important of all, I now have almost everyone else's prints on the tools. Hah!
If a man can make it, a man can break it. That the man in this case is proverbial and can be of any sort (or gender!) is pretty sweet, eh? I love equalizing factors like that.
Sure is a nice tough looking lock and chain securing your bike, my friend... too bad it gives it up quicker than an Oracle database installation! (cut me some slack, Google and Microsoft are easy targets lately :)
[Before anyone wonders about lockpick legality, Federal law has this to say:
Canadian Criminal Code, [R.S. 1985, c. C-46]
PART IX OFFENCES AGAINST RIGHTS OF PROPERTY
Breaking and Entering
Possession of break-in instrument
351. (1) Every one who, without lawful excuse, the proof of which lies on him, has in his possession any instrument suitable for the purpose of breaking into any place, motor vehicle, vault or safe under circumstances that give rise to a reasonable inference that the instrument has been used or is or was intended to be used for any such purpose, is guilty of an indictable offence and liable to imprisonment for a term not exceeding ten years.
R.S., 1985, c. C-46, s. 351; R.S., 1985, c. 27 (1st Supp.), s. 48.]
Comments (3)
Physical security is an interesting thing that most organizations implement in a pretty boiler plate manner. it's fascinating, actually. some of the things i've seen (which i refer to as 'unconventional data egress') are campuswide IT groups using business band radios to communicate sensitive information, unsecure pager networks used to transmit credential and location information for network reachable machines, not to mention all the standard non-sanctioned access points, whiteboards visible to the outside world, and conference rooms that have little privacy from a sound standpoint.
the fascinated aspect of this problem to me is the overlap of social versus technical solutions. physical security is a very interesting mix of a social problem, a policy problem, and a technical problem. certain "industries" have a better understanding of this than others (read: military), but private industry is, albeit slowly, catching on. the hardest part, in my opinion, are the social issues. we all know to close the blinds and erase whiteboards, but most people think pagers and two-way radios are secure.
and that's just the tip of the iceberg.
Posted by christian void | February 3, 2006 3:59 PM
Posted on February 3, 2006 15:59
Indeed - I used to sniff alot of pocsag and flex pager stuff using my icom scanner and some fsk decoders I built. Saw all kinds of stuff - graphic descriptions from EMTs and doctors, snmp alerts from businesses servers, etc. Data to and from traders as well, and one particularly juicy bit that someone could have made some money off of had they been unscrupulous. I monitored the cell-phone bands for about 2 hours before I concluded they were almost totally banal and generally not worth it :)
[Btw, the laws governing the rf spectrum in Canada basically say that there are no restrictions on reception and you're allowed to monitor/receive any analog band. If the communications aren't intended for you, then it's illegal to repeat any of what you heard. Obviously there are restrictions on decoding signals though, so I suppose that's why they specified analog and didn't mention digital. But at least the core of the law recognizes that the airwaves belong to no-one and everyone.]
Posted by Byron Sonne | February 4, 2006 10:19 AM
Posted on February 4, 2006 10:19
Very amusing, and backs up my points:
http://www.iol.co.za/index.php?set_id=1&click_id=29&art_id=iol114110356674B255
"Bosnian police who have been hunting a 'professional' burglar have discovered she's an 11-year-old schoolgirl.
The young girl is said to have been sneaking out at night to raid local homes in Ljubinje after her parents went to to bed.
She was finally apprehended after she raided a local chemists and made off with about £260 (about R2,788) from the cash register.
She was identified on a security camera as she picked the locks and opened the cash register, and identified when her picture was published in a local newspaper.
In some of her outings she grabbed jewellery, cash and cellphones. "
Posted by Byron Sonne | March 1, 2006 7:46 AM
Posted on March 1, 2006 07:46