FAQ  •  My feedback  •  Feedback
UKLockpickers.co.uk Lockpicking supplies such as Lockpicks, tools, and more! COMMANDOLOCK.COM Military grade padlock systems lockpickshop.com A source for lockpicking supplies such as lockpicks, locksmith tools, and more!

WTF , we need integrity as a community

<<

nine4t4

User avatar

Familiar Face

Posts: 49

Joined: Fri Feb 07, 2014 7:48 pm

Location: Toronto

Post Mon Feb 27, 2017 9:13 pm

WTF , we need integrity as a community

A "respected" youtube person has recently provided a video about descrutive entry. To this point he has had items that 'surfed' the line (i.e. bump key). I know there is a line between informing the lock owners and the non-pickers, but this seems over the line. IF WE ARE A COMMUNITY, of hobbyists or security professionals I don't feel that DE is something that needs to be on youtube. But releasing info on how to destroy a lock's chamber retaining cap seems to me to cross a very thick line. And there is a plug for the company that sells them.

Am I alone in feeling that this is an egregious unethical act? As a community aren't we supposed to educate the non criminals? Let them know that smartkey is a stupid lock? Let them know that hardware store locks are REALLY easy to pick. Don't we have a responsibility to keep certain knowledge out of the wrong hands? Why is Destructive Entry a restricted section of this site and some "balkan" picker spreading info on YT. I'm disgusted
JOB: (n.) a series of tasks that aren't enjoyable, but are done in return for money. see Prostitution
A LIVING: (n.) A means of enjoying ones existence that also provides financial compensation. see Freedom
<<

macavity

User avatar

Familiar Face

Posts: 25

Joined: Mon Feb 06, 2017 9:25 pm

Location: Denmark

Post Mon Feb 27, 2017 9:27 pm

Re: WTF , we need integrity as a community

Said youtuber has a quite different view than most "pure lock sport" practitioners. If you read his instructions on home security you can see that clearly.

He has provided numerous bypasses and other techniques that can easily be replicated with minimal training. Some destructive (eg, breaking the ward disc on padlocks) and others not (eg, how to bypass doors with emergency exits mechanisms on the inside).

Whatever this is educating the criminals or putting pressure the manufactures to fix their crap is a debate as old as the ten commandments.

My personal experience is that common criminals are, for the vast majority's part, uneducated about things that google can educate on in 5 minutes flat. Thats why they think crime pays better than a day job....

And since said youtuber works for some or other TLA agency I'll cut him the benefit of the doubt...We can talk about it if he shows how to make Meth out of hair spray and baking soda.
<<

Daggers

User avatar

Active Member

Posts: 585

Joined: Thu Jan 12, 2012 12:33 am

Location: Florida, US

Post Mon Feb 27, 2017 10:09 pm

Re: WTF , we need integrity as a community

In my opinion, an insecurity is an insecurity. Whether it's something done as a hobby or not. And those insecurities need to be fixed. Many times, when told about the problems, companies won't do anything to fix it. I believe this was the case with the Medeco biaxial and since they refused to fix the insecurities, the techniques on how to open them were revealed. Correct me if I'm wrong though, my memory is a little hazy on that. So when people release details on destructive entry techniques, I view it as a good thing since it makes people realize the weakness of the product and puts pressure on the company to improve it. Because bad guys will already know the weakness, but normal people won't.
<<

MartinHewitt

User avatar

Active Member

Posts: 384

Joined: Sat Nov 26, 2016 6:19 pm

Location: Germany

Post Mon Feb 27, 2017 11:36 pm

Re: WTF , we need integrity as a community

As I do come from software security and cryptography I do favor public disclosure of problems with some notice to the manufacturer.

The Mauer Code Combi B had a problem. With the right tool and some training the safe door could be open in less than one minute. As far as I know Mauer fixed the problem only after the tool was available publicly. Until the tool was public only government and the bad guys were able to know about this, but not the person who had the lock to protect his stuff. So everybody profited from the undisclosed problem but not he who wanted to be protected. Really not a good situation.
<<

plugspin

Familiar Face

Posts: 88

Joined: Tue Jul 31, 2012 1:40 pm

Location: Atlanta

Post Tue Feb 28, 2017 3:19 am

Re: WTF , we need integrity as a community

Just like we all tell people who get freaked out when we teach them to pick a lock the first time, you are not instantly a criminal just because you learned to pick a lock. Same goes for destructive entry. Criminals are going to commit crime. Upstanding citizens will continue being upstanding after seeing this, albeit with more knowledge then they had before. Also, not to be rude, but this "community" has a lot of people with differing and strong opionions, so lumping "all of us" into one group is laughable at best. There is no single correct definition of responsible disclosure and you will find all sides represented in "this community". Quite frankly, I think more people need to learn bypass techniques, lock picking and even bump keys are hardly a nuisance to ordinary home owners. Bypass attacks are usually fast and easy which is the main selector for an attack being used in the wild for criminal gains.
<<

madsamurai

User avatar

Familiar Face

Posts: 179

Joined: Wed Jan 04, 2017 4:13 am

Location: Germantown, Ohio

Post Tue Feb 28, 2017 4:12 am

Re: WTF , we need integrity as a community

My 2-cents on this... I got into lock picking originally as a potential prepper skill, I figured if I need to find food after the apocolypse a lot of it would be behind locked doors, so it would be a good thing to know just in case. However I've since fallen so in love with this stuff I've decided to make a career in locksmithing and am trying to learn everything I can about locks. From that perspective, I'm pretty happy that it's possible to find this information, as the traditional secrecy of locksmithing is counter-productive for a guy who wants to apply for his first job with some confidence that he knows at least a few things and isn't going in as a total newb that has to be taught everything. Even my college texts say "You'll learn more about X when you're employed" and leave it at that, and to me that's been incredibly frustrating.

There's a phrase in the programming community: Security through obscurity. It basically means my site is secure because nobody is aware of the security flaws in my code. This is the same thing. Security through obscurity is a myth, and imho, a dangerous one. It's the equivalent of putting a fake lock on your door and hoping everyone believes it's a real lock so you won't get robbed. Hiding a flaw doesn't make it go away. Whether a lock is susceptible to picking or bumping or drilling or torquing or bypassing or punching or whatever else really doesn't matter... it's flawed either way, and anybody with a brain and some time will eventually figure it out if they want to. As a I consider my future in locksmithing, I want to have some confidence that the locks I sell people are secure, and that means knowing all of the ways locks are attacked and which ones hold up to those attacks and which ones don't. I also think people in general should have access to that information so they don't end up wasting their money on junk security (which is the primary offering in the US). If more people watched videos that showed how easy it is to drill locks, they'd stop buying those locks and more locks would come to the market with real drill resistance. As it is, people believe whatever is on the box because there's nothing to tell them different. That's why you only see Master locks in every hardware store and Stack-On gun safes in every outdoors shop. They can keep selling crap because the general public doesn't know any better.

Do criminals study this stuff? I don't know... I suspect there are some that do, but we're well past the point of stopping them if they want to. Heck, I had an Anarchist's Cookbook when I was 14. If I could get that, any criminal who wants to make pipe bombs could get it just as easily. There's also the argument that nobody's a criminal until they commit a crime, and I'd say if just about anyone on this forum decided to do that, they could get into about anything they wanted... how can we protect against that and still have locksport and cool picking forums? You can't predict people, therefore it is impossible provide information to people who are guaranteed to only do good with it. The only way to keep criminals out is to spend the money on quality security, period. Pretending they don't know as much as we do is pure hopeful idealism.
<<

just1pick+open

User avatar

Familiar Face

Posts: 221

Joined: Wed Dec 17, 2014 1:13 am

Location: Pennsylvania

Post Tue Feb 28, 2017 6:07 am

Re: WTF , we need integrity as a community

The first thing an old locksmith I met a long time ago said all locks do is buy you time, hence the longer time you spend on trying to open one is more time you might be seen doing so. As long as you have windows any thief knows it's quicker to smash and grab. :mrgreen:
xeo: i use an electric buzzer exclusively for my ass that gets sanitized afterwards
PhoneMan: would have freaked my friend out if hed come over
MBI: Most anything goes.
PhoneMan: way to give me nightmares
selim: ok then blow your load,, i'll take anything free now a day's
<<

ratlock

User avatar

Familiar Face

Posts: 202

Joined: Sat May 07, 2016 8:41 am

Location: Scotland

Post Tue Feb 28, 2017 9:54 pm

Re: WTF , we need integrity as a community

You have all learned a weakness in these types of locks. You have all been made aware of the tool being sold online that defeats these types of locks.
You and the manufacturer of these locks are now well aware of security flaws/changes that need to be made if using/ selling these locks.

Dont shoot the messenger.
<<

Patrick Star

User avatar

Familiar Face

Posts: 223

Joined: Sun Apr 10, 2016 9:40 pm

Location: Sweden

Post Wed Mar 01, 2017 1:06 pm

Re: WTF , we need integrity as a community

Professional burglars are often very good with forced entry and bypass. So I really can't see the harm a bunch of YouTube videos on this subject could make - the harm would at most be a bunch of kids using it, while the advantage would be letting everyone who watches it protect their stuff.
<<

mercurial

Familiar Face

Posts: 189

Joined: Fri Jan 31, 2014 11:11 pm

Location: Australia

Post Wed Mar 01, 2017 2:28 pm

Re: WTF , we need integrity as a community

I agree that we shouldn't shoot the messenger.

Furthermore, relying on security through obscurity is never a good thing, especially when the bypass in question is so simple in it's execution. In this day and age, it is foolhardy to expect to keep the lid on things like this. The sooner people are aware, the sooner they will demand and select a better product without such a basic vulnerability.

This isn't anything new or groundbreaking. There is a good reason that quality lock manufacturers use set screws to cap pin chambers.

Fortunately the technique leaves an obvious forensic signature, insurance claims by victims of this bypass will have no difficulty proving forced entry to their premises, which in a way places it in the same category of attacks as simply breaking doors or windows to gain entry.

The tendency of almost all thieves(a few professionals aside) to resort to simple brute force has and continues to be true. When bumping came to public attention there was an outcry regarding the crime wave that would surely follow. It didn't happen & I can't see it happening as a result of this bypass becoming more widely known.

I'm sure there will be some break ins that result from this methodology, but I do not believe there will be any break ins that wouldn't have happened anyway. The professionals who do utilise more finessed methods such as this are likely to find a way to gain entry with or without this technique.

Surely more break ins can be prevented by sharing this knowledge & enabling people to protect themselves against it, than may happen as a result of the same publicity?

A more interesting and productive discussion may be how to prevent this attack without replacing the cylinder. A simple piece of solid metal that sits over the bible & fills the void space in which it sits, meaning it has nowhere move would be one possibility.

Sorry for the rant, I feel quite strongly about this.
<<

xeo

User avatar

Catministrator
Catministrator

Posts: 2142

Joined: Tue Jul 20, 2010 3:30 am

Location: East Coast, USA

Post Thu Mar 02, 2017 3:33 am

Re: WTF , we need integrity as a community

Welcome to the internet. We live in the age of information sharing. Everything can and will come to light eventually, with the end result of hopefully a more intelligent design of future products with security as a major factor in the engineering process. I don't see any reason to complain about the fact that information is being released to the public. Keeping methods and exploits private allows the more devious holders of the knowledge to exploit it on an unprepared public.
Image
The code is hidden in the tumblers. One position opens the lock, another position opens one of these doors...
http://www.youtube.com/xeotech1

(ノಠ益ಠ)ノ彡┻━┻

░░░░░░░░░░░░░Image
<<

Logan

User avatar

Familiar Face

Posts: 197

Joined: Sun Feb 26, 2012 7:16 am

Location: Worcester County Massachusetts USA

Post Thu Mar 02, 2017 3:58 am

Re: WTF , we need integrity as a community

Thank you xeo, couldnt have said it better myself.
"My only definite plan is that in the future I'm definitely just using this screwdriver for screwing in screws" -The Doctor

┓┏ 凵 =╱⊿┌┬┐
<<

mdc5150

User avatar

Contributor
Contributor

Posts: 1008

Joined: Tue Jan 25, 2011 4:35 am

Location: Arizona

Post Thu Mar 02, 2017 5:31 pm

Re: WTF , we need integrity as a community

:agree:
<<

transposed

Newbie

Posts: 14

Joined: Fri Nov 27, 2015 11:49 pm

Post Fri Mar 03, 2017 6:23 am

Re: WTF , we need integrity as a community

nine4t4 wrote:...releasing info on how to destroy a lock's chamber retaining cap seems to me to cross a very thick line...

mercurial wrote:...we shouldn't shoot the messenger. Furthermore, relying on security through obscurity is never a good thing, especially when the bypass in question is so simple in it's execution. In this day and age, it is foolhardy to expect to keep the lid on things like this. The sooner people are aware, the sooner they will demand and select a better product without such a basic vulnerability. This isn't anything new or groundbreaking. There is a good reason that quality lock manufacturers use set screws to cap pin chambers...Surely more break ins can be prevented by sharing this knowledge & enabling people to protect themselves against it, than may happen as a result of the same publicity? A more interesting and productive discussion may be how to prevent this attack without replacing the cylinder. A simple piece of solid metal that sits over the bible & fills the void space in which it sits, meaning it has nowhere move would be one possibility. Sorry for the rant, I feel quite strongly about this.


No ethical lines have been crossed. The videographer is teaching us about security, and insecurity, and how to improve our security. The information is neither new nor secret; despite that fact, the vulnerability still exists, and it doesn't need to be that way. It was only with the knowledge of the existence of the above-mentioned tool (i.e.: the cap-popper) and technique, and with the objective of better security, that, years ago, I myself did the above-mentioned modification. The videographer is doing a great public service, and I hope that he keeps doing what he's doing, entertaining and educating his viewers and simultaneously helping them to improve their security.

OP, you need to re-think your prejudices.
<<

Patrick Star

User avatar

Familiar Face

Posts: 223

Joined: Sun Apr 10, 2016 9:40 pm

Location: Sweden

Post Fri Mar 03, 2017 4:12 pm

Re: WTF , we need integrity as a community

So, pardon me for asking, but who is the YouTuber in question? I've checked the usual suspects but not found anything recent that would be relevant.
In any case, the technique in question is already mentioned in public sources...
Next

Return to Lock Picking

Who is online

Users browsing this forum: CommonCrawl [Bot]

Don't forget to visit our sponsors for all of your lockpicking needs!
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Grop
"CA Black" theme designed by stsoftware