Page 2 of 2

Re: WTF , we need integrity as a community

PostPosted: Fri Mar 03, 2017 10:14 am
by ratlock
Bosnian bill

Re: WTF , we need integrity as a community

PostPosted: Fri Mar 03, 2017 11:47 am
by madsamurai
Just found the video in question, and still don't have a problem with it... in fact I'd think of it as one more good example of why not to rely on box-store locks for home security. I'm trying to decide whether I'd consider this a "destructive" attack anyway, at least from the perspective of a locksmith -- the lock can still be reassembled and rekeyed and no actual damage was caused (relative to torquing or drilling which actually destroys the lock); however it certainly doesn't fit into the surreptitious category either since a break-in using this technique would be pretty obvious. Either way, this is, to me, a good example of a flaw that could (and should) be quite easily remedied by the manufacturers and is better brought to light, and is no different imho from showing how quickly these locks can be picked/raked.

Re: WTF , we need integrity as a community

PostPosted: Fri Mar 03, 2017 1:33 pm
by Patrick Star
Yeah, I found it... Wasn't really expecting it to be a product review since it's not mentioned in the original post. Really, blame (if any) should be with Brockhage, not whoever reviews their tool.

Re: WTF , we need integrity as a community

PostPosted: Fri Mar 03, 2017 7:14 pm
by WestCoastPicks
Toool also shows many of these bypass type things I don't think they have done destructive methods but they have done everything else.

Bosnian Bill has done a video on almost every type of destructive entry there is. He's drilled locks, punched them out hammered them open, cut the shackles off etc... He will show you exactly where to drill, where to cut, what tools to use and how long it takes. Some of his destructive entry videos are years old. I don't know why this is all of the sudden an issue.

Videos like this have existed for a LONG time, and they aren't going to stop because a few people don't like them. My suggestion is not to watch them if you are offended by them.

There is no membership, dues or list of members for this community. Much like any religion all you need to do is claim you are part of it and that's all it takes. There is no mechanism to dictate or enforce any rules, and if you were to try people would just laugh at you, or there would be a schizem much like in the hacker community.

You are a part of a community filled with all kinds of people. Some of them are convicted criminals, some are law enforcement. If that's something you'd rather not be a part of, you should distance yourself from it. It's not going to change.

As for if it's wrong or not, I think all information should be public knowledge. I think the amount of honest people viewing a video like that then going out and braking the law would be VERY low or even non existent. Criminals are always going to find their way around things, videos or not. Arming people with knowledge about the potential downfalls of security products will probably thwart more criminals than it will create.

Just an honest look at it from my point of view.

Re: WTF , we need integrity as a community

PostPosted: Sat Mar 04, 2017 3:21 pm
by escapenrv
BB got me started on a long path to learn about locks several years ago. I will always be greatful. I am just a hobbist and well beyond the age to even try to sell my services or to start using them to be a criminal. I have long had an interest in locks and as a kid took many apart to see how they were made. Most all were Master locks since that is all I had access to at the time.
After I retired and thought about a hobby that I could take to "The Home" with me some day, I thought locks would be small enough and not cost a lot for a few tools so I started to learn. I have learned a great deal from the kind, knowledgeable and sharing folks on this site. I have also learned from other web sites and interaction with other hobby people in TOOOL and Locksport meetings.
I continue to learn and answer questions about the hobby when asked. I try to help those who want to learn, even if they start with picking. I have taught some how repin common locks, make a key, impression a lock for a key and several bypass tricks that are widely known. My aim is to promote the hobby and advise people on what I think are good and bad locks so they can make better choices in their lives.
I have only met one or two "shady" types who seemed to just want to know how to get into a lock quickly. I avoid them at all costs.
In short, I love the hobby and those who are in it.
As far as the tool which is the subject of this post, I think it is a fast way to get into a couple of makes of locks but I would guess a brick or cordless drill would do about the same job if all one wanted was to get in.
The real skill is getting in without those crude tools and not have to ruin the lock.
There are many things on the web that can cause a lot of damage....thankfully most people don't even think about trying them but now we know some of the things that can be done.
Education is a powerful thing to have....as are some moral standards.

Steve

Re: WTF , we need integrity as a community

PostPosted: Sun Mar 05, 2017 12:25 am
by tumbl3r
Should this kind of info be kept private and confidential? I don't know. I do think this kind of destructive entry is fundamentally inelegant and uninteresting though.

Re: WTF , we need integrity as a community

PostPosted: Sun Mar 05, 2017 2:53 pm
by Logan
Sometimes videos like these lead to nice collaboration between manufacturers and our community for instance the Commando Lock Company actively sought us out to find the interesting ways we could come up with to defeat their locks a few years back.

Re: WTF , we need integrity as a community

PostPosted: Sun Mar 05, 2017 5:13 pm
by huxleypig
Logan wrote:Sometimes videos like these lead to nice collaboration between manufacturers and our community for instance the Commando Lock Company actively sought us out to find the interesting ways we could come up with to defeat their locks a few years back.


Commando Locks pulled a fast one then!! I'll bet they rewarded the individuals greatly for their hard work? No?

It is not up to the locksport community to do free R&D for lock makers. They've been siphoning off ideas and free research for many years now. If you want to do some free work then I have a bunch of it here.

I am not saying do not find vulnerabilities, just don't give them up for free.

Re: WTF , we need integrity as a community

PostPosted: Sun Mar 05, 2017 8:44 pm
by Logan
huxleypig wrote:
Logan wrote:Sometimes videos like these lead to nice collaboration between manufacturers and our community for instance the Commando Lock Company actively sought us out to find the interesting ways we could come up with to defeat their locks a few years back.


Commando Locks pulled a fast one then!! I'll bet they rewarded the individuals greatly for their hard work? No?

It is not up to the locksport community to do free R&D for lock makers. They've been siphoning off ideas and free research for many years now. If you want to do some free work then I have a bunch of it here.

I am not saying do not find vulnerabilities, just don't give them up for free.


I don't know I got a nice handful of free locks out of it, and didn't mind anyway. It's not like the info wouldn't wind up here eventually a google search away, they just cut out a few steps. It's not like those of us who helped out were forced at gunpoint, and like I said we got locks out of it. :pimpmofo:

Re: WTF , we need integrity as a community

PostPosted: Mon Mar 06, 2017 1:27 am
by WestCoastPicks
Logan wrote:
huxleypig wrote:
Logan wrote:Sometimes videos like these lead to nice collaboration between manufacturers and our community for instance the Commando Lock Company actively sought us out to find the interesting ways we could come up with to defeat their locks a few years back.


Commando Locks pulled a fast one then!! I'll bet they rewarded the individuals greatly for their hard work? No?

It is not up to the locksport community to do free R&D for lock makers. They've been siphoning off ideas and free research for many years now. If you want to do some free work then I have a bunch of it here.

I am not saying do not find vulnerabilities, just don't give them up for free.


I don't know I got a nice handful of free locks out of it, and didn't mind anyway. It's not like the info wouldn't wind up here eventually a google search away, they just cut out a few steps. It's not like those of us who helped out were forced at gunpoint, and like I said we got locks out of it. :pimpmofo:



Yeah Paclock did the same thing. They sent me a few locks to review on my channel. I was brutal and honest. They have since made changes to their cores based on my reviews and feedback from my subscribers.

I love the manufacturers that care enough to search for flaws. It's rare these days.

Re: WTF , we need integrity as a community

PostPosted: Tue Mar 07, 2017 10:53 pm
by huxleypig
WestCoastPicks wrote:
Logan wrote:
huxleypig wrote:
Logan wrote:Sometimes videos like these lead to nice collaboration between manufacturers and our community for instance the Commando Lock Company actively sought us out to find the interesting ways we could come up with to defeat their locks a few years back.


Commando Locks pulled a fast one then!! I'll bet they rewarded the individuals greatly for their hard work? No?

It is not up to the locksport community to do free R&D for lock makers. They've been siphoning off ideas and free research for many years now. If you want to do some free work then I have a bunch of it here.

I am not saying do not find vulnerabilities, just don't give them up for free.


I don't know I got a nice handful of free locks out of it, and didn't mind anyway. It's not like the info wouldn't wind up here eventually a google search away, they just cut out a few steps. It's not like those of us who helped out were forced at gunpoint, and like I said we got locks out of it. :pimpmofo:



Yeah Paclock did the same thing. They sent me a few locks to review on my channel. I was brutal and honest. They have since made changes to their cores based on my reviews and feedback from my subscribers.

I love the manufacturers that care enough to search for flaws. It's rare these days.


I agree that it is good that (some) manufacturers are willing to improve their locks. However, guys, you were given a handful of locks from a lock maker!!! It is like grass clippings from a gardener. The gave you (effectively) nothing but you gave them gold. You know they exist to make money? Your motivation is an honourable desire to 'make security better' but they don't give two fucks about that, not really. Their desire to improve their product is based solely on selling more (or avoiding embarrassment from a public exploit), so if they want to improve their commercial product then let them do their own expensive R&D. If they release a product that has been tested really badly before release then why should you fix that for them for free? I know people who have done this too and have since expressed regret that they got effectively nothing out of it, despite a lot of time and effort.

I don't get it, Is this how things happen in other industries? Do car makers get contacted by engine enthusiasts who test engine strain limits, or exhaust emissions and tell Ford how they might improve them? Even in the IT sec industry there are bug bounties.

If you discover something that the makers do not know about, and it is not on the internet, then by all means approach them but make them pay for it. Then you'll soon see how serious they really are about improving things.

Re: WTF , we need integrity as a community

PostPosted: Wed Mar 08, 2017 2:47 am
by femurat
huxleypig wrote:If you discover something that the makers do not know about, and it is not on the internet, then by all means approach them but make them pay for it. Then you'll soon see how serious they really are about improving things.


If they contact you to analyze their product they are more than serious about fixing it. Of course they will pay you.
If you contact them and offer your services they may be interested or not, depending on the production stage the product is. And they may be willing to pay you or not. A free lock is better than nothing. It's much better than a treat to take legal action against you if you public what you find.

Our "work" has a great value, but they must be willing to profit from it in order to pay us what we deserve.

Cheers :)