ALOA proves itself clueless.

If there was any doubt that ALOA was completely clueless about basic
security principles that doubt has been removed. ALOA has issued a press
release with regard to bumping, which they admit has been a flaw in lock
design for at least 75 years. The press release goes on to say that bumping,
which again they admit has been a lock vulnerability for at least 75 years,
was not a problem until whistle blowers exposed it. Now, ALOA claims it is a
problem not becuase of the lock industries fatally flawed lock designs, but
because the public was made aware of the vulnerability. The brain surgeons
at ALOA apparently feel that professional burglars, whom one would expect
might tend to devote a fair amount of their time figuring out how to break
into things simply failed to learn of this flaw in the 75 years that ALOA
claims it has existed. Of course they fail to provide any evidence
whatsoever to back this up and don't even bother to explain exactly how one
would know if a difficult to prove covert method of entry were a widespread
problem or not. I guess they didn't know about pick guns AKA snap guns which
exploit the same vulnerability either.
The well known and repected organization security.org had this to say about
ALOA's press release:
"ALOA clearly believes that "security through ignorance" should be the rule.
If nobody knows about a vulnerability, then it does not pose a threat.
Evidently, if we "kill the messenger" that will surely take care of the
problem!"
LOL It's hard to sum it up any more logically or succinctly than that.
The full security.org response (which rips the ALOA position to shreds) can
be found here:
formatting link

For a good laugh the ALOA press release can be found here:
formatting link

Reply to
Tim Mathews
Loading thread data ...
I have pondered whether joining such groups are worthwhile.
Their membership fees have gone up dramatically, their classes are too far away for me, and it would take a lifetime to become certified if I can only take 1 or 2 courses a year at west coast shows.
I have a L&K school diploma, on the job experience, and state consumer affairs registration card, so the next logical steps are getting a contractors license and better bonding insurance.
The question becomes, how much is the use of these groups moniker logo really worth, do any customers even care about it nowadays?
Reply to
Bogus
Bogus, You have to pass 3 exams to be certified.(Certified Registered Locksmith) 1-Mandantory elective plus 2-Electives of your choice....
I have one elective covered so far-another I missed passing by 5%.
But I am not all that satisfied with them. For one thing, I tried to order some educational materials to help me on the exam-back ordered for almost 7 months.
And now thanks to new bylaws, if I am not certified in three years-I am out-but maybe anyway. It means not a whole lot when I really think about it.I already have accounts with suppliers-Don't need help there. I already have good insurance-and one contract with a roadside provider-and working on a second....
Another money pit I don't think I need.
ALOA-What's that stand for??? 3/4 of the public have never heard of it.
I will be going to Lockmasters in December-May give up ALOA Alltogether.
Reply to
goma865
Quite apart from bumping, I think that many people realise that the standard pin tumbler cylinder is not 'foolproof' but is adequate for most securtty purposes. Around 50 years ago, ordinary wafer cylinders with 50 differs were considered OK for automobiles in UK and at that time a warded or two lever lock with 12 or so differs was considered adequate for house back doors in the likes of New Zealand.
So it does not seem surprising that 'budget' five pin deadlocks with perhaps 5,000 effective differs seem suitable today (admittedly augmented by alarm systems) and that in some cases such cylinders are masterkeyed across housing tracts. In such cylinders even when construction keys have been made inoperative, it is often possible to make a masterkey that will continue to operate the cylinders.
Where security is of concern, users can readily obtain suitable products that are pick, bump, drill resistant etc for a reasonable price and any decent locksmith can advise on and stock such products. It is not as if the discovery of 'bumping' has overnight invalidated all the locks in the world with no solution in sight.
Both improvement in mechanical lock design and electronics have enabled users to provide real security at a reasonable cost. Years ago I stayed in hotels in NY and Houston where room locks were virtually worn out (and hats off to the modestly priced New Orleans hotel that had Best locks). Now, hotels of all price ranges (even 'Youth Hostels") are using card locks.
Reply to
peterwn
thats why I never joined.. was at a regional weekend training thing put on by a local association, and one of the officers was asked that very question.. He WAS in the past a member, but quit it, and that was back in the 90's.. NOW with the 'gotta attend so many training things a year' REQUIREMENT, I was figuring it would cost me like 2-3 grand JUST to attend their mandated training in order to REMAIN a member. PLUS what the classes cover, its like pouring money down a bucket and throwing a match in after.. I will NEVER see some of those locks- in some cases the locksmith does NOT service them AT ALL. --Shiva--
Reply to
me
if you are going to call yourself a professional locksmith ? you should get certified. the test is not really that difficult. besides, when your state decides to license their locksmiths ? (and they will) you will probably need the certification. don't get me wrong, I also don't care for ALOA and have not renewed this year. the only time I ever hear from them is when they want dues. however, the certification test will be easier available and less expensive because of your ALOA membership.
my2¢
Reply to
Key
Actually I think it's more the opposite. Many people who use to think that are realizing that standard pin tumbler locks all too often really are the weakest link in the security chain and that they really are not adequate at all.
Around 50 years ago, ordinary wafer cylinders
Unfortunately they frequently aren't augmented by alarm systems.
and that in some cases such cylinders are
This is true but bumping is far quicker and easier than making an illicit master key.
Assuming the public knows they need them and assuming the locksmith who has already installed an insecure product is willing to go back and disclose that fact.
I would argue that it didn't invalidate anything to a greater extent than it was before. It merely educated a segment of the public to how little security they actually had.
Reply to
Tim Mathews
I personally could care less. It's pretty obvious from the ALOA reaction to bumping that it's the indusrty bottom line they care about not the consumer. Even that not withstanding if I, as a customer, were contemplating hiring you, or anyone else, I would be a lot more concerned about your bonding and insurance than whether you are a member of ALOA or any other organization. I would also be looking for general intelligence, openness, and reliability i.e. can the person communicate well, does he or she explain options and openly discuss pros and cons of particular solutions etc and do they show up when they say they will. If you are going to work for an established locksmith shop THEY may care but I seriously doubt that many of the consumers you will actually provide service to do.
Reply to
Tim Mathews
You know this is not really about lack of perfection in lock designs. No design will ever be perfect and virtually everyone recognizes that. However a lock that can be bumped open litterally in seconds with a bump key anyone with a file and one hand can make is too far from perfect for most people once they know about it. This is not about lack of perfection this is about known, not only flawed, but seriously flawed designs being marketed not for years but for decades to an often completely unsuspecting public. The shocking thing to most people isn't that the flaw exists. It's that the industry readily admits knowing about the flaw for, according to ALOA, at least 75 years and has done nothing. The flaw which permits bumping, snapping, etc was known almost from the beginning with pin tumbler locks. Had the problem been quietly fixed as soon as the industry became aware of it (or shortly after even) it would have been no harm no foul to most people. That didn't happen. Instead the industry went from 1000's of flawed locks to millions to 10's (or more) of millions. Because of that there are now so many flawed locks that there will be a plethora of them in use that respond to bumping for decades to come no matter what the industry now does. For it's part, based on ALOA's statement, the industry seems determined to continue playing ostrich for as long as it can hold it's breath.
Reply to
Tim Mathews
well, lets back up.. in MY end of the state and country.. it is SELDOM that a locksmith DOES install a lock onto a residence.. the builder for the most part does that.. Do they want our advice? NOPE.. THey can get a 'chinese knock off' of a knob, it has a key, it locks, and pay $5 for it-the builder is happy..
THEN the homeowner find out LATER just how badly he got screwed both with the locks AND the actual house.. I was called to rekey a fairly new $160k house in my area, the daughter just bought it, and daddy was helping her move in.. I met daddy and said I REALLY dont want to rekey this, because 3-6 months from now you will be replacing all the knobs anyway, so I suggest you go to XXX store, find you some Schlage locks that you like the finish of, and change them out RIGHT NOW.. save us both time..
the Locks in question were $4.95 RETAIL that the builder had installed..
--Shiva--
Reply to
me
but DO REMEMBER something.. you are harping at the WRONG party.. the 'industry' is NOT the locksmiths, but the MANUFACTURER.. they look at-1 its OK, and 2. whats it cost us and our profit? WE, the locksmiths are a very small voice, that cannot make a dent in what industry actually does.
--Shiva--
Reply to
me
Maybe not the new construction locks but you certainly get calls to rekey them or replace them. Do you explain bumping etc vulnerabilities to your customers at that time? If so bravo, I don't think the organization which represents you to the public i.e. ALOA would be very happy though. Their presss release made it clear that they don't think the public needs to know about such things. I wouldn't be surprised to see ALOA yank membership of somebody who doesn't follow their discredited security by obscurity model.
Reply to
Tim Mathews
This is really just a cop out. There are really two seperate industries: The manufacturers and the locksmithing trade. Locksmiths have known about the problem from day one. Locksmiths could have blown the whistle and widely educated the public on the fact that so many of the locks on the market are junk. Through trade organizations like ALOA locksmiths could have put tremendous pressure on manufacturers to make a product that provides at least a modicum of security. ALOA should frankly encourage it's members to find and widely publicize flaws in locks and run manufacturers of weak products out of business in the process. The manufacturer should be notified of the flaw, given a reasonable amount of time (weeks or a few months, not years or decades) to inform it's customers and either fix or put disclaimers on it's product and after that the flaw should be publicized as widely as possible. If ALOA did that then ALOA membership might actually mean something to consumers. What it should mean to consumers now is membership in an organization that covers up the lock industries failures at the consumers expense. Even today, what is ALOA doing? Bitching and whining not about the defects but about the fact that somebody had the nerve to expose them, and many people here do the same thing. The really sad thing is that the few locksmiths who openly demonstrate flaws to their customers are probably making a ton of money from the sale of better products, so the majority of locksmiths clinging to security by obscurity does nothing but cost them money and help the manufacturers cover up the known flaws in their crappy products.
Reply to
Tim Mathews
nope.. maybe once a month.. mostly they DIY..
Do you explain bumping etc vulnerabilities to your
oh well.. bye bye ALOA.. wasnt a member ANYWAY and had NO intentions of being-cant afford it..
--Shiva--
Reply to
me
yes? and so?? the manufacturers DO NOT CARE..they listen to the accountants..
The
IMO, ALOA is just a money hungry organization, and nothing more.. the alarm industry in my state, ALMOST got a state law passed making it ILLEGAL for ANYONE, other than a member of their organization to install, work on, rekey, and so on for ANY LOCK.. CARS were NOT exempt.. this made it illegal for a HOMEOWNER to replace his door knob on his own house.. Did ALOA care? nope..
funny, went to their web site.. it seems its 2 years? out of date on the public pages..
--Shiva--
Reply to
me
Not getting you wrong. There are three tests Like I posted previously, I have passed one test-I have two more to pass. Two years to do that. I call myself professional wether I am certified by ALOA or not.
I hear Ya.
goma
Reply to
goma865
. Locksmiths have known about the
I disagree and let me tell you why. There are billions of locks out there and publicizing methods to defeat them will cause those who can least afford to replace them with a higher security model the most grief.
Like I explained before there are alternatives that are difficult to compromise, and there is a big difference between a business that has only to down load a software fix to maintain security and folks that rely on a simple mechanical devise to secure their possessions. The more you blab about how easy it is to defeat something, the more likely it is that some one is going to try and take advantage of that knowledge.
The ethics of the situation is similar to doctors and pharmacists. They know how easy it is to kill someone with drugs, but they don't go around telling the public how to off old rich uncle Dave, and get away with it.
Reply to
Roger Shoaf
---snip the clueless statement---
you sure are clueless about this subject. I know there is no amount of explaining that will change your clueless mind, so <plonk>
Reply to
Key
This is starting to remind of that movie "Grumpy Old Men".
Tim does make a valid point from a CONSUMER PRESPECTIVE: it would be preferred for the manufacturers to do better with making some minor modifications to their products (better springs, length balanced drivers, random mushroom pins, etc) for a few pennies each lock.
Instead the mfgs resist change and evolution of their products and stick their heads in the sand. Worse, their major construction customers don't care because they are selling homes and commerical bldgs not just locks.
In this regard locksmiths are their consumers as well, and while we may enjoy some added business with upgrading locks, I'd hate to see organized criminals (business burglary gangs for example) take full advantage of this now public info for years to come.
As always you are entitled to differ; any alternative approaches to solving this problem that you care to offer, would be most welcome.
Reply to
Bogus
You know that pick resistant locks have been around for a long time, Joeseph Bramah patened his lock cylinder in 1784, but the market has used his and other clever pick resistant locks only in situations where ones skilled in seripticious entry would be likely to strike like vending machines or military secrets. As to pennys per lock, this is not really the case, a few thousands of an inch less in manufacturing always costs more than a few pennys.
Reply to
Roger Shoaf

Site Timeline

PolyTech Forum website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.