`Safe cracking' article and matt Blaze

Forwarded from the NYC-LOCKS list:

As many of you know Matt Blaze a professor at Pennsylvania University has published an article that reveals proprietary techniques of safe penetration. It was featured on well known hacker website recently, and it came to our attention on Saturday. It includes information normally reserved to the trade, for good reasons that need not be discussed here.

The article is available to the general public without any restrictions whatsoever. We as professionals in the security field are outraged and concerned with the damage that the spread of this sensitive information will cause to security and to our profession. We know many of you will be too.

There are steps being taken to deal with this through proper channels, but we need your help and support. We doubt that his university would appreciate their resources being used for this kind of activity, but they may not be aware of it or of the negative impact that his so called work has on our industry. With concern for homeland security so important, we belive that your voice will be heard.

The article in question is at [URL]

formatting link
[/URL].

Attempts to reason with Blaze have been a failure in the past, he is the same joker who wrote about Master Keyed locks in the "New York Times" last year.

Blaze's boss is Chairman Fernando Pereira. Email: snipped-for-privacy@CIS.UPENN.EDU His boss's boss is Dean Eduardo D. Glandt. Email: snipped-for-privacy@seas.upenn.edu The President of the University is Amy Gutman. Email: snipped-for-privacy@pobox.upenn.edu

These people need to hear from you. Tell them what you think polietly and firmly in your own words. Explain that you are a security professional and that your job is made harder by this sort of thing, and that security will suffer.

Also, very important. The article has photographs that may not belong to Blaze because they appear to be commercial. If anyone has information on the copyrights of any of these photos please let us know so we can let the copyright holders know how their property is being used possibly illegally and without their permission.

Forward this not as you see fit to others in the profession.

Thank you for your Attention. /////

Forwarded by Ed "Lockie" NYC Locksmith, Retired

Reply to
the_lockie
Loading thread data ...

that's some good material, and great pictures to accompany it. I sent a couple emails praising the high quality of his work. thanks for the link.

Reply to
fugi

there is your possible loophole.. find where he has 'endangered national security', cite the new laws he has broke and he will never see a trial, its not required under the Patriot act laws..they can just hold him forever.. no judge, jury involved. or especially LAWYERS, pleading his case..

--Shiva--

Reply to
--Shiva--

the free distribution of knowledge is essential to the development of the subject. don't think of yourself as a gatekeeper to the information that nobody but those in your circle have. it'll get you as far as the Maginot line got the French in WWII. those who only have a purely defensive stance will always fall to the offensive.

Reply to
fugi

just as I thought, you're definatly not in the physical security profession !

disagree.. Ethics is a word you should learn a little about.

Reply to
Key

what do you disagree with, the fact that the french fell to the germans? or the fact that they fell from fighting a defensive war?

Reply to
fugi

Welcome to the land of the real. What Blaze has written about in his paper is AFAIK deducible from the locks themselves and therefore cannot be described as "proprietary information". If there are some parts that are very sensitive, let's talk about these and how publication of these facts hurts the lock industry or puts people's security at risk. Most crooks use rather blunt techniques (angle grinders, drills, torches) to open safes, so where's the problem?

Hats off to Blaze, it's about time that some serious Comp Sci/algorithmic work was applied to determine how secure the locks are that most people take for granted. The lock industry and the public stand to benefit from this scrutiny of the product range.

G. Pulford

Reply to
gpulford

the public, is for the most part, not interested... EXCEPT, how many $$$ is it.. I can sell a KW, or I can sell a good lock, but why BOTHER selling the good lock, when you are mounting it on cardboard or less... its only as good as the weakest link, and at the MOMENT, house construction IS the weakest link... --Shiva--

Reply to
--Shiva--

I disagree with "a purely defensive stance will always fall to the offensive" as it applies to the subject.

do try and keep up

Reply to
Key

many instances in history disprove you. Infact, I'm not aware of a single event that will go along with your argument. then again a locksmith is like any other trade, I'll bet you have the education of a plumber or a construction worker. I guess I shouldn't expect much. carry on.

do try to keep up.

Reply to
fugi

I see nothing good or bad coming out of this matter concerning Matt Blaze.

This is the information age. This info is out there already. He condensed it into an easier to read format but really nothing said by him is new to locksmiths or anyone who has bothered to take a safe lock apart to see how it works. It's no big deal. Safes have been the same for a very long time. Nothing has really changed in decades. I don't agree with his ethics but that matter is not important in cyberspace.

To try to restrict this un-patanted info from the public domain is pointless because the internet and the modern world we live in is alot different than it was years ago when it was possible to control information like this. The old timers out there should realise that things once reguarded not too long ago as close lipped just aren't the same in this land of cyberspace where the whole world is connected at the touch of a keyboard.

It's pointless to try and control un-patanted secrets anymore. The people in the security industry need to open their eyes and do a better job at securing their trade secrets so people like Matt Blaze who have a little time on their hands don't open up a 40 or 50 year old book on safes, write a paper, and get us all upset that he's spilling trade secrets. We can do this by advancing cheap security items like the standard pin cylinder locks to use as an example into the 21st century and quit relying on the same system that has been around since Yale invented the thing over a hundred years ago. I think the Europeons are ahead of the US concerning this example because they use mostly lever locks which are more difficult to pick and dont cost an arm and a leg for the old lady on SSI.

As far as the cheap Kwikset lock compared to the high dollar Medeco comparision goes, that Kwikset can be improved to the point where it would be almost impossible to pick at an extra production cost of less than one dollar a lock which could easily be passed on to the customer. Remember a size 14 boot will kick in a door no matter what lock it has on it if the door isn't up to par and if the crook cant kick in the door then he'll go through a window or a hole in the roof.

The fact of the matter is the lock manufactuers, Ingersol Rand and Black and Decker being the two largest ones here in the states, dont want to spend a dollar or two more on their locks to improve them. They would rather put out pot metal junk that offers only a since of security. If the public in general only knew what I know, that being the fact that Kwikset and Titan locks are junk, the famous Schlage 'Maximam Security Deadbolt' is pot metal, Yale is no longer up to par, Sentry safes are worthless... If the public only knew the US lock market is having to compete with China junk to the point where they are afraid raising the cost of their Home Depot locks that the average consumer buys by a few dollars in order to increase the locks security may put them out of buisness because the comsumer doesn't know any better...

Reply to
Glen Cooper

No Fungi, we have the edumakation of a Locksmith, which in fact seems to attract snotty superior twits such as yourself, as you are obviously drawn to this lowly 'blue collar' newsgroup, because as usual, all you superior bookworm nerdy types wouldn't know how to change a light globe without having to do a Google search and an MIT study coarse on the subject, then you'd be too scared to climb up on the chair, ha ha. And mate, what's with this rubbish that you seem to think will impress on us, just how 'incredibly superior' you are to us poor lowly tradesmen.

"Anyone who becomes master of a city accustomed to freedom and does not destroy it may expect to be destroyed by it; for such a city may always justify rebellion in the name of liberty and its ancient institutions. -Niccolo Machiavelli"

PLEASE,............. My face burns with embarrassment for you. Someone, anyone, please ... give this guy a wedgie.

Reply to
Steve Paris

Steve , Well said! Thanks

Reply to
Keyman55

thats what Matt doesnt understand.. that and $$$ that the end user will pay..

--Shiva--

Reply to
--Shiva--

If that were a valid excuse you'd never sell a medeco. After all, the glass windows can be shattered.

As long as the lock industry (including locksmiths) continue to sell and service junk that can be wrenched open, pulled apart and otherwise easily defeated, the public will continue to buy it.

Case in point; My relatives thought there was no difference between a kwikset and any other lock until I pointed out the weaknesses. All have upgraded to better locks.

In short, you won't value a quality lock if all the experts hide the shortcomings of a cheap imitation.

Daniel

Reply to
dbs__usenet

fugi wrote: then again

You just blew yourself out of the water with that low shot you effete snob.

You're probably too stupid to understand that to become a master at any mechanical trade requires the same kind of intelligence, diagnostic abilities and inquisitive mind needed to become a professional in the fields of law or medicine. To say nothing of the business know-how and common sense needed to put everything on the line and open your own shop.

It's attitudes like your which prevent many a person who'd be excellent for and happy in a trade from starting out in it; because their parents say things like, "What intelligent girl would want to marry a plumber?" and, "You'll never make a good living fixing locks." Those attitudes may in part account for the undesirable number of yutzes at the lower eschelons of most trades, particularly in urban areas, where people who have to use their hands along with their brains get little respect from the yuppies.

I lurk here because when I was an MIT student nearly 50 years ago there wasn't a lock on campus we students couldn't get by without leaving a trace, and it didn't hurt our minds to learn about those kind of things. I like to keep learning.....

Jeff

Reply to
Jeff Wisnia

you're correct, I do not have a college education. however, I didn't need it. I have been in business and have 23+ years education/expierence in the Locksmith/Security field and have earned enough $$$'s to retire 6 years ago at the age of

its not me that needs to keep up..

"carry on"

Reply to
Key

fine... lets look at the DOOR and the FRAME.. A Medeco on a hollow core door is at BEST a joke, and at worst a sucker case.. (seen it done, btw) security is ONLY as good as the WEAK spot.. Medeco? sure.. a COMMERCIAL steel door AND frame.. on something other than sheet rock walls, and NO glass near by.. then add a burglar alarm system, you got security.. there is a business around me that has a Medeco.. master keyed etc.. and the district manager changes out the core as needed.. Security? on an OLD wood framed glass door?? not in a heart beat.. HOWEVER the burglar alarm inside has 3 sensors (3 different methods), and THATS the security.. the outside lock just stops the help from getting the key copied..

--Shiva--

Reply to
--Shiva--

That isn't quite how I got my start -- I arrived knowing some of the basics -- but it's where I first got intensive practice. Though you predate my stay at the 'tute considerably.

That's the real key to this trade -- and to MIT, for that matter. If you don't like learning and aren't willing to continue studying, you're sunk, or at least doomed to low income.

Reply to
Joe Kesselman (address as shown

PolyTech Forum website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.