`Safe cracking' article and matt Blaze

The problem with blaze the knownothing nimrod is that he prints sensitive info and that he slanders the locksmithing profession in the process.

I have a question for mr. knowitall:: if safes are no good as you say what do you suggest instead? Plus if you guys are so smart why do computer virus keep happening. We wont be hold our breath waiting for your answer.

Joe thanks for the message. I sent mine too. Ed "Lockie" NYC Locksmith, Retired

Reply to
the_lockie
Loading thread data ...

If he knows nothing then how can he detail sensitive information?

He never said that.

I don't think Blaze works for MS.

Reply to
Putyourspamhere

Ed:

Now you are sinking down to the level of name calling like some kind of a child...

Compujter viruses keep happening because some of them are written so that they can adapt their code everytime they infect a new system... The majority of computer systems in the world that get attacked are home PCs that in turn infect other networks as users connect remotely to computers at work or school etc and transfer files...

Think of it this way, if you had a safe lock that could change its combination as you were manipulating it how long do you think it would take you to open it ???

Grow up...

The LOUDER you complain about Blaze and his work the more credible you make it...

If you don't feed it it will fade away and fall back into the cracks of the internet...

Evan, ~~formerly a maintenance man, now a college student with a 3.85 GPA

Reply to
Evan

Why dont you just quit talking about it Ed? I agree with you 100% but you are not snapping to the fact that when one billion or so people get together on this thing called cyberspace, information gets passed around. YOU CANT STOP IT!... If it wasn't for you posting it here then neither I nor about 1 billion other people over the course of the next 20 or 50 or even 100 years would have never known or know about it because these post here on alt.locksmithing are recorded forever and the more people that read them, the more they will show up toward the number one search result on Google. Wake up, you aren't in Kansas anymore. This new age is about information and if you don't want something to be known then you can't post links. The word will get out and you WILL NOT stop it.

With respect Glen

Reply to
Glen Cooper

Wrong. Computer viruses are so common because so much code is so patently insecure.

The majority of

Right and what are most of the home boxes running? Microslop the most insecure code around. You know how long it takes to bypass the XP login with a commonly avaiable microsoft product? About a minute.

You're right about that. He won't stop though.

Reply to
Putyourspamhere

Counter-argument: if _you_ guys are so smart, why do safes keep getting broken into? That either a safe OR a computer are impenetrable is a preposterous notion, the best one can do is greatly reduce the risk of the break-in occurring.

I personally don't use a safe in my home because I know that someone who _really_ does want to get in will do so, regardless of my efforts, and someone who doesn't care will be stopped by a simple lock on a filing cabinet. Anything of true value I have is kept elsewhere. That happens to be the right answer for my circumstance.

If I DID need a safe, I would be outraged to find out there are industry-known shortcomings and it were sold to me without those shortcomings being disclosed to me. After all, it would only take one person who left the industry to break into my safe using this knowledge.

Similarly, on a computer, if there are _known_ exploits, I would expect them to be fixed, not hidden. If I buy a product with specific, _known_ problems, then I expect to be informed of what these problems are.

The software industry has 'gotten it' in this regard... Microsoft and other large companies are starting to understand this mindset. Change is already happening, and people are already benefiting... very respectable considering how new the industry is. The physical security industry, despite countless break-ins, thefts, robberies, and other attacks, over hundreds of years, still hasn't figured it out. Why, indeed, do these attacks keep happening?

Reply to
Captain Roger

whine whine whine.. its OBVIOUS you NEVER priced a 'safe'

for instance..

formatting link
or
formatting link
or..

formatting link
formatting link
and that is just part 1, there is 2 MORE parts you need as well.

--Shiva--

Reply to
--Shiva--

On 1 Feb 2005 14:06:57 -0800, you wrote: sorry, forgot something

because PEOPLE ARE CHEAP... $$$ wise.. --Shiva--

Reply to
--Shiva--

The first and most obvious problem with your attempt at an argument is a. AFAIK there are no safe designers that have respoded to this thread or that even frequent this group. The "you guys" you are directing your comments to don't build or design the things in the first place.

b. define "keep getting broken into". What the hell in any meaningful sense does that mean? What's the ratio of successful safe burglaries to unsuccessful ones? Do you know?

That either a safe OR a computer are impenetrable is a

And the fewer burglars that have convenient access to the info the less chance there is of any given burglar breaking into a safe he runs across. It's pretty simple really. The manipulation info in Blaze's paper I could care less. Half the locks encoutered it isn't going to work anyway and the other half it's going to take way too long or far tax the skills of anybody who was too lazy to learn it one their own anyway. There isn't anything in Blaze's paper that will tell you how to drill or otherwise force your way into a given safe either.

That's an oversimplification. The average burglar with a crowbar can easily break in your simple filing cabinet. The same burglar with the same crowbar will be stopped cold by any real safe.

Anything of true value I have is kept elsewhere. That

What right do you have to be outraged? There's an established ratings system in common use. Why the hell would you buy a safe without knowing what you are buying???

After all, it would only take one

That's true of any safe so by your logic none of them are any good. You by contrast it seems would like to make it not just anyone who "left the industry" but anyone who can go to the library and read a book. Like I said in another post by your full openess and disclosure position the drill template should be correctly placed right on the front of the damn thing so that anybody who happens to break in your house can properly deal with it or at least take a decent shot, hell maybe with your own tools since they probably didn't bring the proper ones. Maybe when the windows XP login comes up detailed instructions should appear on how to bypass the password if you don't happen to have it. (It's easy).

No they haven't. If they did they would write secure code in the first place and make it open source. MS sues anyone who makes their code public.

Change

The people who benefit the most and the quickest are the script kiddies. People who update their software benefit when the patch comes out. People who don't update and those who use computers administered by people who don't update just suffer the consequences.

The physical security

The same reason computer break ins keep happening because no security is perfect and most people won't pay in price or convenience for anything close to the best they can get.

Reply to
Putyourspamhere

I think the point being made is that all safes appear to have drill points, and they don't vary from safe to safe. The same drill points will work for all instances of model X. The drill points are deliberately engineered into the design so that the safe can be opened in a reasonable time without destroying it.

I sincerely doubt that this information is given to any customers as part of the sales pitch. It's probably not given as part of the product delivery either.

At the very least, there should be options for safes that do NOT have known weak points. Yes, there are folks who would want to spend thousands of dollars (and days) on the opening of a stuck safe rather than have one that looks secure but can be drilled in 15 minutes. The fact that the sellers believe people will not spend the money is no excuse to deny them the option.

Most of the people who say that Microsoft products are secure are people with a vested interest in sale of the product. They are generally reviled as unethical because they pretend the product is secure when it is not, knowing the public does not want a really secure computer anyway and would not pay the extra cost of a more secure system.

Daniel

Reply to
dbs__usenet

Bingo.. and using your analogy, they ARE selling a 'defective' product in that the manufacturer is misleading the seller into believing that there IS no 'weaknesses' within the product, and then "time frame" later they admit that ther is a 'weakness' in such and such an area..and then issue a 'repair patch', thereby then sometimes introducing FURTHER weaknesses/openings into the system

AFAIK, there is NO 'secure computer system' available. UNLESS 2 things were to happen.

1 is that it is in NO WAY interacts with ANY OTHER computer, by or using floppy disks or CD's etc 2 no is no 'networked' connection, using modem or wireless type transmission of 'data' then, perhaps its 'safe'

--Shiva--

Reply to
--Shiva--

The problem with Blaze is that he doesnt post or publish shit frequently enough and doesnt seem to take any real delight in driving you secret squirrels nuts which limits the entertainment value.

Two f****ng nuts are as easy to ignore as one.

Reply to
SSA

There's a saying in the computer security business, that the only secure computer is one that's never been used.

In the computer world, there are secure computers that are in guarded rooms and have no outside access. They are on a secured (limited) network where all connected machines and network equipment is also controlled.

In the commercial world, we tell the customer why their system is not secure and help them avoid situations where they are exposed to risk. Unfortunately, one of the steps frequently suggested is that they use removable disks and store vital secret info in safes during off hours.

Sigh.

Daniel

Reply to
dbs__usenet

not REGULAR safes, we hope? they need to be modified..

--Shiva--

Reply to
--Shiva--

Darn, I've missed another gotcha? What kind of modifications are needed for security of sensitive data? I'm not talking off-site backup nor fire ratings, just security.

Daniel

Reply to
dbs__usenet

no, if ALL the data is 'pulled off the computer, you need to put it in a MEDIA approved container inside the box.. 125 degree top, and NO humidity container. they are advertised as such.

this box placed inside whatever you want for the 'burglar proof container' -the safe a 'regular fire rated' box will NOT save computer disks.. whether tapes or CD's or floppies. its the pits to lose all the business data due to a fire.

--Shiva--

Reply to
--Shiva--

And even then there are still 'trusted' users who may or may not be inclined to violate security if they can.

Why don't you suggest they use a secure encryption program and encrypt it?

Reply to
Putyourspamhere

Simple; without physically securing the system and network, you can not be sure that the encryption will not be compromised. Keystroke loggers, trojans, etc can bypass the best of encryption IF they can get there in the first place.

Daniel

Reply to
dbs__usenet

PolyTech Forum website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.