Ad: Manage updates with the Download App
ie8 fix

locks

Duplicating keys from a photograph

Nowadays you don't need a locksmith or even lock-picking tools to get past a locked door without a key--you can do it using software, a photograph of the key, and a key-cutting machine.

Researchers from the University of California at San Diego have developed software called "Sneakey" that enables anyone to make duplicates of keys without needing a sample key.

At the Association for Computing Machinery's Conference on Computer and Communications Security three weeks ago, the researchers demonstrated the system using photographs from Flickr and photos taken as far away as 200 feet using a high-powered … Read more

Ssshhh!

The ultimate freeware encryption program, TrueCrypt is loaded with powerful features for anyone who is concerned with protecting their data from thievery.

It offers 11 algorithms for encrypting your private files in a password-protected volume, with full support for Snow Leopard. You can store your encrypted data in files (containers) or partitions (devices). TrueCrypt works hard to offer powerful data protection, recommending complex passwords, explaining the benefits of hidden volumes, and erasing telltale signs of the encryption process, including mouse movements and keystrokes. Though the interface may not be immediately intuitive, its powerful, on-the-fly, no-cost encryption still earns the freeware … Read more

Exploding bike lock: Interesting concept, questionable execution

As an avid cyclist, my biggest concern about riding my bike in New York City isn't king-size potholes, wayward pedestrians, or even the hordes of aggressive cabbies itching to smash me into gray matter, but rather the constant fear of getting my bike stolen. I've been a victim of bike theft in the past, and it literally feels like the loss of a limb (not good), so I'm constantly researching new ways to deter thieves from snatching up my precious Surly Cross-Check. Whether it's making my bike ugly with stickers or carrying around extra locks in my bag, there's only so much you can do, because if a thief wants what you got, they're gonna get it no matter what.

Michael Lambourn gives cyclists one more bullet in the barrel with his SmartLock design. It's a cable lock with colored liquid inside that explodes everywhere if the lock is cut. It's a clever idea, and one almost certainly hatched after a freak skunk accident, and I applaud Michael Lambourn for making an effort to make cycling safer for paranoid city dwellers like myself. The goal is to achieve peace of mind while your bike is locked up, and the SmartLock is definitely a step in the right direction. If this product is successful and helps get people out of their cars and onto the bike, then I'll get behind it 100 percent. I just have a few critiques to make in the meantime.… Read more

Fast fixes for three Windows irritations

I got a kick out of the recent headlines stating that Microsoft wants to make the next version of Windows less annoying than Vista. Talk about setting the bar low!

Most of the things that bug me about Windows are easy to fix--the lack of a Run option on Vista's Start menu is an example. To put Run back on the menu, right click the Start button, choose Properties, click Customize under the Start Menu tab, scroll to and check "Run command," and click OK twice.

Here are three other Windows irritations that I finally got around … Read more

High insecurity at LockCon

Once again I made the annual trek to a little town in the northern Netherlands, Sneek, to meet with about 75 colleagues to discuss the latest security issues and bypass techniques for locks, safes, and access control systems. LockCon, the new name for "The Dutch Open" is organized by Barry Wels and Han Fey. For the past six years, they have put together a three-day event, replete with lock picking contests, safe cracking demonstrations, and briefings on new security technologies.

More importantly, the conference provides a forum for serious discussions and presentations about design flaws in security hardware, … Read more

A bill of rights for cloud computing

Cloud computing promises to liberate its adherents from the bother of messy implementations of software, while also freeing them from the constraints of hardware capacity. At the same time, however, cloud computing has the potential to deliver the ultimate in vendor lock-in.

My colleague, James Urquhart, has put together a proposed "cloud computing bill of rights" to help guide would-be cloud customers to those clouds best able to guarantee their freedom. Just as some are now clamoring for open-data commitments, James' suggestions are intended to deliver the value of the cloud without the lock-in:

No vendor shall, in … Read more

Lock picking with a credit card, a photocopier, and some luck

LAS VEGAS--Don't have special lock-picking skills or equipment but want to pick a high-security lock?

A security researcher explained at the Defcon hacker conference here how to make a fake key out of a credit card that can open certain types of Medeco M3 locks used in the White House, Pentagon, and high-security areas around the world.

You need to make a picture of a legitimate key to have an image to transpose onto the plastic, which means an insider or someone with access to the key would need to cooperate, said Marc Weber Tobias, a lawyer who has … Read more

Alfresco opens up SharePoint to Java, Linux, Oracle, and more

As an employee of Alfresco, I'm somewhat biased in reporting that Alfresco yesterday announced full SharePoint integration with the Alfresco 3.0 Labs release. Even so, I think it's highly significant precisely because of what it says about the importance of Microsoft's continued battles with the European Union over proprietary protocols.

Most that reported on the release missed this. OStatic, however, got it dead on:

As part of complying with the EU's demands, the company has released the specifications for the Microsoft Office interfaces, and now we're seeing some of the benefits spill over into open source. Alfresco, which makes open source enterprise content management (ECM) software, has added SharePoint interoperability....This looks like a good move from Alfresco and lets hope the EU's two-fisted stance toward Microsoft results in more of this kind of sharing.

Bingo, and bravo to Microsoft, whatever its intentions and pressures that resulted in opening up the SharePoint protocol. The net result is a huge win for customers. Why?

Well, for the first time enterprises can get the benefits of SharePoint-esque functionality and interoperability without having to adopt Microsoft technologies wholesale. This is the other big news in Alfresco's release, also mostly missed by the media. CMS Watch, however, nailed this aspect of the release, and points to the critical importance of getting out of the SharePoint thicket that Forrester criticizes before SharePoint and Office merge at the next release:… Read more

The ethics of lock picking and telling

In 2004, a video circulated on the Internet showing how a standard Bic pen could be used to open the U-shaped Kryptonite bike lock. The company recalled the locks, replaced newer purchases, and changed the design for new locks. Problem solved, right?

Not exactly. Despite the fact that the problem had been revealed 12 years earlier in a British bike magazine, Kryptonite had continued to sell the locks unchanged. Angry customers filed a class action lawsuit that was settled in 2005, with Kryptonite offering to replace all affected locks or provide vouchers, and compensate people whose bicycles were stolen as a result of the lock being picked.

"If you don't make the problems public, the companies don't fix them and the consumers buy shoddy stuff," said Bruce Schneier, chief security technology officer at BT.

There's been plenty written about breaking into the virtual locks that safeguard sensitive data on the Web. But the picking of real-world physical locks is becoming an increasingly popular pastime for some. Enthusiasts have formed sporting clubs and hold regular competitions. Security researchers write books about how locks can be broken into and show how it's done on blogs and videos and at security conferences.

Naturally, lock manufacturers aren't happy. They argue that publicizing the vulnerabilities causes people to panic unnecessarily and puts the public at risk by giving criminals information they can use to break door locks, safes, and other secured assets.

But, just like third-party disclosure of vulnerabilities in software forces manufacturers to acknowledge security holes and patch them quickly, lock manufacturers will find they can't escape the scrutiny and will have to be held accountable for their products, experts say. … Read more

Column: Finally, ID fraud protection that works

Jay Foley, co-founder of the Identity Theft Resource Center, told me recently that 57 percent of all identity fraud involves opening new accounts "for short-term gain." The ITRC should know: it has been surveying ID fraud victims for several years and has amassed some impressive real-world statistics.

Foley also said 13 percent of the identity theft victims found out about the attacks only after criminals had established utility or cable service in their names. "So your credit record is more theirs than yours, making it harder to fight them in court," he said.

Clearly the best … Read more