Sadly, the company van died on Tuesday, blowing a water hose and emptying the radiator all over the road. Currently, service is pretty much unaffected, however, although on-site key cutting is not practical at this time, and any full strip uPVC replacements or door repairs will be slightly limited.
Parts are on order, and normal service should be resumed next Tuesday.
In the meantime, please don’t hesitate to call.
A collegue tells me that in his area, one large series of adverts in one of the big phone books by one national advertiser actually has many small adverts, all with local addresses, all across the area. They are desperate to look like a local company, and, to be fair, if they are prepared to open an office in every town to get an address, then fine.
Unfortunately, it turns out that the addresses being given are in fact not genuine. One turned out to be a derilict garage, whilst another, perhaps more worryingly, turned out to be a lady’s home, who said she had no knowledge of the advertiser and certainly hadn’t given permission.
Rest assured that this company has full permission and authority for both the addresses we use!
A site I frequent, Lockpicking101.com, recently had a small competition, wherein one member challenged the rest to find out his first name, for prizes based on the time it took. He doesn’t use his firstname, and goes by his second name at all times, even on legal stuff.
So a lot of people started trawlling through the 1500+ posts he had made on the board, and the like. However, the challenge post included his place of work. But you could hardly just call him up and ask him his first name, though, could you? The challenge was only 2 hours old, and he’d never fall for that.
You could. Listen to this.
This is a bit of a social comment. When I am out doing work for councils and companies, I get to go to some really charming places. Others are not so charming. Others, well, they leave you scratching your head.
This street in Manchester is typical of a number that I see when doing my job. It’s Leven street, M40 9DG, and I spent a good half hour talking to one of the few remaining residents.
This used to be a good area, with strong social ties, but, with the rumours of redevelopment and the council pushing drug addicted and anti-social persons into the area, those who could started to leave.
It has in fact been 12 years since the first of these houses were boarded up. The remaining residents have campaigned, written letters, been to meetings, and tried almost every avenue open to them. Sadly, nothing has been done. Due to lack of heating and roof repairs, the remaining residents face damp problems coming through the walls, as well as social isolation and rising crime.
These houses, perfectly nice terraced houses, probably worth at least £40K each even in their current state, have just been abandoned, along with those who still live with them.
This seems to me to be an ideal case for an organisation like Shelter to lobby, and see what can be done towards getting these houses re-opened for lives and life, at a time when so many are in hostels, and affordable housing seems to be out of the reach of so many.
Almost every time I go to Blackpool, Thornton, even Morecambe, I am amazed by the effect the sea salt has on the locks in the area. Even relatively new locks on high use doors are frequently worn out due to the corrosive effect of the sand and salt driven into every crevice by the often biting sea breeze. Preston locks don’t have this issue with jamming due to sand.
So, how can we protect our locks? Firstly, *don’t* use WD-40, especially if you have a wooden door. Penetrating oils are great at freeing things up, but they either leave a sticky residue that leads to clogging as sand, spiders and leaves get stuck in there, or they flush away all the grease that was still protecting the lock internals, especially the bearing surfaces.
Cast zinc and brass are both very good materials for resisting wear, as they are slightly self-lubricating. Steel, as we all know, rusts. For this reason, you rarely see much bare steel, with paints and zinc coatings being used to protect it. Normally, this lasts for years. In a salty environ, however, the salt reacts with the zinc, and forms a white oxide powder, which is called “blooming”. Alone, this still protects the metalunderneath, but, on a moving part, the oxide gets worn away rapidly, and the process happens again and again, until there is no metal left!
Lock curtains wear out in short time, and you start to need to jiggle the keys to get the lock to open. Pins and levers jam a little, and more jiggling is needed.
Tune in next time, for how to protect your locks from rust and decay!
http://www.peterborough.gov.uk/page-4620
From August 19th 2005:
—
—
A “self-employed” locksmith who steals from the benefits agency? I know I wouldn’t want him round my house, drilling my locks. Yes, times are hard as a UK locksmith, but fraud? Perhaps worst of all, there is nothing, no law or regulation, that stops this criminal from trading as a locksmith! He wouldn’t be allowed to watch the sweeties in your local supermarket as a security guard now, but he can freely break into homes for money?!? The Institute of Certified Locksmiths (of which I am a full member) carries out background checks, and lobbies for regulation of locksmiths across the UK.
Write to your MP!
Bad customer service seems, more and more, to be the norm. We at Lancashire Locksmiths / Discreet Security Solutions find this very sad, and we try our best to be there on time, or as fast as possible. Sometimes, we are late or slower than we would like due to traffic or other difficulties, but we always do our best. Once we are on site, we do what we do as fast as we can, and, generally, we leave the customer happy at the combination of low price and high service they get. Being friendly and polite helps.
When you call us out to gain entry, you will, most times, be speaking to the locksmith immediately (me), or within a few seconds, at least 90% of the time. If I’m busy, then you will get called back, or a useful message or an appointment made, there and then. And we won’t mess you about or give you costs that seem low because I don’t mention the costs of the hardware, or the VAT (or even both!) I’ll give you a fair price, and, almost all the time, that will be exactly what you pay.
It is swings and roundabouts, because for every job that takes only 5 minutes on site, there is another that will take far longer. In the end, it really does depend on the lock, rather than the locksmith! But I won’t sting you if it takes me longer than I thought it would, because you are paying for my skill. Hopefully, you won’t take it badly if I open your door in a few minutes, for the same reason, you are paying for my skill.
All jobs, all work, should be done with pride and skill, and, perhaps sadly, I do have an eye for perfection, so sometimes things take a little longer. But I feel it is worth it in the long run, and feedback from customers? They feel the same way. Which is part of why we get repeat business (of the good kind!) and work via positive word of mouth. And nothing feels nicer than that.
Well, yet again, we see spam coming in on a weekly basis, asking us to “Clcik here, and verify your online bank details” and other humorously low grade spoof attempts. A lot of this is for banks, as well as the usual PayPal and eBay stuff.
Today, we got a phonecall, purporting to be from the bank. So how do you tell? Your bank phones you, asks you to go through the security questions, and since they ask them, and they haven’t given you anything beyond “it’s a personal banking matter” you have no idea if it really is the bank. So, try asking them anything at all, and they say “Sorry, until you have gone through the security questions, we can’t tell you that.” We tried to get a reference number off them, so we could call them back, and were told “Not until you have been through security”!
Imagine our lack of suprise when the number they gave us to call didn’t tally with anything on Google search, and when called, it simply said “Thank-you for calling Card Services” and giving us another phone number to call!
So, was this a cunning scammer? No, amazingly enough, it wasn’t. It was actually the bank calling to confirm our contact telephone number. Which surely they did, when they were passed to the person they requested by name?
Not all companies are this stupidly insecure through too much security. Two days ago, I challenged a caller in the same way. His inspired response was to say “The last two digits of xyz added together are nn” which is a hash function which is non-reversible, and gives away nothing unless you hold the shared key and the secret numbers. Since this was correct, the odds of a correct guess was pretty small. Not tiny, but about 1 in 12. (Should I do the maths? 19 possible answers from 0 to 18, and the most likely ones being at best 9 in 91, and the worst being 1 in 91) For the purposes of the call, that was enough.
The best example of this one-way hash is the credit card companies. They sat for a long time, trying to find ways to avoid data protection issues, whilst still ensuring that the high levels of card fraud were reduced. They came up with a few different ideas, to solve different parts of the issue. To prevent electronically skimmed cards from being used without the card being present, they started using the “security number” on the back of the card, which isn’t recorded in the strip or the chip. As far as I know this is simply a reference for the card print run, but it does the job. Guessing it right would be 1 in 1000.
That wasn’t enough, though, since a stolen card being used via internet or phone would still work. So they decided they wanted address details. Uh oh! That’s an issue! Despite the merchant having the address, and the card company having it too, there was room for an attack by a corrupt merchant, or a cracker, who could simply try many, many card details until getting the address, or trying many addresses until getting the card number, or whatever.
The solution they came up with was to use only a part of the postcode and address. The number parts. This keeps it compatible with existing card terminals (as they already have numbers!) and, it is a one way hash. From the letters, you could determine where someone lived, and that would be bad. From the number part, however, you still have a good set of odds against a guess, and it is totally non-reversible. The entry 35, 2 cannot find a person, as they could be in any one of hundreds of major postcode areas, and hundreds of thousands of streets. Problem solved.
Large and small companies need to think a little about these issues. It is all well and good telling us to never respond to unexpected emails asking for details, but unexpected phone calls are surely just as big a worry today, as VoiP allows international calls for pennies, and voice recognition software can carry out basic phone conversations. It wouldn’t take much for a system to be built to specifically target this area, to socially engineer important data from targets by phone, without a human presence. This needs to be looked at now, not later.
With the rather amusing title How Jews celebrate christmas, LadyADA announced to the world her latest creation. It is a simple and cheap automatic radio frequency jammer.
For not very much money, this pocket sized device will knock out cellphone calls and GPS within a 10 to 30 metre radius of itself. This has some important conotations, from avoiding parking tickets and police pursuit, to the disabling of wireless video cameras and alarm systems.
Unlike like most systems, you see, this one automatically tunes to jam anything in range within milliseconds. So it doesn’t have to use a high power transmitter broadcasting all the time across a whole range of the radio spectrum, and it can work unattended. Ideal for stopping un-democratic “voting computers” that offer no proof that you pressed a button, let alone that your vote was actually counted any place. Also ideal for jamming wireless video cameras in public places, or, less civic-mindedly, private places.
Note that a wireless burglar alarm would simply sound forever, as this would keep track of the frequency hops it carried out to try to avoid the interference, and wipe it out, triggering a tamper alarm. Of course, with nothing visible, it would be silenced by law after the neighbours complained, leaving the clever criminal free to enter.
A more positive use would be a way to track down bugs in a security sweep. If the PLL locked to anything, it’s a transmitter, and those formerly listening in wouldn’t know to cut and run, or even turn off the transmitter, as it would be effectively jammed until it was located. Covert cameras could then be used to ensure that when the bug was retrieved, those monitoring would be caught in the act.
Like all technology, this has both a light and dark side.
(Click to zoom)
Why do we have Chip & Pin?
Tuesday, July 24th, 2007If like me you have fun trying to recall the seventeen different PIN numbers you have, and so now only use a single card for everything, while the others gather dust and interest charges, you might like to know one of the reasons why signature verification was phased out for most things.
I’m not going to pretend that the UK didn’t have far more motivated signature checkers than the US guys encountered by our new hero, but it was still pretty poor.
http://www.zug.com/pranks/credit/index.html gives a humorous reminder of what you could get up to, before V day 2005. Meanwhile, http://www.zug.com/pranks/credit_card/index.html is simply mind-blowing!
Posted in Commentary, Crime | No Comments »