So where is your biometric key revocation?

December 20th, 2009

I was reading New Scientist (last weeks issue, 12/12/09), and I stumbled across a small but interesting story on page 7:

A Chinese woman used plastic surgery to fool a biometric fingerprint scanner. The appropriately named Lin Rong was arrested in Japan for being an illegal immigrant. Police report that she had swapped skin patches from her thumb and index finger to the opposite hand!

http://www.sott.net/articles/show/198634-Fake-fingerprint-Chinese-woman-fools-Japan-controls has a little more detail.

This made me think, as it does. The two most common things I do, as a locksmith, is fake a key (by picking the lock, decoding it, impressioning, etc.) and revoke a key (changing a lock, re-levering a pack, re-pinning a cylinder, etc.)

This woman revoked her biometric keys, in order to present a new set to the border controls, where they take a copy of the fingerprints of every foreigner that enters their country. This is done because you cannot revoke such biometric keys easily. And this is, as I have said before, the biggest issue with biometric security.

If she had simply used latex paint to do this, she would have been fine, and not required such surgery. But what if she had done that and used your fingerprint? There is no way you can then change your “keys” to a new set, meaning that when you go to Japan, you’d find access denied. This would baffle everyone, especially if, like me, you are a man! However, it would still require someone there with the ability to override the system, which there may not be. And, the first person to present your keys would have already long since left.

I’m pretty sure you would miss your connecting flight…

Posted in Jobs | No Comments »

Combination keysafes revisited

November 28th, 2009

Followers of this blog will probably recall our whitepaper on combination padlocks, and the mention of the mechanical keysafes available, especially the poor security of some of them.

Today I received another keysafe. This unit is branded Asec, and also some are branded Burton. At first glance, it looks like the high security Supra keysafe unit, but with a rounded base. Retailing for about half the price, this unit is clearly a direct copy, but made in China rather than the USA. The code setting is nearly the same, the code entry, opening and reset are the same, as is the rubber weather cover design. Even the mounting holes are exactly the same, barring one additional one.

All they left out was the security!

This cheap Chinese copy can be opened without a trace in seconds, with barely any practise. It is, almost unbelievably, easier to open than the Sterling keysafe, itself an insecure joke. And, should someone be inept enough to be unable to open it, they can fairly easily prise it from the wall, due to the 2 rawlplug fixings.

Please, save yourself a fortune in insurance rises and/or the nightmare of an insurance non-payout, and don’t buy this cheap copy keysafe.

Discreet Security *only* recommend and install the genuine Supra/GE keysafe range seen at http://www.keysafe.co.uk/ . Don’t be a fool.

Posted in Cheers & Jeers, Jobs, tips | No Comments »

Who says burglars don’t pick or bump locks?

November 14th, 2009

Here’s a report I found online, reporting on a 2-man crimewave using bumpkeys. Lasting over several years, the police had a very good idea who was behind it, and despite traiing them for 2 years theey never got them red-handed. However, when police eventually went to one of their houses, they found it packed with stolen goods! Bumping criminals caught in USA

Closer to home, I went last week to a church who had been targeted. The big old and impressive lock on the vestry door had been opened, and my investigation revealed it was picked with wires. A few hundred pounds in cash was taken. Hardly worth it – robbing a church? If there is a god, and a hell, then those criminals will really regret that choice!

We hope to prevent the need for divine retribution, though. The new security system, carefully designed and chosen to be in keeping with the very old and beautiful wood and stone, should keep anyone unauthorised out for a very long time.

Posted in Cheers & Jeers, Commentary, Crime, Jobs | No Comments »

Neat eBay scam I discovered

October 18th, 2009

Here’s a good scam!

Very nicely done, they only messed up in a few places.

Normally when you get a phishing attempt, from “ebay” or whoever, the fastest way to tell is to hover on the URL and see that it really links to “www.scammerhome.net”. This one avoids that, by using a cleverly crafted ebay “About me” page.

You can see it live at:

http://members.ebay.com/ws/eBayISAPI.dll?ViewUserPage&userid=Inssommia&JBR_W0QQitemZ26036QQssPage36QQssPageNameZWDVWQQrdZ1QQcmdViewItem&item=28011654654

DO NOT TYPE YOUR real DETAILS IN! Make something up. ;-) Take a look at the top bar of the browser page, and then do a ‘hard refresh’ (Ctrl-F5 in Firefox) and watch the slightly freaky way the page reloads.

It’s been very neatly done using a set of images and looking at the source, there is no javascript used at all!

The log-in (enter fake details) takes you to an ebay themed page, where they forgot to re-write the URL to ebay – it goes to http://plymouth.rtcubed.net/.download/secure/ which tries to get you to download some file with the name referenced in the email.

If anyone wants to take a look and report back what the payload is, I’d be interested.

(Bonus points for anyone who knows what the Google search you can still see was about!)

Tags: , , , , , ,
Posted in Crime, on-line | No Comments »

LockCon #2, at HAR

August 18th, 2009

Got back yesterday from a sort of Busman’s Holiday. We took 6 days off and visited a really brilliant technology and security festival, held every 4 years in The Netherlands. The event is called Hacking At Random, and, as the name suggests, involved a lot of people sat behind computers in a field! However, it wasn’t just hacking servers and sniffing traffic in the virtual worlds, it also included a large section on the physical world, including the latest developments with rapid prototyping, UAVs and, of course, locks. Not forgetting a free toasti with a free domain name and socially-engineered T-shirt!

For me, highlights included the talk about breaking the key control on the EVVA MCS, possibly the world’s most secure magnetic lock, for less than the cost of one of the locks, and the use of a rapid prototyping machine to create a physical plastic copy of the Dutch & German police handcuffs. (If you know what this means, you can get the STL file from http://ke.y.nu and then 3D print your own!)

I gave my talk on British lever locks, which was well received, and a Dutch locksmith did a short hands-on picking session to demonstrate just how insecure the local 4 lever locks are. Ray gave his lecture and hands-on about handcuffs, which is always very popular, whilst many others learned that the basic first level of home security, the 5 pin cylinder lock, was, for the cheaper locks, not very secure at all.

Most mind-blowing, however, was the impressioning championship won by Jos. Impressioning is the art of making a key to an unknown lock. This is tricky but once you know how, do-able. It took me 63 minutes, and only half the competitors finished within the hour time limit. The winner, however, came in with a time of just 87 seconds! Put into context, that’s about 12.5 seconds per cut depth! To put it another way, once set up, I take about half that time to copy a key on my key machine, whilst Jos was using a hand file and did not know the key cuts, only the lock. You can see the video at BlackBag.

So, a great time was had by all. There were also some private learning sessions, covering various things, which I will not be mentioning here. But if you gave them, thanks! We all learned a lot.

Tags: , , , ,
Posted in Cheers & Jeers, Commentary, HAR, on-line | No Comments »

The hazards of living in the countryside

August 8th, 2009

Here’s an interesting job. Called to open a door in the countryside south of Tenbury Wells, with lost keys. I tried picking it, and nothing. No movement, nothing’s working. I finally get the door open without damage, open the lock case, and see this.

Packed full of... stuff

Packed full of... stuff

A family of wasps had built a home inside it, out of clay!

Posted in Jobs | 3 Comments »

Heavy duty doors require heavy duty hardware

August 1st, 2009

A recent job took rather longer than might be expected from the task – “Fit a door closer”. However, due to careful pre-planning and two site visits, the actual installation went well.

The door that required a closer mechanism, to firmly lock the door for security, but also to reduce the thunderous impact of the extremely heavy, 300+ year old oak, was also rather large. Drilling the fixing holes was a careful and long operation, with drill bit clearance required every few centimetres, and lifting the door to work on the hinges required a jack more often used for off-road vehicles!

The selected high quality LCN door closers are used in top end applications due to the high resistance to wear, good duty cycle, longevity and leak resistance (a feature often overlooked on cheaper hydraulic closers) as well as the obvious need for firm and controlled latching.

Work is not quite yet finished, however. The wear showing on the hinges has dropped the door a few critical millimetres over many, many years, and so the hinges will have to be shimmed with specially made washers. Sadly, typical off-the-shelf hinge packers are rather smaller than the 32mm O.D., 22mm I.D. required, so some lathe time is still required.

Even without these additions, however, the door still closes perfectly, regardless of opening angle, while the backcheck feature prevents the door or wall of this Grade 1 listed building being damaged.

Tags: , ,
Posted in Jobs | No Comments »

A new threat rises, in the (near) East

June 25th, 2009

According to this week’s New Scientist, there is a new threat to our credit cards from Russia, which the banks and everyone else totally overlooked. Yet it is obvious, even without hindsight.

The why is obvious – millions of dollars there for the taking.

The how is very neat – a card is used to extract a printout of the other cards used, and their PINs, and it even encrypts the info so that the boss doesn’t have to get his hands dirty, and the foot soldier can’t steal the info for himself. Perhaps the funniest element is the fact there was also a way to have the cash machine eject the cash cassette! Surely anyone with a brain would see that as an obvious issue?

Windows is known to have many hundreds of thousands of viri, malware and trojan bits of software installed on the millions of machines in use, so how come did no-one at the banks think about how it might be an issue to use an ATM based on Windows?

These scams show that not only were most banks useless at their expert field of not going bankrupt, but they also messed up badly when working outside their chosen specialist subjects.

You can read the article in full here (though in a few weeks it will be subscribers only for the full article.)

Tags: ,
Posted in Crime, Whoops!, on-line | No Comments »

So you want to be a locksmith?

June 12th, 2009

If it was as easy as pay a few hundred pounds, take a short training course and earn more money than a doctor, then doctors would be doing [locksmithing]! 1

Martin Pink, Rapid Locksmiths, Nottingham

The state of the locksmith industry is a poor one. Training houses are churning out hundreds, perhaps thousands, of new “locksmiths” every week. There are now estimated to be over 100 locksmith trainers in the UK 2, so you have to wonder where all those locksmiths are setting up, and where the mythical £1000+ a week is meant to be coming from.

If you are redundant, or leaving the forces, don’t bother becoming a locksmith. Even the best are struggling, and the phone books are full of those advertising for the small section of the market that is lock-out work.

Even if you are the best, will you afford the pages of advertising bought by the national franchises, who churn through half-trained locksmiths, paying them the few pounds they desperately need, before they go bust, whilst feathering their nests?

Or to compete against these same desperate folks when they offer to do a job cutting out the national for £5 over cost? Perhaps most tricky, is will you have the balls of steel required to stand there and tell a customer that the job you quoted at £40 will now be £250 because it was hard, or because you broke their lock, or because you have them over a barrel, because it is dark and cold and wet,  or because you have to make the mortgage payment – and this was your only job this week?? – because you only did 15 hours of training before setting up?

Do some research before you start up, and you will find that (if you are in the UK) there are already many well-established outfits struggling, and time-served locksmiths leaving the profession to make more money as plumbers and joiners.

There are also plenty who did a two day course, failed to get even one job from it, and then… set themselves up as trainers! You can imagine the quality of the course, cadged from an already short course, then regurgitated to those who know no better. It’s one way of making the course pay for itself. Often, it’s the only way.

Be careful out there.

(And the same goes for those needing a locksmith as wanting to be a locksmith!)

1http://www.keyzine.co.uk/OnlineNews/May09-1/8PagesTraining.pdf
2 – A look at Google’s adverts reveals 12 companies paying for you just to click their advert as at 12th June 2009. The actual search results contain dozens more.

Tags: , , ,
Posted in Commentary, Jobs | No Comments »

uPVC repair systems – don’t be mis-sold a new door!

April 25th, 2009

Discreet Security now has both the skills and equipment to repair all your uPVC “plastic” doors and windows, from failed or jamming locks and locking strips, right through re-glazing a failed unit, to repairing both structural and cosmetic damage to both white and wood-effect PVCu windows and doors.

Repairing a frame made of unplasticised PolyVinylChloride, which is the “white plastic” door and window (and, increasingly, barge boards, soffits, fascias and gable ends) seen on many houses build or remodelled in the last 30 or so years, is now possible, with repairs from just £50 for minor repairs, up to around £200 for major work*. While £200 might sound like a lot, it is still less than half the cost of replacing the entire door!

The Konig repairs system is ideal for the repair of crowbar damage, drill holes, even large cracks and the sometimes brutal holes left by the un-sophisticated 2-day course locksmiths. Rather than being forced to buy an entire new uPVC unit, you could get it repaired by us for rather less. And the results are, in skilled hands, mind-blowing, with even large damages flawlessly repaired.

Repairs are also possible to the “woodgrain” finished PVC systems, those that look like wood but are uPVC underneath. Damage to these normally shows through the skin to reveal the white material underneath. Again in skilled hands the results are amazing, with the repair visible only under the closest scrutiny.

*The most extreme example we have seen was a double door that was hit by a reversing builders lorry, which shattered the entire base and both doors. This was fully repaired and the glazed units replaced, for around £500. The replacement costs for these newly fitted units in the brand new house were over £2000!

Tags: , , , , ,
Posted in tips, tools | No Comments »

« Older Entries
Newer Entries »