Full Disclosure mailing list archives
Re: Vulnerability Disclosure Debate
From: Aron Nimzovitch <crypto () clouddancer com>
Date: Fri, 8 Aug 2003 12:17:47 -0700 (PDT)
Date: Fri, 8 Aug 2003 10:33:31 -0700 (PDT) From: "Gary E. Miller" <gem () rellim com> Cc: full-disclosure () lists netsys com > http://www.mas-hamilton.com/x08.html > > Hehe, that is probably the same mechanical system that Feynman broke > over 50 years ago. Looks the same as what I once used and it is still > mechanical. Takes a couple of hours without any clues to the initial > number. Try reading the web page a bit before commenting on it. You will see Hi clueless, yup I read that. Guess you have NEVER used one and thus are TOTALLY unaware of "human-usability" modifications that reduce the security of all combo lock systems. It's known as 'slop' and familiar to anyone dialing these locks many times a day, in my case for 13 years. As someone noted eariler, "employees" are a hackers best friend. it LOOKS like the old style mechanism, but is really electronic. Only wires pass from the outside of the safe to the inside. No batteries, all the power comes from spinning the dial. Everything controlled with a little CPU. The numbers are not on the dial, they are displayed on a limited viewing angle LCD. Oh yes, the old "It's new, it MUST be better" thinking...bet you think that the more a product costs, the better security it provides too. Plus I see evidence of "it's on a webpage, everything must be true!" thinking, tsk-tsk. All number must be entered in 10 seconds, so no "day locking" like in Feynman's days. This is certainly not your fathers lock. 10 seconds was a lifetime to Feynmans fingers. Read the story of Feymans cracking, the full story, covers many pages. Learn all the failings of these systems and what happens to people that "Fully disclose" said failings. You'll find little has changed in the world in 50 years. Hmm, come to think of it, I remember the fun I had opening a secure area one day to retrive something, thanks for the memory. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Vulnerability Disclosure Debate, (continued)
- Re: Vulnerability Disclosure Debate Matthew Murphy (Aug 07)
- Re: Vulnerability Disclosure Debate Darren Bennett (Aug 07)
- Re: Vulnerability Disclosure Debate Matthew Murphy (Aug 07)
- RE: Vulnerability Disclosure Debate Jason Coombs (Aug 08)
- RE: Vulnerability Disclosure Debate Mike Fratto (Aug 08)
- RE: Vulnerability Disclosure Debate Jason Coombs (Aug 08)
- Re: Vulnerability Disclosure Debate Darren Bennett (Aug 07)
- Re: Vulnerability Disclosure Debate Matthew Murphy (Aug 07)
- Re: Vulnerability Disclosure Debate Valdis . Kletnieks (Aug 07)
- Re: Vulnerability Disclosure Debate Aron Nimzovitch (Aug 08)
- Re: Vulnerability Disclosure Debate Valdis . Kletnieks (Aug 08)
- Re: Vulnerability Disclosure Debate Aron Nimzovitch (Aug 08)
- Message not available
- Re: Vulnerability Disclosure Debate Aron Nimzovitch (Aug 08)
- Re: Re: Vulnerability Disclosure Debate Georgi Guninski (Aug 09)
- Re: [Security] [vendor-sec] Re: Re: Vulnerability Disclosure Debate Seth Arnold (Aug 11)