more on eol Key Bumping

[David Farber <dave () farber net>]

Begin forwarded message:

From: Andrew Pam <xanni () glasswings com au>
Date: January 4, 2006 1:21:36 PM EST
To: David Farber <dave () farber net>
Subject: Re: [IP] Key Bumping

On Wed, Jan 04, 2006 at 11:19:47AM -0500, Dave Farber wrote:
> From: "Rabkin, Eric" <esrabkin () umich edu>
> Date: January 4, 2006 10:01:43 AM EST
> Subject: RE: [IP] Key Bumping
>
> Folks, I just found out about the "bumpkey" from
> http://www.toool.nl/bumpkey-alert.wmv.  Don't download that on a slow
> connection, but if you watch it you'll get a real feeling of  
> insecurity
> about expecting locks to protect your house.  Apparently (see, for
> example, http://www.toool.nl/index-eng.php), "bumping" is real and as
> soon as the idea spreads, houses may as well not have mechanical locks
> on them.  :(

That's an alarmist exaggeration.  See for example
http://connectmedia.waag.org/toool/whatthebump.wmv
(warning: 97 minute video!)

This is the video of "Bumping Revisited", a conference presentation
earlier this year in which bumping is explained and demonstrated, and
then new countermeasures from lock manufacturers are shown and  
discussed.

Executive summary:  Security by obscurity serves to prolong bad design
which the bad guys likely already know how to break.  Open lockpicking
has already lead to new improved lock designs.

Share and enjoy,
                Andrew
--
mailto:xanni () xanadu net                         Andrew Pam
http://www.xanadu.com.au/                       Chief Scientist, Xanadu
http://www.glasswings.com.au/                   Partner, Glass Wings
http://www.sericyb.com.au/                      Manager, Serious  
Cybernetics


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/