Lock Ownage

I watched a video from DefCon 18 on key attacks. Talking about phyiscal keys that open locks. Learned a whole lot in about an hour. Wish I was there in person. Took a couple pages worth of notes. Will record the highlights in the next few posts so I can keep this info around.

It might sound simple. But the best way to attack a lock is to get ahold of a key that works in it. If you possess the key, even for a short time, you can duplicate it in general. The key tells you all kinds of good stuff about the lock.

You can inspect the cuts made in the key. You can pretty much figure out the type of lock that it fits. Sometimes the actual model number of the lock is stamped on the key. You can measure the depth of the key cuts using tools such as a micrometer, a gauge, or caliper.

Information on locks is not hidden or made obscure. It is out there in the general public. Not too safe. Even the standard sizes of key cuts for all kinds of locks is freely available. Not good if you are truck to deter lock picks.

Anatomy of a Scam

I like to look at my spam folder in Gmail every once in a while. You never know what type of gems pop up in there. Today I found a scam email that rose the bar for letters from Nigeria. This time around, the story was that the FBI found that I was communicating with scamsters. The FBI negotiated on my behalf with some foreign country and has a settlement to pay me in the form of an ATM card. I just need to send in $250.00 total...

Here are the pieces of the email that I thought were getting better. They reference some specific units in the FBI. They also put the J. Edgar Hoover postal address in the email. And get this. They even make reference to the fact that there are some scammers out there that I may have lost money to! Precious.

Where do they continue to foul up? Well the email came from somewhere in France. Umm the FBI sends email from fbi.gov, right? They also want me to send my $250 to someone using their Gmail address. Once again, wrong domain. Gmail put all kinds of warnings around this email stating that it is most likely a ploy to steal my money.

Nice try guys. You are indeed stepping up your scamming skills. But you have not hit the home run yet. When will they ever learn?