I also did an interview on forensic locksmithing for The Forensic Examiner magazine. It should be published sometime in 2013; I'll try to get a copy on the site once it is available.
]]>The next event I'm planning on being at is LockCon 2011 in October. I'll be a giving another talk this year; more details should be announced on Blackbag soon. As always, past and future conference info is available on the events page.
More articles for the site and a full site redesign are in the works, so stay tuned!
]]>In other news, I am working on planning out my 2011 events, most of which will be listed on the events page when the details get sorted out. So far, I'm looking forward to LayerOne and AUSCert to start this year's events.
]]>On top of all this my team won the first ever Tamper Evident contest. In this contest teams are given a box sealed with a variety of tamper evident technologies, such as tamper evident tape, stickers, mechanical seals, bags, and folders. Many of these seals are not meant to withstand force, only show evidence of being tampered with. Some were also marketed as "tamper proof", something many teams disproved, of course : ).
I've been working with Jon King on research related to the BiLock lock cylinders. We've made some progress in identifying and exploiting some vulnerabilties. BiLock was notified of some vulnerabilities with a stated release date of August 1st, but we found some additional vulnerabilities that we'd like to give them time to sort out before we release the paper. More information on this soon!
Some upcoming events that I'm presenting at are now listed on the Events page. I'm particularly excited about LockCon in The Netherlands in October.
]]>Over at Renderman's site there is a great write up on a potentially massive slip up on the media's part. The jist: Is the key in the photograph really the MTA master key? If so, this will be a huge blunder which allows many people to decode the key bitting and have their own personal key. Now this might not seem like a big deal given that people are actively selling the key, anyways, but there are many other examples of key photographs being a big security problem.
Today's big news is a potential impressioning/decoding attack against Abloy Protec locks. At the moment it is unverified but there is an interesting Youtube video demonstrating the attack.
I've also been selected as the May 2010 Locksport Person of the Month over at Locksport International's website. There's a short interview about this website and Lockwiki for your reading pleasure. Much thanks to L.I for the honor!
The next article for the site is taking longer than expected because of a new product on the market that I am including in it. Originally I had just one type of lock I wanted to do the article on, but this new one is too similar to pass up. Expect to see the article within a month or two. It will detail attacks and forensic techniques for two new locks that are set to dominate the American residential market. You should be able to guess both of them, but I'll leave it as a surprise for now!
]]>The Mul-T-Lock article is also updated with information on the Mul-T-Lock CLIQ attacks discussed at Defcon 17 and Hacking at Random a few months ago. From what I understand, researchers also have attacks against the newest generation of Mul-T-Lock CLIQ; they'll be included in the paper if/when they're made publicly available.
It was also Lockwiki's 1 year birthday in November! I hope you all had a great Thanksgiving, Christmas, and New Years. Some new articles should be out in a few weeks, so stay tuned.
Posted by datagram, 01.15.10
]]>In other news, I've been contacted by a few different physical security and locksmithing magazines to write articles on forensic locksmithing. I'm not sure when these will be officially published, but as soon as they are I will post about it here. I'm working on getting scans or online versions of the articles to post when they are ready, too.
Aside from all that, I'm working on some updates to the site, particularly with non-pin lockpicking, sidebars, combination locks, and other odds and ends. The Mul-T-Lock paper will also be updated as soon as I finish organizing input from all you guys and add some new sections (of interest, the Mul-T-Lock CLIQ section will get a big update now that Tobias, Bluzmanis, and TOOOL NL have given out more attack information). For now, the Pick Guns page has been updated to show the plug walls of a lock picked with a vibrational pick gun. Some new articles are in the works, too, but are currently on hold until Toorcon and some private training events are completed.
]]>While at Black Hat I sat in on Deviant Ollam and Babak Javadi's excellent "Physical Security; from Beginner to Expert" workshop. While there Babak demonstrated a bypass technique for the Code Lock 4000 series electromechanical lock (originally discovered by Marc Tobias). I was lucky enough to have some time alone with the lock to do a basic analysis and get some great macro shots of the tool marks and material transfer. Both have been added to the Bypass page, including an updated American 700 tool mark photo.
I should also be getting a set of teflon coated picks (now standard on all TOOOL US picksets) to add to the site. These are not surreptitious, though many people think they are. This information will be added to the Lockpicking page under "Non-metal Lockpicks" once available.
Finally, Marc Tobias and Tobias Bluzmanis gave an excellent talk on electromechanical locks and attacks against them at Defcon. They demonstrated a variety of attacks against the CLIQ, Logic, and Nexgen platforms. Information on the CLIQ attack, specifically the Mul-T-Lock CLIQ, will be added to the Mul-T-Lock paper soon. A few corrections and additions to the paper will also be included, but if there is anything you feel could be added or improved, feel free to e-mail me!
]]>In the paper you'll see various notes where I could use more information or expertise. Please contact me if you can help with any of these! This paper is very much a community work; many people have helped to contribute, review, and proofread it. I'd like to keep it updated where possible, so feel free to contact me if you feel there is anything missing or incomplete.
Black Hat and Defcon are in about two weeks. See many of you there! Check the Events page for more information on upcoming events.
]]>In other news, I'm getting ready to publish the first two articles for this site. One is a whitepaper that I wrote for the Blackhat and Defcon talks; mostly a re-hash of the information on this site, though some people might find it easier to digest. The other is an article on a specific lock company and just about every lock they've produced over the last 40 years. It will cover design, function, and security. Similar to Han Fey's Abloy articles, but with more of an eye toward security than function. Who is it? That'll be left as a surprise! (Tip: they are a high-security lock manufacturer famous for a specific type of lock). Stay tuned!
]]>A brief discussion of forensic evidence left behind by nitric acid based attacks against brass pin-tumblers is now on the Destructive Entry page. Expect this to be updated in the future as I get more concentrated nitric acid as well as other things that claim to dissolve brass.
Freaky of Irvine Underground (IVU) was kind enough to lend me some of their vibration picks at LayerOne to test. Forensic evidence is now included on the Pick Guns page.
]]>