Sysadmin cracked military PC’s security by reading the manual Welcome once more to On-Call, The Register’s attempt to make Fridays tolerable by bringing you fellow readers’ tales of terrifying tech support jobs they somehow survived. This week, meet “Guy”, who told On-Call he grew up in the golden age of the microcomputer, meaning that by the time he joined his local Army National Guard …
When I was younger I did the same with padlocks. The cheaper ones I remember could be opened by just turning one way almost 360 degrees then the other way the same before going back to a final stopping position. Before TSA locks came in I opened the padlock on a friends case when they forgot the code. Betting me £100 I couldn't do it in under a minute was a mistake. You just had to put tension on the lock and turn the dials.
A long time ago the team I was in was moved to a new building (by new I mean old but vacant)
Every desk had a metal drawer cabinet by its side but every single one of those cabinets (built like tanks) was locked and we were provided no keys.
I started fiddling with mine and got around the lock by picking the lever system inside it that connected the lock to the locking mechanism of each drawer (it was just accessible from the bottom of the cabinet).
After seeing I'd opened my own cabinet, my boss instructed me to open the rest of the 60+ cabinets. Fun times.
"What I want to know is how they worked that out as opposed to just picking a basic lock."
Two obvious ways:
1) You can save a good deal of money by purchasing filing cabinets without locks, but with the capability for locking hardware to be installed. As you install it yourself, you note that the locking bar is held in place by gravity, not by the lock itself. The lock only prevents a lever from moving, and thus moving the the locking bar. The bar itself is free to move if you tip the cabinet.
2) You are the poor bastard selected by the Boss to move filing cabinets from one office to another. Naturally, the Boss insists that they be moved fully loaded, and locks the drawers "so they don't shift on you". Inevitably, one of the cabinets is top-heavy & manages to discover it's center of gravity at an inopportune moment. As it hits the ground, one or all of the "locked" drawers pop open.
Whilst on the Isle of Skye, I took my disabled wife to visit a seal watching hide overlooking the estuary. The road from the car park was barred by a gate with a combination padlock, and Blue badge holders were invited to phone an Edinburgh number to get the combination to allow them to open the gate and drive about half a mile nearer to the hide. I looked at my mobile phone - no signal. No land line anywhere in sight, so I looked at the four digit rotary barrel lock. Applied a bit of tension and twiddled the barrels until each went slack, and opened the gate. I don't know how the RSPB expected anyone to contact them from a signal deadspot, unless one was expected to return to civilisation to get the combination, but by then, the moment would probably have passed.
Many years ago I had a friend at college who, for a kind of party trick, would easily pick the padlocks on student trunks. Took just a few seconds and you'd have to be watching quite closely to see he didn't have a key.
He never abused his ability, but he would pick a lock, then put it through a piece of paper on which he'd written "Get a better lock!".
I don't recollect witnessing it, but I think he also did that to bikes, and was dismissive of big heavy expensive D-locks that were really secure against being broken but could be quietly picked in a few seconds.
Many years ago I had a friend at college who, for a kind of party trick, would easily pick the padlocks on student trunks.
Did this. There was a group of us (>45) going overseas. All our luggages were piled in our room while waiting for the hotel to come and pick them up in one go.
I had a metal wire and a heavy door jam. About 10 minutes later I was "cracking" some of the locks and interchanging them around.
We arrived at our destination hotel and within 2 hours of check-in there was a huge commotion (some of the rich kids called home to daddy) while my side-kick was, literally, rolling on the floor laughing.
When the owners of the locks managed to open up their luggages, the next thing they did was march down the hotel reception and asked where the nearest hardware store is so they can buy a sturdy lock, particularly one I can't pick.
What I didn't tell them was I could still open their luggages without touching the locks (via the zippers).
No, they weren't offended of the stunt I putted.
Yes, during the trip I was able to use the same "pick" to open a room door and the door to the bus. Fun times, that was.
"Yes, during the trip I was able to use the same "pick" to open a room door and the door to the bus. Fun times, that was."
I had a friend at college who always carried a screwdriver and would unscrew tables, chairs, anything held together by screws.
I kept very quiet about my lock picking abilities when he was around in case he picked up on that idea. There was nothing worse than having to unpick a bike lock when you were cutting it fine getting to a lecture on time.
"I had a friend at college who always carried a screwdriver and would unscrew tables, chairs, anything held together by screws."
A few of us paid a visit to the NUU in Coleraine not long after it opened. The bit we were in was constructed out of a sort of oversized Meccano. I wondered how much of it could be dismantled overnight by a determined squad of students armed with the right size spanners.
I wondered how much of it could be dismantled overnight by a determined squad of students armed with the right size spanners.
There are stories of students taking a car apart and reassembling it in the owner's room. Usually a kit car like a Lotus 7.
"A Citroen 2CV is piss easy too"
The Mini and Beetle have monocoque bodies that would not go through standard room door widths? The Lotus 7 was a shallow sports car. Not sure if the 2CV body could be easily taken apart?
"Not sure if the 2CV body could be easily taken apart?"
It was originally designed for rural French farmers, hence the narrow tyres, long play suspension and extreme ease of removing and replacing the body panels. ISTR seeing a video many years ago where one was stripped down in a TV studio with little more than a single spanner and screwdriver. Not so sure about the chassis though.
Here's an example, 5 minute video speeded up, but a complete strip down to the chassis in probably 15 minutes. I'd estimate that the chassis with or without wheels would probably fit through a door on it's side.
"We used to pick up a neighbor's VW Beetle and set it in his pool. "
An IT colleague used to compete in international motorcar rallies. One day they arrived in a town and couldn't find anywhere on the street to park. They rolled out their wheeled jack - and "tidied" the cars that were already parked until there was enough room for them.
"There used to be a Dexion shop in N London, long gone, of course. It's right what they say: the variety has gone out of the High Street these days"
Twenty years ago I moved to a small town in which all the non-food shops were devoted to ladies clothes. Seemingly nothing at all for the blokes, at least not at the weekend.
Then I discovered a small corner of a department store devoted to car accessories (not needed once my banger days were over) and more exotic things like Dremel drills. Ah Bliss.
Unfortunately that place was eventually taken over by a large chain and the blokes' options diminished significantly.
Old-style D-locks had a type of circular lock that was very vulnerable to being picked using a circle of plastic like, say, the cap of a Bic ballpoint pen. I'm not giving any trade secrets away here, since this quick pick system has been around for decades.
Masterlock however is something of a concern. They have an unenviable reputation as the absolute easiest-to-pick padlock makers in the world, barring some of the cheap and useless Chinese brands. Masterlock use no security pins, and even go so far as to include a vulnerability in some padlocks that leads to them being easily bypassed.
Their latest outing into the world of security done wrong is a Bluetooth padlock with the key hardcoded into the device MAC address...
I have a photo that reminds me how security works in the minds of many, and which illustrates this story perfectly. The picture is of a boat on a loch, secured by a large and imposing padlock one wouldn't dream of trying to pick. But above and below the padlock are two conventional shackles, easily removed with a pair of pliers, or maybe a bit of wire. Most people, except miscreants, concentrate on the padlock. So it's excellent security for keeping out people who wouldn't steal the boat anyway. Not sure whether links are acceptable on ElReg but the pic is here:- http://www.tinslave.co.uk/vrp/wp-content/uploads/2012/10/TinSlave-175624-05102012.jpg
"I have a photo that reminds me how security works in the minds of many, and which illustrates this story perfectly."
Someone recently came to visit us at home. I had to go outside for some reason and came back in.
"Is that your bike out there?"
"Yes, why?"
"We should put it round the back, it's safer."
"OK, I'll just be there in a second."
She came out of the house and I was holding the bike in front of her. She had locked it to our gate post, so I had just lifted the bike, and lock, over the gate post and wheeled it down the drive.
> I had just lifted the bike, and lock, over the gate post and wheeled it down the drive
One of my neighbours has a chain-link fence around the property, with double gates at the front which they are obsessive about locking.
Come the inevitable "I've lost the key to my gates" knock on my door, I followed them back with a box full of tools to try and force / break / cut a way in. Apart from the obvious (chain-link fence that would be easily cut through) it turned out that their gates simply lifted off the hinges.
"it turned out that their gates simply lifted off the hinges."
The comms team had a big cabling job to do at the warehouse over a weekend. The warehouse was near a football ground. When they got there they found some local wide boys had lifted the locked gates off the hinges and were selling car parking to match goers.
"But above and below the padlock are two conventional shackles, easily removed with a pair of pliers, or maybe a bit of wire."
Hmm. If you were to undo the shackles and reconnect them to each other you could leave the boat still tied up and steal the padlock.
There's the (in)famous example of Richard Feynman breaking into locked filling cabinets at Los Alamos. This YouTube video gives the details of how Feynman managed it.
I had my department buy me a fire safe for floppies. During a re-organisation it was decided that such things would be a group resource - rather than "belonging" to an individual. After a few years it came back into my sole possession - unlocked but without the key.
There was a manufacturer's piece of card still inside that had some cryptic numbers. The manufacturer's UK branch insisted there was no way to find a key for the safe. Took the information to our high street independent key maker - a week later he supplied a key that worked.
Took the information to our high street independent key maker - a week later he supplied a key that worked
We recently had our front door replaced and the new one had uprated "security" locks - for which the supplier wanted £35 per duplicate key (it only came with two keys) and assured us that we couldn't get them anywhere else.
One swift trip to our local independant key cutter and we had 6 extra keys - for the princely sum of £10. All of which worked.
Get a settling torch. Cut a hole with it in the top of the safe. Pump a load of water into it until it's full. Put a charge in it to cause a small explosion. Set it off. The pressure inside and shock wave from the water will blow the doors off.*
Obviously only useful if full of gold or silver. Money would kinda get wet.
*Yes I've stolen that from The Score (sorry if that now ruins the movie. Still a great movie and still not fully ruined the plot for you).
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
