Follow lauxmyth on Twitter

Saturday, April 24, 2010

Lock nerd or lock geek?

I have been asking fellow attendees at SAVTA this burning question of deep importance to me. I fear I may get the answer wrong.

A bit of background. I have been busted checking the keyway and hardware as I open a door. Going past a bank, I have told a friend what kind of cylinder is in the night depository. I visited a small town historical museum with 3 rooms of 'stuff' including a big old safe. I was looking at its boltwork and lock for half the time there. And lets face it, I am using a week of vacation to be here.

So help me please. Am I a lock geek? Or a lock nerd?

Wednesday, April 21, 2010

Matt Blaze, Computer Scientist takes on locks

For those in the safe community, the name Matt Blaze may not be front and centre but he does have credentials in information security. He turned his computer attention of safe locks a while back and wrote a paper I found most interesting.

Matt Blaze @ crypto.com

Buried in this page are two papers of interest to lock and safe technicians.
One is on safecracking or what we call a manipulation. Another is about masterkeying mechanical locks. For one, he documents the Informed Oracle Attack to escalate authority. (Please use text search in his page to find the papers links directly. If I link to the papers directly, they will download as PDF files instantly.)

His work is not really news in so many ways but it does represent presenting it to a wider audience. How many? Well, the papers were published in 2004. When I first found them, I looked to see if a course was offered in computer security at various colleges and universities. LOTS OF EM. It is reasonable to think these papers have floated past tens of thousands or more of undergraduate students. We are not talking semi-literate and semi-numerate prison convicts. I am talking people who can make sense of the content and for a few hundred dollars find a group two lock to play with and see it works. Once more, security by obscurity fails.


--- --- --- --- ---
The contents of this post are released for non-profit or educational use in whole or in part provided this statement and the attribution below are kept attached.

Laux Myth ... Thoughts From a Locksmith
By MartinB, Found @ http://lauxmyth.blogspot.com/

Resource for Dialing Diagnostics

Just finished Safe Service and Dialing Diagnostics here at SAFETECH 2010. I think I passed. :-)

I spoke in the last few days about a good summary of this topic on the Sargent and Greenleaf site and took a moment to find it. I have this document in my service van for reference and yet I am not sure how often I have looked at it while doing jobs in the last few years.

S&G Mechanical Safe Lock Guide

Since the link location may change and other resources are there, it may be helpful to know the page from which I found this link.

Safe Lock Trouble-Shooting Resource Center

While this overview is excellent, it is for the one brand. However, many of the concepts are general in nature since a fly can get stuck in a LaGard or Mosler just as well. Also, the spline locations all shift in other brands. I do not feel this lessens its usefulness at all.

Sunday, April 18, 2010

SAFETECH 2010

Well, made it to San Diego for the big SAVTA (Safe and Vault Techicians Association) conference. Met a few other safe guys over some beer and supper but most of it starts tomorrow. I had most of the day to myself and got all the way to Mexico. Literally. I stood in the States and took pictures of the border crossing.

I find the process of learning the trade interesting. Some of this stuff is a big secret and yet no organization with a large number of people keeps a secret well in the long term. And yet, try to search the internet for the drill points to defeat the door on some particular model of safe and you generally will fail. (I have tried and there is little out there to find and I think I have reasonably good research skills.)

Will I tell you everything I see and hear? No. I am thinking most will be boring anyways. I am hoping to make this conference into at least a few posts.

Tuesday, April 13, 2010

My Keys Cost $1500! Really??

How much does a key cost? At one level, it is 2 or 3 bucks. You give your existing key to the staff of a store and it gets mounted into a machine and a copy is cut. This is common for house keys.

However, there is a completely different answer. At our provincial locksmith conference, I was told of a different way of looking at this.* The cost of your key ring is the total of your house and automobile insurance deductibles. Look the two deductibles up and if your key ring is stolen and later used to get your car and rob your house, you get to pay this amount before any insurance claim.

Search Google News for 'stolen keys' and you will find it is a common method to get access to cars. This is a reasonable consequence of the electronics in keys in many car models. Without a key, the ignition column can be smashed open but the car will not start.

The only case where I have direct experience, involved a coat stolen from the staff area in the back of a big restaurant. The back door was left unlocked routinely to let other staff enter unhindered. A cook was done his shift and found his coat missing with keys in the pocket. He looked outside and the car was gone. I entered the picture to meet the wife as soon as possible to change the keying on the house. The risk of a thief using stolen keys is highest in the first few hours and the car theft proved the culprit was willing to use the stolen keys. The house was fine when she got home which was faster then the husband who was taking a taxi. (When I was done, the car was reported stolen but police had not yet found it.)

In this case, they may pay the cost of the insurance deductible for the car and then the cost to rekey the house. Rekeying a car is usually far more costly.

Changing the keying of a house has many different prices. Some townhouses have one locked door with one deadbolt. That is a half hour call. Some luxury homes have over 12 locks all over the place. Also, in a crisis like this the change has to be made as fast as possible to be the most effective. Locksmiths are like plumbers and have day rates, evening rates and late night rates. The client has to decide if the price is worth it. Go ahead and compare to your insurance deductibles.


* My apologies but can not recall who this is or I would give credit. If you remember telling me over lunch in the coffee shop of the Capri Centre, do let me know.


--- --- --- --- ---
The contents of this post are released for non-profit or educational use in whole or in part provided this statement and the attribution below are kept attached.

Laux Myth ... Thoughts From a Locksmith
By MartinB, Found @ http://lauxmyth.blogspot.com/

Monday, April 12, 2010

A Subtle "Hello" to the LPO

I had the occasion to shop for new boot laces tonight at a store I both frequent as a shopper and do work as a contractor. As often happens, I am directed to do work in many stores by a Loss Prevention Officer (LPO) and know many of them across the city. However, this time I was there as a shopper and seeing the LPO, I just nodded a hello. In the trade, he or she has to talk first as they may want to be 'undercover' at the moment.

A nod is as good was a wink.

Oh yes, the boot laces. I had to use my angle grinder in a restaurant while it was open. One of cuts needed was vertical and I could not fire the spark stream UP into the air and all over the place. I shot it down and I guess some of it ... or enough of it ... hit my boot and burned partly through the shoe lace. Today the lace broke.

Thursday, April 8, 2010

Locks, Alarms and Insurance

Do not ask one to do the job of the next.

Locks keep people OUT you do not want to let IN. Of course, this is about the door and window details too. This is the physical security of a home or business. You want to be hard to defeat but remember nobody knows what tools or skills are with the possible burglar.

Alarms work to limit the time on site and also ahead of the locks to give the clear suggestion you will not get what you want. (Why is the alarm system often announced with signs and the lock system not?)

Insurance covers real costs if the first two above do not work. However, the claim is only valid if you made a reasonable effort. This means lock your doors and turn on the alarm system. Oh yes, it is real costs. I have a nice glass bowl which I inherited from my granny. I just recently saw it for $3 in a second hand shop. To me the bowl is worth more but to insurance it has a real value of $3.


--- --- --- --- ---
The contents of this post are released for non-profit or educational use in whole or in part provided this statement and the attribution below are kept attached.

Laux Myth ... Thoughts From a Locksmith
By MartinB, Found @ http://lauxmyth.blogspot.com/

Wednesday, April 7, 2010

Bear Hunting and New Running Shoes

Stop me if you have heard this story.

Two good old boys are about to head out on a trip to hunt bear. One wants to stop and buy a pair of good running shoes. His buddy laughs as he reminds the first that he can not outrun a bear. The first guy says, "I do not have to outrun the bear. I have to outrun YOU."


I guess you did not stop me in time.

What does this have to do with physical security? Crime is often a matter of opportunity and the thief or thieves do very little planning. One house is chosen as they drive, bike or walk down the back alley or front street or both. Your house is chosen based on first look. You do not have to make your house harder to break into than Fort Knox. It only has to look harder than those of your neighbours.

Do a quick net search and you find many good ideas. One page I found which is quite good is from the Ontario Ministry of Community Safety and Correctional Services named the Home Security Audit Guide from which you can download as a PDF from the same page. (Other pages of ideas work but take any with some caution if they are selling you locks or alarms or other stuff.)

I want to mention some common mistakes homeowners make. Places to hide out of the light are used as location to break into a door or window. This often includes a high fence many people like on the side and back of the house. You will hear people say the fence also helps to keep a thief out but that is not supported by the evidence at all. A window without curtains is preferred too since you can see if somebody arrives and for a basement window what is below to land upon.

Every door must have a deadbolt. Every bolt should have 1 inch or 2.5 cm of throw. The throw is how much bolt projects out of the edge of the door when locked and you can easily see this by locking the deadbolt with the door open. The best quality deadbolts correctly installed also have solid tapered bodies on the outside and shelves of metal to hold onto the hole in the door so a hammer can not easily pound them down to the bottom of the hole. It is not the job of two thin bolts to keep the deadbolt held to the door. The strike should be held on with at least two 2.5 inch or 6 cm wood screws. If you have a window in the door or a side light window, get a grating so nobody can reach in if the glass is broken. Consider wrapping plates under the deadbolts to increase the door strength too. They are a cheap easy installation and done before the door is damaged can look very good.

Alarm signs work well as deterrent if you have a real alarm with real signs. Getting fakes from a dollar store do not. If some punk can seen all the wall next to the main door and not see an alarm panel, there probably is no alarm. If some punk can not see alarm contacts on any windows or glass break sensors, there probably is no alarm. If some punk breaks a window and nothing sounds, their IS no alarm.

Make your home a distributed target. All the valuable stuff should be spread out. If an alarm is used to limit time on site, then the thief can not spend the time to look everywhere.

If you have a safe, learn the difference between a fire safe and a burglary safe and keep the right kind of contents in each. Banks rent safety deposit boxes. Yes, they do!

Do you have insurance?

One last thing. This does not apply in the least to a targeted robbery. I am not saying this happened. I am also not saying it did not. Let's say you are some gun collector who has a nice stock of rifles. Some are so nice you show them to any friend your son brings home from school who shows some interest including a walk to the closet with deadbolts. Guns like this are of value and when somebody gets in the house and only goes for the guns and gets out fast, you can tell what they wanted. The time on site and path is easy to read from the alarm hits. Who knew the guns were there? Probably most of the kids in 2 or 3 junior high schools.

Enjoy your new shoes and remember if you will spend $200 on a pair of shoes, why not $200 on a good deadbolt?


--- --- --- --- ---
The contents of this post are released for non-profit or educational use in whole or in part provided this statement and the attribution below are kept attached.

Laux Myth ... Thoughts From a Locksmith
By MartinB, Found @ http://lauxmyth.blogspot.com/

Sunday, April 4, 2010

Cooking ... not off topic

I get few calls on Sunday nights and gambled by putting on a roast. I am not always perfect getting 'done' right on roasts when I stay to watch them but this was about half way there when a job came in. I covered it, turned off the oven and headed out. The job was routine and I drove home. The oven was still hot and I could tell it was about 275 F or 135 C. It had clearly browned up some. I partly cooked the vegetables before pulling it out to cut it some. The inside was great and so was the whole meal. In the end it was in the oven for about 3 hours but sometimes these things work out. (BTW ... if it would have been ruined, I would have had a full vegetable supper and that is fine for me too and I made enough money to eat out if I wanted also.)


You have to be careful using the internet for metric conversions it seems. I fired '275 F Celsius' into Google and found a page of sites. Near the top was a site for baking and used the word oven. Bingo! Only at one point on the page it gave 275 F as 135 C and another place as 140 C.
http://www.baking911.com/howto/oven_temps.htm
I ran to another site which was a universal conversion calculator and 135 is better but for the precision needed in most roasting, this would be a minor point.


--- --- --- --- ---
The contents of this post are released for non-profit or educational use in whole or in part provided this statement and the attribution below are kept attached.

Laux Myth ... Thoughts From a Locksmith
By MartinB, Found @ http://lauxmyth.blogspot.com/

Safe Lock Batteries

Digital safe locks usually take batteries with only rare exceptions running an external power supply. When the lock does, the manufacturers recommend top of the line alkaline types. This typically means Duracell Coppertop or Eveready Energizer.* There are a few other brand name quality batteries which may be used safely. You will notice the good batteries have best before dates which are about 5 years away from your purchase date. If the batteries does NOT have an expiry date, do not buy it.

There are three good reasons to buy the best batteries you can.

  • Lifetime. The best batteries last the longest. You can save a few dollars by going with lesser batteries in return for staff changing them more often. It sounds like a good bargain as long as you know the full risk. Staff who do not know how to do this can get 'vigorous' and rip the keypad off the wire connecting it to the safe forcing an emergency replacement. We also see people who pull off the keypad and return it with one full turn in the cable each time and sooner or later the poor thing looks like a telephone cord without the spring. Again, stressed wires break and then the pad must be replaces.

  • Dead at time of install. We see this as a call when the client has replaced the batteries and the safe will still not open or not consistently. Upon arrival, I test each with a multimeter and sometimes find dead 'new' batteries. This can happen with any brand but the big names have a better track record.

  • Leakage. Batteries which have discharged leak but also if a battery starts to leak it quickly discharges. Most safe locks take 2 9V batteries and only ONE is needed to operate the lock. If one starts to leak, the first you MAY know there is a problem is when the junk from the dead cell hits the circuit board and shorts it. While rare, this problem forces keypad replacement. (It is also a risk and concern for any safe lock which is seldom used or in storage.)



Lastly, a safe lock has a method to tell you the batteries are low. Sometimes these do not kick in and the lock just dies. Other times staff have ignored it for so long it is now considered the standard operation of the lock. Additionally, sometimes the environment is so noisy nobody could really hear the beeps of the lock even given he or she knows what the signal is for low batteries. This gives us a good rule: If the safe lock is not working right, replace the batteries.

* All trade names are held by their respective companies.

--- --- --- --- ---
The contents of this post are released for non-profit or educational use in whole or in part provided this statement and the attribution below are kept attached.

Laux Myth ... Thoughts From a Locksmith
By MartinB, Found @ http://lauxmyth.blogspot.com/

Thursday, April 1, 2010

"Do you cut keys?"

You all know the type, but none of US are THIS type. It could be some neo-hippy college student with wild dreadlocks and more tattoos than a tribe of Maori or some haggard middle-aged mom with 3 toddlers in tow or some small time property manager who does all the maintenance. Whichever person is walking in, the door has not yet closed when they ask it. However, he or she has had time to look up and see you. They see you and not the wall of key blanks behind you. It is almost out of Python's cheese shop when the words float innocently out.

"Do you cut keys?"

As I hear it, I have to remind myself that the wall behind me is covered from waist to over my head with blanks. The blanks are spaced one inch apart on more wall space than some banana republics use for banana plantations. I know the brass in this shop could be melted down to make some type of horrid modern art sculpture which high society would admire and civic governments would pay for. This art work would loom over the head of me and the person with the question.

"Do you cut keys?"

I know the simple answer. I know our shop is clearly labeled and it seems impossible some vague detour would find a person wanting a watermelon before me and even if it did, they should not want a key cut. However, I want to reach into the bin of miscut wonders and start to scream as I throw keys.

"NO, we do not cut keys. We repair locks only. We leave the cutting of keys to the professional at the big box hardware stores. The blanks you see behind me for 1000 different locks are here for show. They are a deception to fool the masses and it worked until you walked in here and asked that one question."

"Do you cut keys?"

"Of course we do. Let me see the key."
"How many would you like?"


--- --- --- --- ---
The contents of this post are released for non-profit or educational use in whole or in part provided this statement and the attribution below are kept attached.

Laux Myth ... Thoughts From a Locksmith
By MartinB, Found @ http://lauxmyth.blogspot.com/

Security vs Convenience vs Price

A sign posted in a print shop:
“Quality, Service, Price …Pick Two” 
 
We have all been there when shopping.  You can want whatever you like, but if you are real, you know that some things are driving your purchasing choices and some are along for the ride.
 
In physical security, we often find three other concepts work against each other.  All our customers want some level of security and when you are talking to them you try to figure out what amount is appropriate. Ultimately, you have to let the client decide and what you try to provide is informed assessment of the risks.  Often you have to know the business they operate within.  A drug store may or may not offer triplicate prescriptions which are mostly narcotics and drugs with street value.  You have to ask and once you know, you should set the need for security a bit higher.  You need to remind some businesses that internal theft is a real risk and the locks which work so well at 4 in the morning are not in play against a bad staff member.  

Convenience comes into play any time an authorized user needs to pass through a locked door or open a cabinet.  Low value items are usually in places many people need to go fast and so often have quick locks.  The other end of convenience is probably prisons where you do not even get a key.  You enter a vestibule under the supervision of a guard on the other side of glass.  And only when that person is convinced you are no threat and the first door closes and locks, does the second door unlock.  The guard can not open both doors at once. 

Price is where you decide how much of what you want.  I can sell you more security but the price is higher.  I can sell you more access but you either take a bit less security or you pay more.  This last point is well shown with push button locks.  There is a simple 5 button door lock called a Simplex 1000.  It accepts only ONE code so if you have 200 people using that door they all use the same code.  It has no memory of who opened it or when.  It runs more than a residential lock but it has its place and runs into a few hundred dollars.  However, if you want to know who used which code to pass through the door when, you need an electronic lock which can save an audit trail.  It also means the administrator has to establish a code for every single user.  These locks cost more to install being over $1000 but also have more labour overhead to maintain.  If you had $1 000 000 in cash sitting on the other side of a door, I would put neither on your door.

Most customers know about trade-offs in purchasing.  Those who do not seem to get it are the ones who find it hard to buy any major product -- or so I believe.



--- --- --- --- ---
The contents of this post are released for non-profit or educational use in whole or in part provided this statement and the attribution below are kept attached.

Laux Myth ... Thoughts From a Locksmith
By MartinB, Found @ http://lauxmyth.blogspot.com/