I was recently reminded of this.
Uncategorized
20
Posts
6
Posters
1
Views
-
Anyway, my intent in looking at locks and publishing my paper wasn't to disrupt the lock industry. I believed, as I still do, that mechanical locks and physical security have quite a bit to teach computing, but also that the abstract techniques of cryptography and computer security can illuminate weaknesses that are hard to see when looking at systems in strictly mechanical terms.
My attack is intuitive and obvious to cryptographers, but rather subtle without our field's tools.
6/
I never did reach a truce with the locksmiths. A couple years later, I met Billy Edwards, the author of that editorial denouncing me, at a trade show, and when he learned who I was he refused to shake my hand and asked me to leave him alone.
I wish he had seen things differently, but I can respect that he was coming from a place of genuine concern, even if I think his approach was wrong.
To this day, I worry that I'm pretty screwed if I get locked out of my house.
7/7
-
I never did reach a truce with the locksmiths. A couple years later, I met Billy Edwards, the author of that editorial denouncing me, at a trade show, and when he learned who I was he refused to shake my hand and asked me to leave him alone.
I wish he had seen things differently, but I can respect that he was coming from a place of genuine concern, even if I think his approach was wrong.
To this day, I worry that I'm pretty screwed if I get locked out of my house.
7/7
@mattblaze Do your locksmith friends know about this guy?
https://en.wikipedia.org/wiki/LockPickingLawyer
I’ve watched some of his videos and it is surprising how easy it is to pick locks.
-
I never did reach a truce with the locksmiths. A couple years later, I met Billy Edwards, the author of that editorial denouncing me, at a trade show, and when he learned who I was he refused to shake my hand and asked me to leave him alone.
I wish he had seen things differently, but I can respect that he was coming from a place of genuine concern, even if I think his approach was wrong.
To this day, I worry that I'm pretty screwed if I get locked out of my house.
7/7
@mattblaze What's really funny to me is this 1853 book that Ches and I quoted in the first edition of "Firewalls", about whether it's proper to discuss vulnerabilities in locks.
-
I never did reach a truce with the locksmiths. A couple years later, I met Billy Edwards, the author of that editorial denouncing me, at a trade show, and when he learned who I was he refused to shake my hand and asked me to leave him alone.
I wish he had seen things differently, but I can respect that he was coming from a place of genuine concern, even if I think his approach was wrong.
To this day, I worry that I'm pretty screwed if I get locked out of my house.
7/7
@mattblaze Matt, of all the people I have ever known, you are the one I’d be least worried about getting locked out of a building. (This may be because I do not yet really know @deviantollam other than via the occasional exchange here on the FediTubes.)
-
I never did reach a truce with the locksmiths. A couple years later, I met Billy Edwards, the author of that editorial denouncing me, at a trade show, and when he learned who I was he refused to shake my hand and asked me to leave him alone.
I wish he had seen things differently, but I can respect that he was coming from a place of genuine concern, even if I think his approach was wrong.
To this day, I worry that I'm pretty screwed if I get locked out of my house.
7/7
NB: While I never intended to piss off locksmiths with my master keying paper, I did write a followup a couple years later about safes and safecracking, partly out of spite.
https://www.mattblaze.org/papers/safelocks.pdf
TL;dr: We can learn a lot from safes and safe locks, and the frameworks of cryptography and computer security are applicable there, too. The fact that our learning about this subject makes people in that industry upset is just a bonus.
-
NB: While I never intended to piss off locksmiths with my master keying paper, I did write a followup a couple years later about safes and safecracking, partly out of spite.
https://www.mattblaze.org/papers/safelocks.pdf
TL;dr: We can learn a lot from safes and safe locks, and the frameworks of cryptography and computer security are applicable there, too. The fact that our learning about this subject makes people in that industry upset is just a bonus.
I wrote that paper after I had moved from AT&T Labs to U. Penn. The Penn locksmith went totally apoplectic, and wrote regular angry letters to the dean and to the head of campus security warning about what an irresponsible, dangerous menace I am. But for whatever reason, his efforts were unsuccessful in getting me fired; the administration just forwarded me his letters, which I taped to the door of my office.
-
I wrote that paper after I had moved from AT&T Labs to U. Penn. The Penn locksmith went totally apoplectic, and wrote regular angry letters to the dean and to the head of campus security warning about what an irresponsible, dangerous menace I am. But for whatever reason, his efforts were unsuccessful in getting me fired; the administration just forwarded me his letters, which I taped to the door of my office.
It occurs to me that people outside the security field might find it odd that we openly publish stuff like this. Why help people who might use the knowledge to do bad things?
There are a number of reasons. The first is that only through open discussion are we able to identify and fix problems. Another, which is what motivated my work, is educational: you can't learn to defend systems unless you understand how they are attacked.
-
It occurs to me that people outside the security field might find it odd that we openly publish stuff like this. Why help people who might use the knowledge to do bad things?
There are a number of reasons. The first is that only through open discussion are we able to identify and fix problems. Another, which is what motivated my work, is educational: you can't learn to defend systems unless you understand how they are attacked.
So while openly publishing offensive security techniques might indeed help criminals, that harm is outweighed by significant benefits. Every properly trained computer science student should understand how to exploit vulnerabilities. Because the attackers DEFINITELY understand it.
-
So while openly publishing offensive security techniques might indeed help criminals, that harm is outweighed by significant benefits. Every properly trained computer science student should understand how to exploit vulnerabilities. Because the attackers DEFINITELY understand it.
The bottom line here is that while being the subject of attack by a deranged internet mob is never fun, sometimes it's the cost of doing business for doing interesting work.
And for those who yell at me for posting black and white photos or not putting content warnings on discussions of current events or not using enough hashtags or whatever, don't bother. I've stared down angry locksmiths and come out the other side.
-
The bottom line here is that while being the subject of attack by a deranged internet mob is never fun, sometimes it's the cost of doing business for doing interesting work.
And for those who yell at me for posting black and white photos or not putting content warnings on discussions of current events or not using enough hashtags or whatever, don't bother. I've stared down angry locksmiths and come out the other side.
I've gotten a few replies asking me if I regret publishing this or would do anything differently.
No. I'm proud of this work. I think it has value. I would do nothing differently. I am, evidently, remorseless and incorrigible.
-
It occurs to me that people outside the security field might find it odd that we openly publish stuff like this. Why help people who might use the knowledge to do bad things?
There are a number of reasons. The first is that only through open discussion are we able to identify and fix problems. Another, which is what motivated my work, is educational: you can't learn to defend systems unless you understand how they are attacked.
@mattblaze I think there is also a point to be made here about the importance of #OpenSource software and how software being closed source does not automatically make it more secure. If anything, closed source is less secure because it deprives independent researchers of the opportunity to poke around and find issues.
-
@mattblaze I think there is also a point to be made here about the importance of #OpenSource software and how software being closed source does not automatically make it more secure. If anything, closed source is less secure because it deprives independent researchers of the opportunity to poke around and find issues.
@vinay While that's a commonly repeated myth, no study has been able to establish any significant correlation between open (or closed) source and improved security. It doesn't seem to be an important factor in practice.
-
@mattblaze Matt, of all the people I have ever known, you are the one I’d be least worried about getting locked out of a building. (This may be because I do not yet really know @deviantollam other than via the occasional exchange here on the FediTubes.)
@20002ist @mattblaze Matt and I have known each other for what feels to me like 20+ years or so now and the fact that I haven't met you personally yet is a failing of mine that perhaps may yet still be remedied. ☺️👍
(A kind of wild footnote to the saga of his thread is the fact that I met another prominent person in the lock industry at a conference perhaps 3 years ago it was and somehow it sounded like he was STILL a bit salty about Matt's proper and mentioned him by name during a training I was attending. While it sounded like he may have softened slightly in his stance, he nonetheless still remembered the incident of Matt's paper pretty fresh in his mind as if it were yesterday.)
-
undefined oblomov@sociale.network shared this topic on
-
@20002ist @mattblaze Matt and I have known each other for what feels to me like 20+ years or so now and the fact that I haven't met you personally yet is a failing of mine that perhaps may yet still be remedied. ☺️👍
(A kind of wild footnote to the saga of his thread is the fact that I met another prominent person in the lock industry at a conference perhaps 3 years ago it was and somehow it sounded like he was STILL a bit salty about Matt's proper and mentioned him by name during a training I was attending. While it sounded like he may have softened slightly in his stance, he nonetheless still remembered the incident of Matt's paper pretty fresh in his mind as if it were yesterday.)
@deviantollam @20002ist A lot of them seem to still be clinging to this belief that they are an elite priesthood entrusted with safeguarding secret knowledge. They'd be so much more productive if they acknowledged the existence of the real world.
-
undefined filobus@sociale.network shared this topic on
Feed RSS
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@jackwilliambell Me too!
-
To run rc scripts in /etc/rc.d and /usr/local/etc/rc.d use service(8).
Run "service ${name_of_rc_script} start" to start a daemon and
"service ${name_of_rc_script} stop" to stop it.-- Lars Engels <lme@FreeBSD.org>
-
-
@cstross @UrbanDjent@metalhead.club
I fucking *love* the block button.
-
Crittografia di WhatsApp, una causa legale e tanto rumore
Chiediamoci: è almeno possibile che WhatsApp contenga una "backdoor" segreta che le consenta di esfiltrare segretamente una seconda copia di ogni messaggio (o forse solo le chiavi di crittografia) su un server speciale di Meta?
Non posso dirti con certezza che non sia così. Posso però dirti che se WhatsApp facesse una cosa del genere, (1) verrebbe scoperta, (2) le prove sarebbero quasi certamente visibili nel codice dell'applicazione WhatsApp e (3) esporrebbe WhatsApp e Meta a nuove, entusiasmanti forme di rovina.
-
@afreytes somebody tripped on a cable at AWS
-
@jackwilliambell @cstross Tag-teamed by a couple of self-import and humourless fuck buddies. You can block me if you're both feeling a little delicate.
-
@futurebird You can bet this find upstanding piece of shit expresses her racism in other ways too. You'd almost certainly find kids of color get worse grades and more reported problems in her class.
This is the CORE of racism. Some sick evil ADULT bullying 5yr olds. Making it clear to them they are hated, that the system will destroy them, that they shouldn't even bother competing because some scum will always have their finger on the scale. So fucking sick and evil.
