Kensington Lock Flaw
Results 1 to 7 of 7

Thread: Kensington Lock Flaw

  1. #1
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914

    Kensington Lock Flaw

    Hey Hey,

    Has anyone seen the videos for the flaws in the Kensington and Kryptonite locks? It's pretty ridiculous.. I recieved the videos through email, so I'll try and upload them to my server when I get home... unless someone knows where the originals are on the internet...

    Anyways... using a simple bic pen casing (or a piece of a toilet paper roll) you can unlock a kensington lock (not the combination ones... the keyed ones).. It took them under a minute in the video.. .and under 30 seconds even, so I decided to try on one of our office monitors that uses this lock... in about 5 seconds I had the lock open and off the computer... using nothing more than a pen casing... This is sad and pathetic... Just push it into the hole and turn it back and forth while applying pressure... it slips right in and unlocks it...

    The Kryptonite bike locks will apparently be replaced when possible with a newer lock mechanism... but Kensington hasn't announced anything yet.... The funny part is that this was first discovered in 1992, but not overly publicized until now... How many thefts have occured because of this....

    Anyways just wanted to through a heads up to you... I'll post those videos tonight when I get home from work, and tomorrow we're gonna make a video here in the office of just how quickly it can be done.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  2. #2
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,429
    I remember MsMittens (I think?) posting about this about 6 months ago...

  3. #3
    the beign of authority kurt_der_koenig's Avatar
    Join Date
    Jan 2004
    Location
    Pa
    Posts
    567
    yeah, i remember this also! But, hey, I won't mind his rendition of it....

  4. #4
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    I searched and couldn't find anything... Can anyone point me to a link of the other thread.. I'd love to read it.

    Peace,
    HT

    [Edit]
    Here's the links to the videos

    http://www.seeminglyrandom.info/locks/kensington623.wmv
    http://www.seeminglyrandom.info/locks/lock.wmv

    [/edit]
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  5. #5
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    http://www.antionline.com/showthread...ght=kryptonite

    Now, the videos weren't published there. As of today I still haven't received my replacement from Kryptonite, who has probably been hit the hardest by this particularly flaw and is swamped with requests and such. I figure I might see a new lock in early 2005.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  6. #6
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    That explains why I didn't find it... I didn't consider the Kryptonite one to be all that bad, as it's simply a bike lock... most of the time the items held down with the kensington would be worth more... so I searched with it..

    Hopefully we'll have some video examples of how easy it actually is this afternoon.. Starring yours truly of course (I already have a feeling that I'll hear from Hollywood)..

    Anyways thanks for the link MsM... I'll throw the videos up in a few hours.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  7. #7
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Uh.. you haven't priced a decent bike recently, have you? My present bike runs about $1,600 CDN and the one I will be getting in the spring will be about $3000USD/$3500CDN. That's actually not too expensive. My ideal bike would put it around $6,000CDN. No chump change there. It really isn't the Walmart-type store bought bikes that would be of concern but the specialized bikes bought at a LBS (Local Bike Shop) made for a specific purpose (in my case long distance 3rd world, tough terrain touring). In others, and many of the ones on the bike forums I visit, it's racing, randonneuring and MTBing. Serious adventure nuts who want something that will truly last, be a good ride and worth it. Kryptonite used to have this warranty where if the bike was stolen while using one of their U-locks they'd replace the cost of the bike. Kryptonite is the single largest bike lock manufacturer out there (I don't know the exact numbers but given the response at this thread, I'd say it's a lot) and they have the most to lose.

    So in actual fact, many of the things held by a Kryptonite can be worth as much if not more than what a Kensington would hold and more public (how many bikes do you see locked up in an office versus on the street?).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides