A Quick Introduction to Lockpicking and Useful Resources for Beginners
I’ve been into lockpicking for a few years now, and I’m surprised I’ve never posted more about it (maybe I will). Suffice it to say that lockpicking is great fun, you learn a lot, and one day it may come in handy (legally of course). One thing I’ve noticed whenever I talk about lockpicking, is that most people -including techies – have very little clue about how locks themselves actually work. It’s no surprise then that lockpicking feels like a bit of mystery to many. In reality the majority of locks are very simple devices, and many can be picked or bypassed using fairly simple tools.
I had the pleasure of taking part in the Defcon 19 Gringo Warrior contest where participants must bypass a series of locks to ‘escape’. It’s scored based on time and difficult of locks picked. I scored about above average. In this post I’m going to give my own shotgun intro to lockpicking, and provide some videos and links to other useful references where you can go find more detail.
BlackHat, Defcon and Vegas Baby!
The planets and stars have aligned, and it turns out I’ll be at BlackHat and Defcon this year! I’ve never gone, although I’ve been wanting to for many years, so it’s definitely an exciting first for me. My awesome gf pushed me to finally go ;) There are plenty of people from the security community that I know online, but I’m eager to finally meet them in person. Any of you guys (or gals) going? I’m currently on the hunt for some decent Defcon parties; hook me up if you know of any! Las Vegas baby, here we come.
Hack Uses Geolocation to Pinpoint Your Location
In one of the more simple yet clever attacks I’ve seen this year, at BlackHat and Defcon, Samy Kamkar (author of the 2005 Samy MySpace worm) showed how javascript and geolocation could be used to more or less pinpoint a user’s location. An attack Samy dubbed ‘XXXSS‘.
The attack works by using javascript to obtain the MAC address (a unique hardware identifier) of the victim’s network router or gateway, and then submitting it to Google’s Geolocation service to obtain the coordinates. Read more
Loading ...
