Re: Securing TE to the bench?

Do you have a question? Post it now! No Registration Necessary

Translate This Thread From English to

Threaded View
On 8/11/2014 10:27 PM, DaveC wrote:
Quoted text here. Click to load it

How determined an adversary are you trying to protect against?
How much "defacing" of the equipment are YOU willing to undertake?

Re: Securing TE to the bench?
Hi Joerg,

On 8/12/2014 1:03 PM, Joerg wrote:
Quoted text here. Click to load it

Which is why it is important to quantify your prospective attacker!

A new neighbor came over one hot summer Sunday complaining that he had
locked himself out of the house -- along with his wife and newborn
son.  Apparently, the locksmith (in addition to wanting a fair bit of
money for a house call on Sunday) wouldn't come to the house until
"after the game".

It took me a bit more than a minute to figure out how to get into
his house -- without leaving any visible signs of damage/entry.
The look in his eyes was priceless:  "THIS is my new neighbor???
Perhaps I'd best keep on his 'good side'!"

Locks keep honest people honest.

Re: Securing TE to the bench?
Don Y wrote:
Quoted text here. Click to load it

My McGyver moment came in a missing child case. Not much time was
available. The parents asked me to see if the computer could be accessed
somehow but that it was password-protected for each user. A few minutes
later it was open, for all users, the whole wide hard drive. Some jaws
dropped when dad saw his tax return files pop up. Of course I did not
open any of those.


Quoted text here. Click to load it

--  
Regards, Joerg

http://www.analogconsultants.com/

Re: Securing TE to the bench?
Hi Joerg,

On 8/13/2014 2:47 PM, Joerg wrote:

Quoted text here. Click to load it

Most people don't think about how to get around "security"
measures -- which is why they are reasonably effective!
I.e., the *initial* impediment tells them, "you shouldn't
be doing this" -- and, they comply!

But, if you are *truly* trying to protect something, then you
have to take into consideration *every* adversary.  Including
those that would "invest" *more* than the (apparent!) value of
the item being protected (perhaps because they evaluate its
value -- and their costs! -- on a different scale from yours)

A friend is actively involved in disaster preparedness for
state and federal agencies.  He always delights in how "well"
the drills, full-scale exercises turn out!  I gently remind
him that the folks involved in those drills *want* them to work
out well -- even the "volunteers" posing as victims, etc.

"Want an idea of what a *real* scenario will likely be?  Put
a pile of cash in the room (i.e., the "scarce resources you will
be metering out in a disaster) and open the event 'to all comers'.
And, make sure you've got live ammo in your weapons -- cuz some
of the self-invited participants likely will!"

Re: Securing TE to the bench?
Hi Andrew,

On 8/15/2014 7:23 AM, Andrew Gabriel wrote:
Quoted text here. Click to load it

It doesn't even take that sort of effort!  Most of the "locking devices"
that fit into the Kensington "slot" are very insecure -- easily "picked"
with a metal shim, etc.

Plastic cases with Kensington slots usually have a thin piece of
sheet metal on the inside to reinforce the "slot".  But, it's still
relatively easy to grind away the plastic *and* that thin bit of sheet
metal (assuming the vendor hasn't decided to save a few micropennies
by eliminating it -- "locks keep honest people honest").

The laptop I fixed two days ago had an aluminum (?) case.  It would have
taken all of 60 seconds to grind *around* the slot with a Dremel
(TmReg) and a small diameter "ball" milling tip.  And, once free, clean
up the hole with the same tip.  You could then LEAVE the clean hole
in place without fear of exposing the innards of the device as there is
usually an inner barrier to prevent the lock bits from infiltrating the
case!

Quoted text here. Click to load it

Actually, more of a prism than cube.  A hole drilled "left to right"
(or top to bottom, depending on orientation) through it.  Then,
another *recess* (square hole) cast into the piece normal to this
into which the fastening screw is placed and secured to the case.

Quoted text here. Click to load it

As there is typically a plastic "skin" over an internal metal
structure (which receives the screw's threads), unless the
lock block is secured *well* (i.e., screwed down TIGHT), the
slop between the plastic case and inner metal frame is often
enough (with inward pressure) to allow you to rotate the block.
Of course, no guarantee that the screw head will rotate *with*
the block -- you could end up just spinning the block 'round
and 'round (with cable in the way while you are doing this!).

But, as with the Kensington approach, a Dremel can easily
grind through the little bit of metal "above" the cable to turn
the hole into a *slot* -- from which the cable can readily be
extracted.  The locking block can then be removed and discarded
(if you don't want to be reminded of your transgression).  Or,
replaced with another "borrowed" from another piece of kit
(the block and screw aren't typically needed to hold the case
closed; their function is largely anti-theft).

Locks keep honest people honest.  As the OP still hasn't indicated
the level of threat that is faced (and attacker's motivation),
all this is just speculation.



Re: Securing TE to the bench?
On 8/15/2014 11:59 AM, Don Y wrote:
Quoted text here. Click to load it

You don't understand how a Kensington lock is intended to work.  The  
point is not to keep a laptop from being taken by brute force.  The  
intent is to require that enough damage be done to the laptop in the  
process that no one will want the unit.  Grinding a gaping hole in the  
side greatly reduces any resale value of a laptop which is already not  
much to begin with.  Used laptops aren't worth much and one with obvious  
case damage is nearly worthless.

That said, lab equipment is a different animal and is worth a large  
portion of its original value.  A hole in the side might reduce it some,  
but there would still be plenty of value to make it worth stealing even  
if it requires doing some damage.

--  

Rick

Re: Securing TE to the bench?
On 8/19/2014 3:46 PM, rickman wrote:
Quoted text here. Click to load it

---------------^^^^^^ have you ruled out the *thief*?  -- who may be
very happy with a $1500 laptop that has a "gaping hole" in the back
(that he has since covered with duct tape, Bondo, etc.)

Quoted text here. Click to load it

Cut the cable by which the "lock-mate" tethers the laptop to
<whatever>.  Remove the remaining piece in the privacy/safety
of your own home.  (this assume you have never hacked the locking
device in question -- and have never used a search engine to see
how easy it is!)

Most of the Kensington devices that I have seen are easily
thwarted (shims, picks, etc. -- e.g., a thin sheet of CARDBOARD,
fragment of a soda can, etc!).

I understand how ALL locks work:  locks keep honest people honest.
Period.

Re: Securing TE to the bench?
Quoted text here. Click to load it

Going out on a limb here- I doubt the local lockpicking club is the group  
breaking into and robbing homes in the OP's area. You don't need a clever  
locks on stuff.  

Doped up, shitty, smash and grab then sell for 3% of actual value idiots  
are probably at work.

If you make the job hard enough, people either move on or just get angry  
and toss stuff around.

The neighbor across the back porch got broken into while I was home once.  
They had a modern, thin, poorly installed door that broke down like old  
crappy car. Hell, the thing looked like a bathroom door, but with glossy  
paint. They never even tried my door, even though it's in a more hidden  
area. My only guess is a 1000 year old solid wood door with 800 locks  
would have been more work. I also keep enough junk by the door so you  
can't even get the space for a good kick, not that that would break it  
down anyways, which how most doors around here are compromised anyways.







Re: Securing TE to the bench?
On Wed, 20 Aug 2014 15:51:26 +0000 (UTC), Cydrome Leader

Quoted text here. Click to load it
You have no windows?  If there is a window available, no steel door or
vault lock is going to do a damned thing.  They're just for the honest
and insurance companies.


Re: Securing TE to the bench?
In sci.electronics.repair snipped-for-privacy@attt.bizz wrote:
Quoted text here. Click to load it

The doors have no windows. If you want climb in a window, you better have  
a good extension ladder. Again, you can get in, it's just more on a pain  
in the ass than breaking into the other units which don't require all the  
effort.





Re: Securing TE to the bench?
On Wed, 20 Aug 2014 20:10:52 +0000 (UTC), Cydrome Leader

Quoted text here. Click to load it
Again, locks or doors don't do anything to stop anyone who wants to
get in.  It sounds like you're on the second floor, which is likely
why they went elsewhere.  The quality of the door, and particularly
the lock, are irrelevant.


Re: Securing TE to the bench?
In sci.electronics.repair snipped-for-privacy@attt.bizz wrote:
Quoted text here. Click to load it

the methods they use to break down doors, old and new differs and the one  
for old doors is actually pretty clever. None of which even involve  
touching the lock, unless you've got a $12 Kwikset lock and nothing more.

Either way, when you're a harder target, people look elsewhere.

Take for instance robbing a bank. You walk in, hand over a note, get a  
token amount of money, nobody puts up a fight and you walk out. It's  
apparently not hard at all once you cross that moral line. Surprise,  
there's lots of serial bankrobbers, and it would seem most never get  
caught as banks only believe in slow-scan quarter VGA-res security  
cameras.








Re: Securing TE to the bench?
On Wed, 20 Aug 2014 23:44:21 +0000 (UTC), Cydrome Leader

Quoted text here. Click to load it

Who cares?  There are easier ways to get into 99.9% of homes than
busting down a door or picking a lock.

Quoted text here. Click to load it

Agreed but a solid front door and lock aren't included.  Lights are
likely the best insurance (after buying insurance ...and a gun).  A
sign stolen from an alarm company might help, too.  ;-)

Quoted text here. Click to load it

If you think it's that easy, you're nuts. Sure, it's easy, once.  It's
easy twice, but pretty soon you're on the TMWL.  The FBI doesn't treat
bank robbery kindly, even though the average take is less than $4K.

Quoted text here. Click to load it

Re: Securing TE to the bench?
In sci.electronics.repair snipped-for-privacy@attt.bizz wrote:
Quoted text here. Click to load it

It doesn't matter what the FBI likes or doesn't like. If you rob a bank,  
you walk away with some small amount of money, each and every time. Nobody  
resists. Tellers don't jump the counter with baseball bats like at a  
liquir store and fight back.

You might get caught, eventually, and it seems many serial robbers never  
get caught.  



Re: Securing TE to the bench?
On Thu, 21 Aug 2014 18:03:59 +0000 (UTC), Cydrome Leader

Quoted text here. Click to load it

The FBI is all over bank robberies.  It pisses 'em off.  As it gets to
be more of a "serial" issue, the heat turns up quickly.  

Quoted text here. Click to load it

I doubt that.  They will eventually get caught.  They aren't the
brightest of the criminal class.

Re: Securing TE to the bench?
In sci.electronics.repair snipped-for-privacy@attt.bizz wrote:
Quoted text here. Click to load it

Is there enough heat for the government workers to take a break from  
taking breaks and actually, lift themselves out of a chair and actually do  
some work?

Probably not is my guess.

Quoted text here. Click to load it

It doesn't require brightness. But unless you leave your ID at the counter  
or just made a withdrawl from your own account, you're probably going to  
get away with it.

Hell, you can search for bankrobbers by their nicknames:

https://bankrobbers.fbi.gov/

Of course the site is completely broken, search doesn't work and it shows  
no robberies in Chicago at all. This website must have cost at least  
$10million to get to the point it is at now.

Re: Securing TE to the bench?
On 8/19/2014 7:35 PM, Don Y wrote:
Quoted text here. Click to load it

All sorts of things are possible.  A Kensington lock deters a large  
percentage of would be thieves.  It is a practical solution that  
provides a reasonable amount of protection for a low price and a minimum  
inconvenience.  If you have a $1500 laptop and want to eliminate any  
chance of it being stolen, you can always keep it in your safe deposit  
box.  :)

--  

Rick

Re: Securing TE to the bench?
On 8/20/2014 9:21 AM, rickman wrote:
Quoted text here. Click to load it

They keep folks who need a "gentle reminder" that "Thou Shalt Not Steal"
from stepping over the line.  Most "protection devices" have obvious
flaws or simple exploits.  E.g., many homes have sliding doors that
are installed improperly.  Your neighbors won't exploit it to enter
your home while you are out -- but, a thief would be glad to do so!

Reasons/motivations for an actual "theft" vary.

When I was in school, picking locks was "just something you did".
No big deal.

A friend used to wander the basements of the school methodically
picking EVERY lock -- leaving the doors, etc. UNlocked when their
occupants arrived in the morning.  To him, it was just "practice".

Apparently, one day, he decided to do more than just pick the locks,
no doubt encouraged by how *easy* it was.  He was gone a few days
later.

Re: Securing TE to the bench?

Don Y wrote:
Quoted text here. Click to load it


   They bragged about how secure the pushbutton locks were at a defense
plant where I worked.  I laughed and told them they were useless.  They
quoted the number of possible combinations. I shrugged, looked at the
lock, bunched five buttons and opened the door.  They demanded to know
who gave me the combination. I smiled and told them, Your cleaning
service.  I was told, in no uncertain terms that they were not given the
codes.  Then I pointed out that they were not cleaning the face plates
so All I had to do was look at one of the locks to know the code.  They
didn't believe me, so I walked down the hall, opening one restricted
area after another. The next day, the chrome bezels were clean and they
looked like they had been waxed. ;-)


--  
Anyone wanting to run for any political office in the US should have to
have a DD214, and a honorable discharge.

Re: Securing TE to the bench?
Hi Michael,

On 8/20/2014 11:14 AM, Michael A. Terrell wrote:

Quoted text here. Click to load it

Ha!   "Ooops!"

It seems that most people don't have the skillset/mindset to be able
to look at problems from BOTH sides.  Designing a lock?  Think about
how you WILL be able to defeat it.  If you can't find a flaw, then
you're not qualified to design the lock!  :<

A colleague was touting use of a tool that automatically blocked
logins from a particular computer (i.e., IP address) after some
number of failed login attempts.  He considered this a deterrent
to folks trying to hack into the system.  I posed the following
scenario:
    Every day, at lunch hour or before work (i.e., when few people
    are around to observe me), I wander into each office/cubicle
    and attempt to logon to the "bob" (my colleague) account several
    times.  So often that the system protects itself by locking out
    login attempts for "bob" on that particular computer.  As none
    of these officeholders *are* "bob", it won't bother them; nor
    will Bob likely ever attempt to access his account from *their*
    office(s).  I.e., I can take my sweet time doing this -- many
    days!  When all of the computers have been "poisoned", I can
    now walk into Bob's office, before work, and repeat the process
    for *him*!  When he arrives and tries to logon, he'll be denied.
    When he walks across the hall to Joe's office to try from there,
    he will ALSO be denied.   Etc.
Granted, I haven't "stolen" anything from Bob or the company...
except the time required to set this right -- Bob's trip to the
IT department to explain that he has been locked out of the
system for some reason (he probably hasn't considered that he's
just been locked out of these COMPUTERS... he's probably wondering
if he's going to be escorted out of the building in an unannounced
LAYOFF!  :> )  But, a mechanism that he intended for one purpose
has been effectively used for another -- at some unintended expense!

One day, neighbor complained that their garage door was open when
it shouldn't have been.  Apparently, happened several times!
Until they were outside one day as we drove in OUR driveway and
opened OUR door.  As they saw *their* door open, they knew what the
problem was!

Listen to the folks who sell those sorts of devices and they will
tell you how "virtually impossible" it is to get the correct "code".
Yet, we did it purely by chance!

Come up with a proposed system; then, turn the bill on your hat
around and try to *break* it!

Site Timeline