The US was one arming switch away from nuking North Carolina in 1961. This and a bunch of other really scary nuclear-related accidents are covered in Command & Control: http://www.amazon.com/Command-Control-Damascus-Accident-Illu...
I guess the physical equivalent is a knox box as illustrated here https://www.rsaconference.com/writable/presentations/file_up...
Just saying, our life is full of secret master keys. Most of the products built here rely on secret master keys. There really isn't any way to get around secret master keys.
The problem here is that we don't trust the TSA to secure said master keys. In part because it's an incredibly hard problem since any image capture device glimpsing them can enable reproduction, but also because the TSA doesn't incentivise its employees well enough (see pay bands here: http://www.federallawenforcement.org/tsa/ and note that airport security folks won't be making even $70k a year).
That's why things like certificate pinning, DANE (using DNSSEC for SSL certificates), and HSTS were invented.
Its not really the key system so much as the fact that the first step of trust is broken because end-users aren't directly choosing trusted root CAs, they are being chosen on behalf of the end users by third parties whose interests aren't aligned with those of the end user, and who do as much as possible to remove (or at least obscure) end-user control of that most fundamental step in the delegation of trust that underlies SSL's key system.
Is it really that simple with modern locks? I thought they had gotten good at foiling this kind of attack.
When I was a junior in high school, me and some buddies got into lock picking. Our goal was to be able to break into the school and explore places we weren't supposed to go. We could get in and out and no one would be the wiser.
One of my friends figure out the janitors only had two master keys they used for every lock in the school. We were able to steal one, and reproduce it several times for each of the team members and get it returned without them suspecting anything. For two years, we roamed every part of the school and discovered some amazing things about our school that no one would ever know except us.
For two years we had a run of the place, then turned them over to another group of incoming students were hackers like us. They did the same thing and it went on for several years and became somewhat of an urban legend. It finally ended when one group used the keys to break in and vandalize the school. Afterwards, the locks were changed, cameras and alarms were put in and all the fun ended.
But your point is spot on.
A bent coat hanger and some string made for a device that could quickly and reliably open doors.
Most physical security works by perpetuating illusions.
Well, don't leave us hanging...
- Passages to the roof outside the normal fire escapes.
- A bunch of underground tunnels (not steam tunnels) that ran under the school and connected to god knows where - all three tunnels ended at another set of locked double doors we couldn't seem to open with our lockpick set at the time. We think it may have been some 1940's bomb shelter or something.
- The best was being in the maintenance rooms where they fixed stuff and had some really cool tools and tons of stuff in various stages of being torn apart. We also figured out the janitors had tools to break into the combination locks that secured all of our lockers which raised a few eyebrows.
- All the outdoor storage areas. My school had four huge garages built into the side of a hill where all the sports equipment like track and field hurdles, landing mats, soccer goals and nets. They contained all kinds of balls and other things that probably shouldn't be stored there like jersey's, warm up suits, etc. It felt like stepping back into time since a lot of the stuff in there hadn't see the light of day since the 1970's.
- Tons of empty storage rooms that were located throughout the school. This was the real reason we wanted to get those master keys. They just seemed completely random. Like in one hall, there were three, non-descript doors. No "Maintenance Only" or "No Students Allowed" posted on them. You'd almost miss them if you didn't recognize them. Some were empty, other held trophies from the 50's and 60's. Others had boxes and boxes of financial and academic records of students from long ago. Others had political flyers and pins from the 70's and 80's.
The one thing I was really proud of is that we didn't do anything nefarious. We explored the school and never vandalized anything and for the most part were responsible with the power we had. The several classes after us did the same thing, pushing farther and discovering even more nooks and crannies that they would share with the rest of the groups that came before them over pizza and pop and the local Pizza Hut.
When I read the books about the early hackers at MIT, exploring building 26, I finally knew what they felt like.
Also - https://www.schneier.com/blog/archives/2005/09/shoulder_surf...
What might be more interesting is if HN used Facebook login and its front page ranking algorithm only counted votes from people outside your friend network.
If anything, analysis of past voting should give a clue to accounts who game the system.
Moreover, the HN moderation explicitly 'owns' the community in the sense that it's their house and their rules which helps because it doesn't give people a sense of entitlement about representation. (Having some experience with the matter, nothing kills you more dead than people getting entitled and demanding a 'reasonable explanation' for every descision you make. Everybody wants theirs and it means you can't actually take any action to improve things without wading through lots of crap.)
You just use something like a pen to break the zipper mesh. Sliding the zipper back and forth when you're done will re-zip it.
Is it illegal to record someone going through your stuff? I mean, if they are just looking through it to ensure the safety of everyone, why can't I ensure the safety of my stuff?
Something like a goPro should be fine though, no visible wires and its one of the most iconic cameras these days.
And the fire arm doesn't have to be loaded and IIRC it can even be a flare gun, if you don't want to own actual firearm.
Aha, not the original text I read, but same idea: https://www.schneier.com/blog/archives/2006/09/expensive_cam...
This includes for instance pretty much any lock included with or built into luggage from Samsonite etc.
Under these circumstances, it's an impressive feat.
Hope they do not live in the USA.
Of course, they quite probably are and quite probably uploaded it from home... and hoped that any extradition wouldn't get enforced.
I think that the author does not risk anything in France. The spirit of the law is very different in US.
Surely the keys are copyrighted? :)
"One does not simply delete something from the internet."
Consider me not impressed.
True, but with the master key you could open anyone's luggage, take something out, put something in, or just examine the contents, and then close it up with no evidence that you'd done anything.
The TSA-approved locks I have to travel to the US have a small red ring. If the lock is opened with a TSA master key, the red ring appears, it has to be opened with its own key for the red thing to disappear.
So yeah, you'd know that someone has fiddled with your lock, little more.
I'm sure the TSA would be able to figure it out, but the goal would be to leave the person whose luggage it is without any reason to believe something is amiss or to bring it to the attention of the TSA in the first place.