> The officer said it was Heiss's fellow inmate - fellow murderer Shane Baker - who made the key. He said Baker was a jeweller who had jewellery-making equipment in his cell, and used this to work on the key.
This has "I don't know what I expected" written all over it
"UC San Diego computer scientists have built a software program that can perform key duplication without having the key. Instead, the computer scientists only need a photograph of the key."
Copy any key for $5 with a picture from your phone and they'll mail it to you.
Right, which means if your house is burgled within a reasonable timeframe after you use the service, they're prime suspects.
It's a pretty big risk for them, I should think.
Yes, so all it takes is somebody to rob THEM, and get keys and addresses...
Which would legitimately take the heat off of them, so it would be in their interests to fake a robbery of themselves not long before their real robberies of others begin.
Ah, but I'm just getting started! If you wanted to rob houses and frame them, just rob them first. The police and everyone else will think your real robbery was faked by the company, as per my previous paragraph, so you get off scot free.
Robbception, it would be called.
It's strange, but I really find it hard to come up with a legitimate reason for this service - I think there's a place that'll copy my keys down the street from me. It would take me less time to get my keys copied there on the way home than it would to actually check my mail when I get home.
To abuse the online service, you need a valid credit card not in your name or traceable to you, a valid anonymous dropbox to ship to, a clean shot of the key, and an anonymous or well concealed IP address.
To abuse the local service, you need the key, some cash, and about 20 minutes.
Neither is immune to abuse.
In theory, they could encrypt the data with a public key before it ever hits the database (or any other permanent storage) and ensure the matching private key is never stored on the same computer.
This is why barely a day can go by these days without some some story popping up on HN about "Company XYZ was hacked, customer data exposed".
Plus, you could use a VISA prepaid card.
Interesting about the redaction. Presumably that's to guard your home if the picture is ever compromised?
The prepaid card only worked in person too, never online. (I assume they did this by having a bogus or placeholder name attached in their database, which would fail any basic verification checks done by an online seller, but work just fine at a local retailer.
Slim. You'd have to catch the perpetrator first and then figure out how he got a key.
99.99999% of people don't even know a service like this exists let alone to check if their house key was duplicated there before it got robbed.
PS I learned most of this at Texas Fireman's Training Academy (and just paying attention to my surroundings), in case you're wondering.
This allows you to keep a digital copy of your key. In the event that something unexpected happens, like you are in a different state and you misplace your car keys, you have a digital backup that can be turned into a physical key.
Do you really find it hard? Let me help you out then. First, there are people who don't live next to a locksmith. Second, there are people who drive home instead of walking, and an extra stop while driving certainly takes more time than checkin mail. Third, there are people who check their mail regularly anyway. Which is pretty much everyone.
That leaves us with all of the people who walk home, live next to a locksmith, and don't check their mail regularly, who can't make good use of this service.
Didn't ask for ID, didn't ask for _anything_ other than payment and what door I wanted to open.
So you don't need this service, you just need to pay a locksmith.
Not only would a photo of it be useless, they'd be also much harder to print (still fairly easy to cut though, but you'd have a hard time doing it manually - it would have to be done by a machine precisely measuring the movements in most cases).
And some high-security keys don't have teeth at all. They have dimples of varying depth on the side of the key serving the same function instead. These don't jot out and are very hard to copy even photographically.
I bet somebody originally wanted an aerial shot of the prison, but someone else wisely objected because that would be bad security move - giving prisoners a map of the area...
If someone wants something of yours, the only way to keep it out of their possession is to either bank on their honesty or laziness, or to guard it.
The problem of visual key copying can be easily solved by either making keys in a shape that doesn't allow to see the ridges easily (something like 'E' with middle bar being the actual key) or by making a "dynamic" key that changes shape after you insert it into the lock.
Good password selection thinking should be commonsense by now to people who post here, but it seems like there's still a lot of work to be done educating the general (less geeky) public.
Or just smarter keys like cars have these days (which have pretty much stopped non flat-bed car theft).
If there was a computer and a password printed on those booklets it would have spurred new silly internet laws.
"someone has made a copy of the key which opens ALL Diebold e-voting machines from a picture on the company's own website"
Am I the only one who thinks that's somewhat philosophical? :)