Securing TE to the bench?

[Phil Hobbs]

On 8/20/2014 6:31 PM, krw@attt.bizz wrote:

On Wed, 20 Aug 2014 14:14:07 -0400, "Michael A. Terrell"
mike.terrell@earthlink.net> wrote:


Don Y wrote:

On 8/20/2014 9:21 AM, rickman wrote:
Most of the Kensington devices that I have seen are easily
thwarted (shims, picks, etc. -- e.g., a thin sheet of CARDBOARD,
fragment of a soda can, etc!).

I understand how ALL locks work: locks keep honest people honest.
Period.

All sorts of things are possible. A Kensington lock deters a large
percentage of would be thieves. It is a practical solution that provides
a reasonable amount of protection for a low price and a minimum
inconvenience. If you have a $1500 laptop and want to eliminate any
chance of it being stolen, you can always keep it in your safe deposit
box.

They keep folks who need a "gentle reminder" that "Thou Shalt Not Steal"
from stepping over the line. Most "protection devices" have obvious
flaws or simple exploits. E.g., many homes have sliding doors that
are installed improperly. Your neighbors won't exploit it to enter
your home while you are out -- but, a thief would be glad to do so!

Reasons/motivations for an actual "theft" vary.

When I was in school, picking locks was "just something you did".
No big deal.

A friend used to wander the basements of the school methodically
picking EVERY lock -- leaving the doors, etc. UNlocked when their
occupants arrived in the morning. To him, it was just "practice".

Apparently, one day, he decided to do more than just pick the locks,
no doubt encouraged by how *easy* it was. He was gone a few days
later.


They bragged about how secure the pushbutton locks were at a defense
plant where I worked. I laughed and told them they were useless. They
quoted the number of possible combinations. I shrugged, looked at the
lock, bunched five buttons and opened the door. They demanded to know
who gave me the combination. I smiled and told them, Your cleaning
service. I was told, in no uncertain terms that they were not given the
codes. Then I pointed out that they were not cleaning the face plates
so All I had to do was look at one of the locks to know the code. They
didn't believe me, so I walked down the hall, opening one restricted
area after another. The next day, the chrome bezels were clean and they
looked like they had been waxed. ;-)

Hell, one place I worked had the "cipher" lock combinations written on
the door jams. Writing them backwards was even enough to keep the
dummies in security happy.

At one place I used to work, most of the combinations were either "1492"
or the last four digits of the owner's office phone number.

Cheers

Phil Hobbs

--
Dr Philip C D Hobbs
Principal Consultant
ElectroOptical Innovations LLC
Optics, Electro-optics, Photonics, Analog Electronics

160 North State Road #203
Briarcliff Manor NY 10510

hobbs at electrooptical dot net
http://electrooptical.net

 

[rickman]

On 8/17/2014 11:56 PM, DaveC wrote:

How about a better grade of employee. Perhaps only hire those that
don't need to steal to support their drug habit.

This is my business workbench/equipment in my home. Some homes have been
burglarized recently: smash a door glass, open the door, march the proceeds
out to the driveway (where a van has been waiting with rear doors right up
against the house) and load up everything.

I have a second home that I used to lock up tight. I came down one
weekend to find it had been broken into. They smashed a window in the
garage door so they could reach the inside latch knob... only to find
they couldn't open the door anyway because it was on a door opener and
they weren't smart enough to reach up for the release handle. lol

But after breaking the glass they found a basement door I had forgotten
to lock. It was just kids who took the liquor and made a bit of a mess,
but didn't do any real damage. Now I just leave all the doors open and
no one has come in for the last 15 years.

The best prevention is just not having anything that would be stolen I
think. I might get a big TV at some point now that I have Internet.

--

Rick

 

On Wed, 20 Aug 2014 18:58:07 -0400, Phil Hobbs
<pcdhSpamMeSenseless@electrooptical.net> wrote:

On 8/20/2014 6:31 PM, krw@attt.bizz wrote:
On Wed, 20 Aug 2014 14:14:07 -0400, "Michael A. Terrell"
mike.terrell@earthlink.net> wrote:


Don Y wrote:

On 8/20/2014 9:21 AM, rickman wrote:
Most of the Kensington devices that I have seen are easily
thwarted (shims, picks, etc. -- e.g., a thin sheet of CARDBOARD,
fragment of a soda can, etc!).

I understand how ALL locks work: locks keep honest people honest.
Period.

All sorts of things are possible. A Kensington lock deters a large
percentage of would be thieves. It is a practical solution that provides
a reasonable amount of protection for a low price and a minimum
inconvenience. If you have a $1500 laptop and want to eliminate any
chance of it being stolen, you can always keep it in your safe deposit
box.

They keep folks who need a "gentle reminder" that "Thou Shalt Not Steal"
from stepping over the line. Most "protection devices" have obvious
flaws or simple exploits. E.g., many homes have sliding doors that
are installed improperly. Your neighbors won't exploit it to enter
your home while you are out -- but, a thief would be glad to do so!

Reasons/motivations for an actual "theft" vary.

When I was in school, picking locks was "just something you did".
No big deal.

A friend used to wander the basements of the school methodically
picking EVERY lock -- leaving the doors, etc. UNlocked when their
occupants arrived in the morning. To him, it was just "practice".

Apparently, one day, he decided to do more than just pick the locks,
no doubt encouraged by how *easy* it was. He was gone a few days
later.


They bragged about how secure the pushbutton locks were at a defense
plant where I worked. I laughed and told them they were useless. They
quoted the number of possible combinations. I shrugged, looked at the
lock, bunched five buttons and opened the door. They demanded to know
who gave me the combination. I smiled and told them, Your cleaning
service. I was told, in no uncertain terms that they were not given the
codes. Then I pointed out that they were not cleaning the face plates
so All I had to do was look at one of the locks to know the code. They
didn't believe me, so I walked down the hall, opening one restricted
area after another. The next day, the chrome bezels were clean and they
looked like they had been waxed. ;-)

Hell, one place I worked had the "cipher" lock combinations written on
the door jams. Writing them backwards was even enough to keep the
dummies in security happy.

At one place I used to work, most of the combinations were either "1492"
or the last four digits of the owner's office phone number.

They were writing it on the door jam because security demanded that it
be changed every month (or two?). No one could remember the
combinations, so... Similar things happen with passwords, today.

Before they were required to change the combinations regularly, it was
often '1', or '5'.

 

On Wed, 20 Aug 2014 19:03:32 -0400, rickman <gnuarm@gmail.com> wrote:

On 8/17/2014 11:56 PM, DaveC wrote:
How about a better grade of employee. Perhaps only hire those that
don't need to steal to support their drug habit.

This is my business workbench/equipment in my home. Some homes have been
burglarized recently: smash a door glass, open the door, march the proceeds
out to the driveway (where a van has been waiting with rear doors right up
against the house) and load up everything.

I have a second home that I used to lock up tight. I came down one
weekend to find it had been broken into. They smashed a window in the
garage door so they could reach the inside latch knob... only to find
they couldn't open the door anyway because it was on a door opener and
they weren't smart enough to reach up for the release handle. lol

But after breaking the glass they found a basement door I had forgotten
to lock. It was just kids who took the liquor and made a bit of a mess,
but didn't do any real damage. Now I just leave all the doors open and
no one has come in for the last 15 years.

The best prevention is just not having anything that would be stolen I
think. I might get a big TV at some point now that I have Internet.

The better prevention is to live in an area that isn't infested with
druggies and bums (often the same). Not having any valuables is a
rather poor solution.

 

[Michael A. Terrell]

Phil Hobbs wrote:

On 8/20/2014 6:31 PM, krw@attt.bizz wrote:
On Wed, 20 Aug 2014 14:14:07 -0400, "Michael A. Terrell"
mike.terrell@earthlink.net> wrote:


Don Y wrote:

On 8/20/2014 9:21 AM, rickman wrote:
Most of the Kensington devices that I have seen are easily
thwarted (shims, picks, etc. -- e.g., a thin sheet of CARDBOARD,
fragment of a soda can, etc!).

I understand how ALL locks work: locks keep honest people honest.
Period.

All sorts of things are possible. A Kensington lock deters a large
percentage of would be thieves. It is a practical solution that provides
a reasonable amount of protection for a low price and a minimum
inconvenience. If you have a $1500 laptop and want to eliminate any
chance of it being stolen, you can always keep it in your safe deposit
box.

They keep folks who need a "gentle reminder" that "Thou Shalt Not Steal"
from stepping over the line. Most "protection devices" have obvious
flaws or simple exploits. E.g., many homes have sliding doors that
are installed improperly. Your neighbors won't exploit it to enter
your home while you are out -- but, a thief would be glad to do so!

Reasons/motivations for an actual "theft" vary.

When I was in school, picking locks was "just something you did".
No big deal.

A friend used to wander the basements of the school methodically
picking EVERY lock -- leaving the doors, etc. UNlocked when their
occupants arrived in the morning. To him, it was just "practice".

Apparently, one day, he decided to do more than just pick the locks,
no doubt encouraged by how *easy* it was. He was gone a few days
later.


They bragged about how secure the pushbutton locks were at a defense
plant where I worked. I laughed and told them they were useless. They
quoted the number of possible combinations. I shrugged, looked at the
lock, bunched five buttons and opened the door. They demanded to know
who gave me the combination. I smiled and told them, Your cleaning
service. I was told, in no uncertain terms that they were not given the
codes. Then I pointed out that they were not cleaning the face plates
so All I had to do was look at one of the locks to know the code. They
didn't believe me, so I walked down the hall, opening one restricted
area after another. The next day, the chrome bezels were clean and they
looked like they had been waxed. ;-)

Hell, one place I worked had the "cipher" lock combinations written on
the door jams. Writing them backwards was even enough to keep the
dummies in security happy.

At one place I used to work, most of the combinations were either "1492"
or the last four digits of the owner's office phone number.

And they still had trouble getting into their offices, first thing in
the morning. ;-)

--
Anyone wanting to run for any political office in the US should have to
have a DD214, and a honorable discharge.

 

[Phil Hobbs]

On 8/20/2014 7:10 PM, Michael A. Terrell wrote:

Phil Hobbs wrote:

On 8/20/2014 6:31 PM, krw@attt.bizz wrote:
On Wed, 20 Aug 2014 14:14:07 -0400, "Michael A. Terrell"
mike.terrell@earthlink.net> wrote:


Don Y wrote:

On 8/20/2014 9:21 AM, rickman wrote:
Most of the Kensington devices that I have seen are easily
thwarted (shims, picks, etc. -- e.g., a thin sheet of CARDBOARD,
fragment of a soda can, etc!).

I understand how ALL locks work: locks keep honest people honest.
Period.

All sorts of things are possible. A Kensington lock deters a large
percentage of would be thieves. It is a practical solution that provides
a reasonable amount of protection for a low price and a minimum
inconvenience. If you have a $1500 laptop and want to eliminate any
chance of it being stolen, you can always keep it in your safe deposit
box.

They keep folks who need a "gentle reminder" that "Thou Shalt Not Steal"
from stepping over the line. Most "protection devices" have obvious
flaws or simple exploits. E.g., many homes have sliding doors that
are installed improperly. Your neighbors won't exploit it to enter
your home while you are out -- but, a thief would be glad to do so!

Reasons/motivations for an actual "theft" vary.

When I was in school, picking locks was "just something you did".
No big deal.

A friend used to wander the basements of the school methodically
picking EVERY lock -- leaving the doors, etc. UNlocked when their
occupants arrived in the morning. To him, it was just "practice".

Apparently, one day, he decided to do more than just pick the locks,
no doubt encouraged by how *easy* it was. He was gone a few days
later.


They bragged about how secure the pushbutton locks were at a defense
plant where I worked. I laughed and told them they were useless. They
quoted the number of possible combinations. I shrugged, looked at the
lock, bunched five buttons and opened the door. They demanded to know
who gave me the combination. I smiled and told them, Your cleaning
service. I was told, in no uncertain terms that they were not given the
codes. Then I pointed out that they were not cleaning the face plates
so All I had to do was look at one of the locks to know the code. They
didn't believe me, so I walked down the hall, opening one restricted
area after another. The next day, the chrome bezels were clean and they
looked like they had been waxed. ;-)

Hell, one place I worked had the "cipher" lock combinations written on
the door jams. Writing them backwards was even enough to keep the
dummies in security happy.

At one place I used to work, most of the combinations were either "1492"
or the last four digits of the owner's office phone number.


And they still had trouble getting into their offices, first thing in
the morning. ;-)

Offices had key locks, most labs had keys and cypher locks.

Cheers

Phil Hobbs

--
Dr Philip C D Hobbs
Principal Consultant
ElectroOptical Innovations LLC
Optics, Electro-optics, Photonics, Analog Electronics

160 North State Road #203
Briarcliff Manor NY 10510

hobbs at electrooptical dot net
http://electrooptical.net

 

[Michael A. Terrell]

Phil Hobbs wrote:

On 8/20/2014 7:10 PM, Michael A. Terrell wrote:

Phil Hobbs wrote:

On 8/20/2014 6:31 PM, krw@attt.bizz wrote:
On Wed, 20 Aug 2014 14:14:07 -0400, "Michael A. Terrell"
mike.terrell@earthlink.net> wrote:


Don Y wrote:

On 8/20/2014 9:21 AM, rickman wrote:
Most of the Kensington devices that I have seen are easily
thwarted (shims, picks, etc. -- e.g., a thin sheet of CARDBOARD,
fragment of a soda can, etc!).

I understand how ALL locks work: locks keep honest people honest.
Period.

All sorts of things are possible. A Kensington lock deters a large
percentage of would be thieves. It is a practical solution that provides
a reasonable amount of protection for a low price and a minimum
inconvenience. If you have a $1500 laptop and want to eliminate any
chance of it being stolen, you can always keep it in your safe deposit
box.

They keep folks who need a "gentle reminder" that "Thou Shalt Not Steal"
from stepping over the line. Most "protection devices" have obvious
flaws or simple exploits. E.g., many homes have sliding doors that
are installed improperly. Your neighbors won't exploit it to enter
your home while you are out -- but, a thief would be glad to do so!

Reasons/motivations for an actual "theft" vary.

When I was in school, picking locks was "just something you did".
No big deal.

A friend used to wander the basements of the school methodically
picking EVERY lock -- leaving the doors, etc. UNlocked when their
occupants arrived in the morning. To him, it was just "practice".

Apparently, one day, he decided to do more than just pick the locks,
no doubt encouraged by how *easy* it was. He was gone a few days
later.


They bragged about how secure the pushbutton locks were at a defense
plant where I worked. I laughed and told them they were useless. They
quoted the number of possible combinations. I shrugged, looked at the
lock, bunched five buttons and opened the door. They demanded to know
who gave me the combination. I smiled and told them, Your cleaning
service. I was told, in no uncertain terms that they were not given the
codes. Then I pointed out that they were not cleaning the face plates
so All I had to do was look at one of the locks to know the code. They
didn't believe me, so I walked down the hall, opening one restricted
area after another. The next day, the chrome bezels were clean and they
looked like they had been waxed. ;-)

Hell, one place I worked had the "cipher" lock combinations written on
the door jams. Writing them backwards was even enough to keep the
dummies in security happy.

At one place I used to work, most of the combinations were either "1492"
or the last four digits of the owner's office phone number.


And they still had trouble getting into their offices, first thing in
the morning. ;-)

Offices had key locks, most labs had keys and cypher locks.

How about the coffee machines? ;-)



--
Anyone wanting to run for any political office in the US should have to
have a DD214, and a honorable discharge.

 

>" I raised hell at Microdyne when i caught someone coming in early and
using my computer to access AOL. My boss told me it was none of my
business, so I escalated it, till they did something about it. Every
website visited or that someone tried to visit was logged in their
nannyware and I wasn't going to be blamed for some idiot watching porn
or infecting the computers. The same dumbass brought an infected floppy
disk to work, to create a bootdisk after he screwed up his computer. I
caught him as he screwed up the sixth computer on our production floor. "

Mabye you hate me, but that is a cool story. My exroomie (it was MY house) fucked up two of my PCs. Did the same thing to the other that fucked up the one. I wish he knew my gun was so close to my hand. Motehrfucker.

Tjhe fuck is wrong with people ? Another dude calls me and says he is on the way to my house with his computer andf his olady's. Clicked on some site and got that "FBI warning" shit. you gotta pay to get your PC unlocked. Afyer this happened to his he did it to his olady's PC. WTF ?

I asked him if he has the disks came with them Said no. Turned around.

Fucking people, the world would be a hell of alot beter off wihtout them.

 

On Wed, 20 Aug 2014 23:44:21 +0000 (UTC), Cydrome Leader
<presence@MUNGEpanix.com> wrote:

In sci.electronics.repair krw@attt.bizz wrote:
On Wed, 20 Aug 2014 20:10:52 +0000 (UTC), Cydrome Leader
presence@MUNGEpanix.com> wrote:

In sci.electronics.repair krw@attt.bizz wrote:
On Wed, 20 Aug 2014 15:51:26 +0000 (UTC), Cydrome Leader
presence@MUNGEpanix.com> wrote:

In sci.electronics.equipment Don Y <this@is.not.me.com> wrote:
On 8/19/2014 3:46 PM, rickman wrote:
Locks keep honest people honest. As the OP still hasn't indicated
the level of threat that is faced (and attacker's motivation),
all this is just speculation.

You don't understand how a Kensington lock is intended to work. The
point is not to keep a laptop from being taken by brute force. The
intent is to require that enough damage be done to the laptop in the
process that no one will want the unit. Grinding a gaping hole in the

---------------^^^^^^ have you ruled out the *thief*? -- who may be
very happy with a $1500 laptop that has a "gaping hole" in the back
(that he has since covered with duct tape, Bondo, etc.)

side greatly reduces any resale value of a laptop which is already not
much to begin with. Used laptops aren't worth much and one with obvious
case damage is nearly worthless.

Cut the cable by which the "lock-mate" tethers the laptop to
whatever>. Remove the remaining piece in the privacy/safety
of your own home. (this assume you have never hacked the locking
device in question -- and have never used a search engine to see
how easy it is!)

Most of the Kensington devices that I have seen are easily
thwarted (shims, picks, etc. -- e.g., a thin sheet of CARDBOARD,
fragment of a soda can, etc!).

I understand how ALL locks work: locks keep honest people honest.
Period.

Going out on a limb here- I doubt the local lockpicking club is the group
breaking into and robbing homes in the OP's area. You don't need a clever
locks on stuff.

Doped up, shitty, smash and grab then sell for 3% of actual value idiots
are probably at work.

If you make the job hard enough, people either move on or just get angry
and toss stuff around.

The neighbor across the back porch got broken into while I was home once.
They had a modern, thin, poorly installed door that broke down like old
crappy car. Hell, the thing looked like a bathroom door, but with glossy
paint. They never even tried my door, even though it's in a more hidden
area. My only guess is a 1000 year old solid wood door with 800 locks
would have been more work. I also keep enough junk by the door so you
can't even get the space for a good kick, not that that would break it
down anyways, which how most doors around here are compromised anyways.

You have no windows? If there is a window available, no steel door or
vault lock is going to do a damned thing. They're just for the honest
and insurance companies.

The doors have no windows. If you want climb in a window, you better have
a good extension ladder. Again, you can get in, it's just more on a pain
in the ass than breaking into the other units which don't require all the
effort.

Again, locks or doors don't do anything to stop anyone who wants to
get in. It sounds like you're on the second floor, which is likely
why they went elsewhere. The quality of the door, and particularly
the lock, are irrelevant.

the methods they use to break down doors, old and new differs and the one
for old doors is actually pretty clever. None of which even involve
touching the lock, unless you've got a $12 Kwikset lock and nothing more.

Who cares? There are easier ways to get into 99.9% of homes than
busting down a door or picking a lock.

>Either way, when you're a harder target, people look elsewhere.

Agreed but a solid front door and lock aren't included. Lights are
likely the best insurance (after buying insurance ...and a gun). A
sign stolen from an alarm company might help, too. ;-)

Take for instance robbing a bank. You walk in, hand over a note, get a
token amount of money, nobody puts up a fight and you walk out. It's
apparently not hard at all once you cross that moral line. Surprise,
there's lots of serial bankrobbers, and it would seem most never get
caught as banks only believe in slow-scan quarter VGA-res security
cameras.

If you think it's that easy, you're nuts. Sure, it's easy, once. It's
easy twice, but pretty soon you're on the TMWL. The FBI doesn't treat
bank robbery kindly, even though the average take is less than $4K.

 

[Michael A. Terrell]

Cydrome Leader wrote:

In sci.electronics.repair Michael A. Terrell <mike.terrell@earthlink.net> wrote:

Cydrome Leader wrote:

In sci.electronics.repair Michael A. Terrell <mike.terrell@earthlink.net> wrote:

Don Y wrote:

On 8/20/2014 9:21 AM, rickman wrote:
Most of the Kensington devices that I have seen are easily
thwarted (shims, picks, etc. -- e.g., a thin sheet of CARDBOARD,
fragment of a soda can, etc!).

I understand how ALL locks work: locks keep honest people honest.
Period.

All sorts of things are possible. A Kensington lock deters a large
percentage of would be thieves. It is a practical solution that provides
a reasonable amount of protection for a low price and a minimum
inconvenience. If you have a $1500 laptop and want to eliminate any
chance of it being stolen, you can always keep it in your safe deposit
box.

They keep folks who need a "gentle reminder" that "Thou Shalt Not Steal"
from stepping over the line. Most "protection devices" have obvious
flaws or simple exploits. E.g., many homes have sliding doors that
are installed improperly. Your neighbors won't exploit it to enter
your home while you are out -- but, a thief would be glad to do so!

Reasons/motivations for an actual "theft" vary.

When I was in school, picking locks was "just something you did".
No big deal.

A friend used to wander the basements of the school methodically
picking EVERY lock -- leaving the doors, etc. UNlocked when their
occupants arrived in the morning. To him, it was just "practice".

Apparently, one day, he decided to do more than just pick the locks,
no doubt encouraged by how *easy* it was. He was gone a few days
later.


They bragged about how secure the pushbutton locks were at a defense
plant where I worked. I laughed and told them they were useless. They
quoted the number of possible combinations. I shrugged, looked at the
lock, bunched five buttons and opened the door. They demanded to know
who gave me the combination. I smiled and told them, Your cleaning
service. I was told, in no uncertain terms that they were not given the
codes. Then I pointed out that they were not cleaning the face plates
so All I had to do was look at one of the locks to know the code. They
didn't believe me, so I walked down the hall, opening one restricted
area after another. The next day, the chrome bezels were clean and they
looked like they had been waxed. ;-)

simplex type locks are pretty hillarious, expecially when the codes can be
entered in any order, or just by hitting all the right buttons in any
order.


These had to be in the right order, but that was no problem since
each time someone pushed a button, they wiped some crud off their
fingertips. You just punched them in order of the descending crud.

One facility I worked at had some "Department of Defense" certifed keypads
(whatever that means, if anything at all, I was never told a certification
level of spec they adhered to) that were fairly smart.

The keypad had LED displays inside each swith position in the form or a
telephone keypad that could only be read at sitting in a wheelchair height
at which they were mounted. The digits at each button always changed so it
was not possible to watching somebody enter a code and then repeat it as
you could not see what they were keying in. Wear on the keypads was kept
even too, and funny business with figuring out which keys were pressed
last was useless.

Those got disconnected and they went back to keycards for some reason.

What years? Mine was mid '70s, and the DCAS inspector was one of the
group "I showed that flaw, that day.


--
Anyone wanting to run for any political office in the US should have to
have a DD214, and a honorable discharge.

 

On Wed, 20 Aug 2014 19:16:00 -0400, Phil Hobbs
<pcdhSpamMeSenseless@electrooptical.net> wrote:

On 8/20/2014 7:10 PM, Michael A. Terrell wrote:

Phil Hobbs wrote:

On 8/20/2014 6:31 PM, krw@attt.bizz wrote:
On Wed, 20 Aug 2014 14:14:07 -0400, "Michael A. Terrell"
mike.terrell@earthlink.net> wrote:


Don Y wrote:

On 8/20/2014 9:21 AM, rickman wrote:
Most of the Kensington devices that I have seen are easily
thwarted (shims, picks, etc. -- e.g., a thin sheet of CARDBOARD,
fragment of a soda can, etc!).

I understand how ALL locks work: locks keep honest people honest.
Period.

All sorts of things are possible. A Kensington lock deters a large
percentage of would be thieves. It is a practical solution that provides
a reasonable amount of protection for a low price and a minimum
inconvenience. If you have a $1500 laptop and want to eliminate any
chance of it being stolen, you can always keep it in your safe deposit
box.

They keep folks who need a "gentle reminder" that "Thou Shalt Not Steal"
from stepping over the line. Most "protection devices" have obvious
flaws or simple exploits. E.g., many homes have sliding doors that
are installed improperly. Your neighbors won't exploit it to enter
your home while you are out -- but, a thief would be glad to do so!

Reasons/motivations for an actual "theft" vary.

When I was in school, picking locks was "just something you did".
No big deal.

A friend used to wander the basements of the school methodically
picking EVERY lock -- leaving the doors, etc. UNlocked when their
occupants arrived in the morning. To him, it was just "practice".

Apparently, one day, he decided to do more than just pick the locks,
no doubt encouraged by how *easy* it was. He was gone a few days
later.


They bragged about how secure the pushbutton locks were at a defense
plant where I worked. I laughed and told them they were useless. They
quoted the number of possible combinations. I shrugged, looked at the
lock, bunched five buttons and opened the door. They demanded to know
who gave me the combination. I smiled and told them, Your cleaning
service. I was told, in no uncertain terms that they were not given the
codes. Then I pointed out that they were not cleaning the face plates
so All I had to do was look at one of the locks to know the code. They
didn't believe me, so I walked down the hall, opening one restricted
area after another. The next day, the chrome bezels were clean and they
looked like they had been waxed. ;-)

Hell, one place I worked had the "cipher" lock combinations written on
the door jams. Writing them backwards was even enough to keep the
dummies in security happy.

At one place I used to work, most of the combinations were either "1492"
or the last four digits of the owner's office phone number.


And they still had trouble getting into their offices, first thing in
the morning. ;-)

Offices had key locks, most labs had keys and cypher locks.

We didn't have locks on office doors (except for managers). No need.

 

On Wed, 20 Aug 2014 19:33:21 -0400, "Michael A. Terrell"
<mike.terrell@earthlink.net> wrote:

Phil Hobbs wrote:

On 8/20/2014 7:10 PM, Michael A. Terrell wrote:

Phil Hobbs wrote:

On 8/20/2014 6:31 PM, krw@attt.bizz wrote:
On Wed, 20 Aug 2014 14:14:07 -0400, "Michael A. Terrell"
mike.terrell@earthlink.net> wrote:


Don Y wrote:

On 8/20/2014 9:21 AM, rickman wrote:
Most of the Kensington devices that I have seen are easily
thwarted (shims, picks, etc. -- e.g., a thin sheet of CARDBOARD,
fragment of a soda can, etc!).

I understand how ALL locks work: locks keep honest people honest.
Period.

All sorts of things are possible. A Kensington lock deters a large
percentage of would be thieves. It is a practical solution that provides
a reasonable amount of protection for a low price and a minimum
inconvenience. If you have a $1500 laptop and want to eliminate any
chance of it being stolen, you can always keep it in your safe deposit
box.

They keep folks who need a "gentle reminder" that "Thou Shalt Not Steal"
from stepping over the line. Most "protection devices" have obvious
flaws or simple exploits. E.g., many homes have sliding doors that
are installed improperly. Your neighbors won't exploit it to enter
your home while you are out -- but, a thief would be glad to do so!

Reasons/motivations for an actual "theft" vary.

When I was in school, picking locks was "just something you did".
No big deal.

A friend used to wander the basements of the school methodically
picking EVERY lock -- leaving the doors, etc. UNlocked when their
occupants arrived in the morning. To him, it was just "practice".

Apparently, one day, he decided to do more than just pick the locks,
no doubt encouraged by how *easy* it was. He was gone a few days
later.


They bragged about how secure the pushbutton locks were at a defense
plant where I worked. I laughed and told them they were useless. They
quoted the number of possible combinations. I shrugged, looked at the
lock, bunched five buttons and opened the door. They demanded to know
who gave me the combination. I smiled and told them, Your cleaning
service. I was told, in no uncertain terms that they were not given the
codes. Then I pointed out that they were not cleaning the face plates
so All I had to do was look at one of the locks to know the code. They
didn't believe me, so I walked down the hall, opening one restricted
area after another. The next day, the chrome bezels were clean and they
looked like they had been waxed. ;-)

Hell, one place I worked had the "cipher" lock combinations written on
the door jams. Writing them backwards was even enough to keep the
dummies in security happy.

At one place I used to work, most of the combinations were either "1492"
or the last four digits of the owner's office phone number.


And they still had trouble getting into their offices, first thing in
the morning. ;-)

Offices had key locks, most labs had keys and cypher locks.


How about the coffee machines? ;-)

They didn't have cipher locks on them either. ;-)

 

On Wed, 20 Aug 2014 23:51:40 +0000 (UTC), Cydrome Leader
<presence@MUNGEpanix.com> wrote:

In sci.electronics.repair Michael A. Terrell <mike.terrell@earthlink.net> wrote:

Cydrome Leader wrote:

In sci.electronics.repair Michael A. Terrell <mike.terrell@earthlink.net> wrote:

Don Y wrote:

On 8/20/2014 9:21 AM, rickman wrote:
Most of the Kensington devices that I have seen are easily
thwarted (shims, picks, etc. -- e.g., a thin sheet of CARDBOARD,
fragment of a soda can, etc!).

I understand how ALL locks work: locks keep honest people honest.
Period.

All sorts of things are possible. A Kensington lock deters a large
percentage of would be thieves. It is a practical solution that provides
a reasonable amount of protection for a low price and a minimum
inconvenience. If you have a $1500 laptop and want to eliminate any
chance of it being stolen, you can always keep it in your safe deposit
box.

They keep folks who need a "gentle reminder" that "Thou Shalt Not Steal"
from stepping over the line. Most "protection devices" have obvious
flaws or simple exploits. E.g., many homes have sliding doors that
are installed improperly. Your neighbors won't exploit it to enter
your home while you are out -- but, a thief would be glad to do so!

Reasons/motivations for an actual "theft" vary.

When I was in school, picking locks was "just something you did".
No big deal.

A friend used to wander the basements of the school methodically
picking EVERY lock -- leaving the doors, etc. UNlocked when their
occupants arrived in the morning. To him, it was just "practice".

Apparently, one day, he decided to do more than just pick the locks,
no doubt encouraged by how *easy* it was. He was gone a few days
later.


They bragged about how secure the pushbutton locks were at a defense
plant where I worked. I laughed and told them they were useless. They
quoted the number of possible combinations. I shrugged, looked at the
lock, bunched five buttons and opened the door. They demanded to know
who gave me the combination. I smiled and told them, Your cleaning
service. I was told, in no uncertain terms that they were not given the
codes. Then I pointed out that they were not cleaning the face plates
so All I had to do was look at one of the locks to know the code. They
didn't believe me, so I walked down the hall, opening one restricted
area after another. The next day, the chrome bezels were clean and they
looked like they had been waxed. ;-)

simplex type locks are pretty hillarious, expecially when the codes can be
entered in any order, or just by hitting all the right buttons in any
order.


These had to be in the right order, but that was no problem since
each time someone pushed a button, they wiped some crud off their
fingertips. You just punched them in order of the descending crud.

One facility I worked at had some "Department of Defense" certifed keypads
(whatever that means, if anything at all, I was never told a certification
level of spec they adhered to) that were fairly smart.

The keypad had LED displays inside each swith position in the form or a
telephone keypad that could only be read at sitting in a wheelchair height
at which they were mounted. The digits at each button always changed so it
was not possible to watching somebody enter a code and then repeat it as
you could not see what they were keying in. Wear on the keypads was kept
even too, and funny business with figuring out which keys were pressed
last was useless.

Those got disconnected and they went back to keycards for some reason.

Key cards allow security to maintain records of entry into an area.
All of the areas where I work (everywhere but the lobby is "secured")
has card access, both in and out. I swipe the card at least forty
times a day.

 

In sci.electronics.repair Don Y <this@is.not.me.com> wrote:

I understand how ALL locks work: locks keep honest people honest.
Period.

If you haven't already read it, I highly recommend Richard Feynman's
"Safecracker Meets Safecracker" story. I wish I had read it *before* I
started asking pointed questions about the passwords on the Unix server
at a job long ago. Scan at:
http://www.cs.virginia.edu/cs588/safecracker.pdf

In a similar vein, there is a book that discusses the main points of
just about every computer-security disclosure argument you've ever
heard. The interesting thing is that it predates electronic digital
computers by nearly 100 years. "A Rudimentary Treatise on the
Construction of Locks", edited by Charles Tomlinson, 1853. Chapter 1
has the discussion on "if a lock is easy to pick, should we talk about
it in public?" Scan at:
http://books.google.com/books/about/Rudimentary_Treatise_on_the_Construction.html?id=PsUzAQAAMAAJ

Matt Roberds

 

[Phil Hobbs]

On 8/20/2014 7:57 PM, krw@attt.bizz wrote:

On Wed, 20 Aug 2014 19:16:00 -0400, Phil Hobbs
pcdhSpamMeSenseless@electrooptical.net> wrote:

On 8/20/2014 7:10 PM, Michael A. Terrell wrote:

Phil Hobbs wrote:

On 8/20/2014 6:31 PM, krw@attt.bizz wrote:
On Wed, 20 Aug 2014 14:14:07 -0400, "Michael A. Terrell"
mike.terrell@earthlink.net> wrote:


Don Y wrote:

On 8/20/2014 9:21 AM, rickman wrote:
Most of the Kensington devices that I have seen are
easily thwarted (shims, picks, etc. -- e.g., a thin
sheet of CARDBOARD, fragment of a soda can, etc!).

I understand how ALL locks work: locks keep honest
people honest. Period.

All sorts of things are possible. A Kensington lock
deters a large percentage of would be thieves. It is a
practical solution that provides a reasonable amount of
protection for a low price and a minimum inconvenience.
If you have a $1500 laptop and want to eliminate any
chance of it being stolen, you can always keep it in
your safe deposit box.

They keep folks who need a "gentle reminder" that "Thou
Shalt Not Steal" from stepping over the line. Most
"protection devices" have obvious flaws or simple
exploits. E.g., many homes have sliding doors that are
installed improperly. Your neighbors won't exploit it to
enter your home while you are out -- but, a thief would
be glad to do so!

Reasons/motivations for an actual "theft" vary.

When I was in school, picking locks was "just something
you did". No big deal.

A friend used to wander the basements of the school
methodically picking EVERY lock -- leaving the doors,
etc. UNlocked when their occupants arrived in the
morning. To him, it was just "practice".

Apparently, one day, he decided to do more than just pick
the locks, no doubt encouraged by how *easy* it was. He
was gone a few days later.


They bragged about how secure the pushbutton locks were at
a defense plant where I worked. I laughed and told them
they were useless. They quoted the number of possible
combinations. I shrugged, looked at the lock, bunched five
buttons and opened the door. They demanded to know who
gave me the combination. I smiled and told them, Your
cleaning service. I was told, in no uncertain terms that
they were not given the codes. Then I pointed out that
they were not cleaning the face plates so All I had to do
was look at one of the locks to know the code. They didn't
believe me, so I walked down the hall, opening one
restricted area after another. The next day, the chrome
bezels were clean and they looked like they had been waxed.
;-)

Hell, one place I worked had the "cipher" lock combinations
written on the door jams. Writing them backwards was even
enough to keep the dummies in security happy.

At one place I used to work, most of the combinations were
either "1492" or the last four digits of the owner's office
phone number.


And they still had trouble getting into their offices, first
thing in the morning. ;-)

Offices had key locks, most labs had keys and cypher locks.

We didn't have locks on office doors (except for managers). No
need.

We didn't do any military work, so there was no clean-desk policy. None
of us could have functioned if there had been.

Seriously, an office lock is important to prevent the less skilled sort
of burglar from getting physical access to your computers.

Cheers

Phil Hobbs


--
Dr Philip C D Hobbs
Principal Consultant
ElectroOptical Innovations LLC
Optics, Electro-optics, Photonics, Analog Electronics

160 North State Road #203
Briarcliff Manor NY 10510

hobbs at electrooptical dot net
http://electrooptical.net

 

[Phil Hobbs]

On 8/21/2014 3:48 AM, mroberds@att.net wrote:

In sci.electronics.repair Don Y <this@is.not.me.com> wrote:
I understand how ALL locks work: locks keep honest people honest.
Period.

If you haven't already read it, I highly recommend Richard Feynman's
"Safecracker Meets Safecracker" story. I wish I had read it *before*
I started asking pointed questions about the passwords on the Unix
server at a job long ago. Scan at:
http://www.cs.virginia.edu/cs588/safecracker.pdf

In a similar vein, there is a book that discusses the main points of
just about every computer-security disclosure argument you've ever
heard. The interesting thing is that it predates electronic digital
computers by nearly 100 years. "A Rudimentary Treatise on the
Construction of Locks", edited by Charles Tomlinson, 1853. Chapter
1 has the discussion on "if a lock is easy to pick, should we talk
about it in public?" Scan at:
http://books.google.com/books/about/Rudimentary_Treatise_on_the_Construction.html?id=PsUzAQAAMAAJ

Matt Roberds

That second reference is a win. Thanks.

Cheers

Phil Hobbs

--
Dr Philip C D Hobbs
Principal Consultant
ElectroOptical Innovations LLC
Optics, Electro-optics, Photonics, Analog Electronics

160 North State Road #203
Briarcliff Manor NY 10510

hobbs at electrooptical dot net
http://electrooptical.net

 

[Cydrome Leader]

In sci.electronics.repair krw@attt.bizz wrote:

On Wed, 20 Aug 2014 23:44:21 +0000 (UTC), Cydrome Leader
presence@MUNGEpanix.com> wrote:

In sci.electronics.repair krw@attt.bizz wrote:
On Wed, 20 Aug 2014 20:10:52 +0000 (UTC), Cydrome Leader
presence@MUNGEpanix.com> wrote:

In sci.electronics.repair krw@attt.bizz wrote:
On Wed, 20 Aug 2014 15:51:26 +0000 (UTC), Cydrome Leader
presence@MUNGEpanix.com> wrote:

In sci.electronics.equipment Don Y <this@is.not.me.com> wrote:
On 8/19/2014 3:46 PM, rickman wrote:
Locks keep honest people honest. As the OP still hasn't indicated
the level of threat that is faced (and attacker's motivation),
all this is just speculation.

You don't understand how a Kensington lock is intended to work. The
point is not to keep a laptop from being taken by brute force. The
intent is to require that enough damage be done to the laptop in the
process that no one will want the unit. Grinding a gaping hole in the

---------------^^^^^^ have you ruled out the *thief*? -- who may be
very happy with a $1500 laptop that has a "gaping hole" in the back
(that he has since covered with duct tape, Bondo, etc.)

side greatly reduces any resale value of a laptop which is already not
much to begin with. Used laptops aren't worth much and one with obvious
case damage is nearly worthless.

Cut the cable by which the "lock-mate" tethers the laptop to
whatever>. Remove the remaining piece in the privacy/safety
of your own home. (this assume you have never hacked the locking
device in question -- and have never used a search engine to see
how easy it is!)

Most of the Kensington devices that I have seen are easily
thwarted (shims, picks, etc. -- e.g., a thin sheet of CARDBOARD,
fragment of a soda can, etc!).

I understand how ALL locks work: locks keep honest people honest.
Period.

Going out on a limb here- I doubt the local lockpicking club is the group
breaking into and robbing homes in the OP's area. You don't need a clever
locks on stuff.

Doped up, shitty, smash and grab then sell for 3% of actual value idiots
are probably at work.

If you make the job hard enough, people either move on or just get angry
and toss stuff around.

The neighbor across the back porch got broken into while I was home once.
They had a modern, thin, poorly installed door that broke down like old
crappy car. Hell, the thing looked like a bathroom door, but with glossy
paint. They never even tried my door, even though it's in a more hidden
area. My only guess is a 1000 year old solid wood door with 800 locks
would have been more work. I also keep enough junk by the door so you
can't even get the space for a good kick, not that that would break it
down anyways, which how most doors around here are compromised anyways.

You have no windows? If there is a window available, no steel door or
vault lock is going to do a damned thing. They're just for the honest
and insurance companies.

The doors have no windows. If you want climb in a window, you better have
a good extension ladder. Again, you can get in, it's just more on a pain
in the ass than breaking into the other units which don't require all the
effort.

Again, locks or doors don't do anything to stop anyone who wants to
get in. It sounds like you're on the second floor, which is likely
why they went elsewhere. The quality of the door, and particularly
the lock, are irrelevant.

the methods they use to break down doors, old and new differs and the one
for old doors is actually pretty clever. None of which even involve
touching the lock, unless you've got a $12 Kwikset lock and nothing more.

Who cares? There are easier ways to get into 99.9% of homes than
busting down a door or picking a lock.

Either way, when you're a harder target, people look elsewhere.

Agreed but a solid front door and lock aren't included. Lights are
likely the best insurance (after buying insurance ...and a gun). A
sign stolen from an alarm company might help, too. ;-)

Take for instance robbing a bank. You walk in, hand over a note, get a
token amount of money, nobody puts up a fight and you walk out. It's
apparently not hard at all once you cross that moral line. Surprise,
there's lots of serial bankrobbers, and it would seem most never get
caught as banks only believe in slow-scan quarter VGA-res security
cameras.

If you think it's that easy, you're nuts. Sure, it's easy, once. It's
easy twice, but pretty soon you're on the TMWL. The FBI doesn't treat
bank robbery kindly, even though the average take is less than $4K.

It doesn't matter what the FBI likes or doesn't like. If you rob a bank,
you walk away with some small amount of money, each and every time. Nobody
resists. Tellers don't jump the counter with baseball bats like at a
liquir store and fight back.

You might get caught, eventually, and it seems many serial robbers never
get caught.

 

[Cydrome Leader]

In sci.electronics.repair Michael A. Terrell <mike.terrell@earthlink.net> wrote:

Cydrome Leader wrote:

In sci.electronics.repair Michael A. Terrell <mike.terrell@earthlink.net> wrote:

Cydrome Leader wrote:

In sci.electronics.repair Michael A. Terrell <mike.terrell@earthlink.net> wrote:

Don Y wrote:

On 8/20/2014 9:21 AM, rickman wrote:
Most of the Kensington devices that I have seen are easily
thwarted (shims, picks, etc. -- e.g., a thin sheet of CARDBOARD,
fragment of a soda can, etc!).

I understand how ALL locks work: locks keep honest people honest.
Period.

All sorts of things are possible. A Kensington lock deters a large
percentage of would be thieves. It is a practical solution that provides
a reasonable amount of protection for a low price and a minimum
inconvenience. If you have a $1500 laptop and want to eliminate any
chance of it being stolen, you can always keep it in your safe deposit
box.

They keep folks who need a "gentle reminder" that "Thou Shalt Not Steal"
from stepping over the line. Most "protection devices" have obvious
flaws or simple exploits. E.g., many homes have sliding doors that
are installed improperly. Your neighbors won't exploit it to enter
your home while you are out -- but, a thief would be glad to do so!

Reasons/motivations for an actual "theft" vary.

When I was in school, picking locks was "just something you did".
No big deal.

A friend used to wander the basements of the school methodically
picking EVERY lock -- leaving the doors, etc. UNlocked when their
occupants arrived in the morning. To him, it was just "practice".

Apparently, one day, he decided to do more than just pick the locks,
no doubt encouraged by how *easy* it was. He was gone a few days
later.


They bragged about how secure the pushbutton locks were at a defense
plant where I worked. I laughed and told them they were useless. They
quoted the number of possible combinations. I shrugged, looked at the
lock, bunched five buttons and opened the door. They demanded to know
who gave me the combination. I smiled and told them, Your cleaning
service. I was told, in no uncertain terms that they were not given the
codes. Then I pointed out that they were not cleaning the face plates
so All I had to do was look at one of the locks to know the code. They
didn't believe me, so I walked down the hall, opening one restricted
area after another. The next day, the chrome bezels were clean and they
looked like they had been waxed. ;-)

simplex type locks are pretty hillarious, expecially when the codes can be
entered in any order, or just by hitting all the right buttons in any
order.


These had to be in the right order, but that was no problem since
each time someone pushed a button, they wiped some crud off their
fingertips. You just punched them in order of the descending crud.

One facility I worked at had some "Department of Defense" certifed keypads
(whatever that means, if anything at all, I was never told a certification
level of spec they adhered to) that were fairly smart.

The keypad had LED displays inside each swith position in the form or a
telephone keypad that could only be read at sitting in a wheelchair height
at which they were mounted. The digits at each button always changed so it
was not possible to watching somebody enter a code and then repeat it as
you could not see what they were keying in. Wear on the keypads was kept
even too, and funny business with figuring out which keys were pressed
last was useless.

Those got disconnected and they went back to keycards for some reason.


What years? Mine was mid '70s, and the DCAS inspector was one of the
group "I showed that flaw, that day.

The cool keypads were in place until maybe 2010? They looked old as heck
but were not all that old when they were installed less than 10 years
before.

 

[Cydrome Leader]

In sci.electronics.repair krw@attt.bizz wrote:

On Wed, 20 Aug 2014 23:51:40 +0000 (UTC), Cydrome Leader
presence@MUNGEpanix.com> wrote:

In sci.electronics.repair Michael A. Terrell <mike.terrell@earthlink.net> wrote:

Cydrome Leader wrote:

In sci.electronics.repair Michael A. Terrell <mike.terrell@earthlink.net> wrote:

Don Y wrote:

On 8/20/2014 9:21 AM, rickman wrote:
Most of the Kensington devices that I have seen are easily
thwarted (shims, picks, etc. -- e.g., a thin sheet of CARDBOARD,
fragment of a soda can, etc!).

I understand how ALL locks work: locks keep honest people honest.
Period.

All sorts of things are possible. A Kensington lock deters a large
percentage of would be thieves. It is a practical solution that provides
a reasonable amount of protection for a low price and a minimum
inconvenience. If you have a $1500 laptop and want to eliminate any
chance of it being stolen, you can always keep it in your safe deposit
box.

They keep folks who need a "gentle reminder" that "Thou Shalt Not Steal"
from stepping over the line. Most "protection devices" have obvious
flaws or simple exploits. E.g., many homes have sliding doors that
are installed improperly. Your neighbors won't exploit it to enter
your home while you are out -- but, a thief would be glad to do so!

Reasons/motivations for an actual "theft" vary.

When I was in school, picking locks was "just something you did".
No big deal.

A friend used to wander the basements of the school methodically
picking EVERY lock -- leaving the doors, etc. UNlocked when their
occupants arrived in the morning. To him, it was just "practice".

Apparently, one day, he decided to do more than just pick the locks,
no doubt encouraged by how *easy* it was. He was gone a few days
later.


They bragged about how secure the pushbutton locks were at a defense
plant where I worked. I laughed and told them they were useless. They
quoted the number of possible combinations. I shrugged, looked at the
lock, bunched five buttons and opened the door. They demanded to know
who gave me the combination. I smiled and told them, Your cleaning
service. I was told, in no uncertain terms that they were not given the
codes. Then I pointed out that they were not cleaning the face plates
so All I had to do was look at one of the locks to know the code. They
didn't believe me, so I walked down the hall, opening one restricted
area after another. The next day, the chrome bezels were clean and they
looked like they had been waxed. ;-)

simplex type locks are pretty hillarious, expecially when the codes can be
entered in any order, or just by hitting all the right buttons in any
order.


These had to be in the right order, but that was no problem since
each time someone pushed a button, they wiped some crud off their
fingertips. You just punched them in order of the descending crud.

One facility I worked at had some "Department of Defense" certifed keypads
(whatever that means, if anything at all, I was never told a certification
level of spec they adhered to) that were fairly smart.

The keypad had LED displays inside each swith position in the form or a
telephone keypad that could only be read at sitting in a wheelchair height
at which they were mounted. The digits at each button always changed so it
was not possible to watching somebody enter a code and then repeat it as
you could not see what they were keying in. Wear on the keypads was kept
even too, and funny business with figuring out which keys were pressed
last was useless.

Those got disconnected and they went back to keycards for some reason.

Key cards allow security to maintain records of entry into an area.
All of the areas where I work (everywhere but the lobby is "secured")
has card access, both in and out. I swipe the card at least forty
times a day.

They are good for auditing, but are only one part of security in general.
We have doors get just don't close or get propped open, but have no alarms
so nobody investigates. Nothing special here but an office, so who cares.

I did once get a call from corp. security at a telecom site as somehow I
tripped an alarm. I had to wave at a camera and rescan my badge and only
the were they able to clear the alarm. I'm still not sure how they got my
cell phone #.

 

[Don Y]

Hi Matt,

On 8/21/2014 12:48 AM, mroberds@att.net wrote:

In sci.electronics.repair Don Y<this@is.not.me.com> wrote:
I understand how ALL locks work: locks keep honest people honest.
Period.

If you haven't already read it, I highly recommend Richard Feynman's
"Safecracker Meets Safecracker" story. I wish I had read it *before* I
started asking pointed questions about the passwords on the Unix server
at a job long ago. Scan at:
http://www.cs.virginia.edu/cs588/safecracker.pdf

Amusing but, unfortunately, more truth than fiction. People rarely
engage in Blue Team/Red Team sorts of analysis *BEFORE* deploying a
"solution" -- to ANY problem (security or otherwise). They always
seem more focused on getting *a* solution than worrying about whether
or not it is the *right* solution.

I've got a twisted (?) mind -- immediately looking for flaws in every
solution even before the solution is completely fleshed out (i.e.,
using those flaws to guide further development of that solution).
Makes me really good at finding bugs in software, etc. But, tedious
to design for ("Yes, but..."). <shrug>

In a similar vein, there is a book that discusses the main points of
just about every computer-security disclosure argument you've ever
heard. The interesting thing is that it predates electronic digital
computers by nearly 100 years. "A Rudimentary Treatise on the
Construction of Locks", edited by Charles Tomlinson, 1853. Chapter 1
has the discussion on "if a lock is easy to pick, should we talk about
it in public?" Scan at:
http://books.google.com/books/about/Rudimentary_Treatise_on_the_Construction.html?id=PsUzAQAAMAAJ

(sigh) I've not been able to come up with a consistent, rational
approach to this issue. I've worked on products that were security
related (including actual door locks), safety related, performance
related, etc. Each cases where "flaws" can have significant "moral"
and financial costs (what if I misreport a test result leading to a
misdiagnosis of someone's health condition? steer the vessel *into*
another? allow a user to "steal" monies? etc.)

"Security (reliability, safety, etc.) by Obscurity" is an ostrich's
approach to these problems -- "Hope no one ever finds out and/or
exploits them".

I wonder how different (certain) technology would be had the ease
of "self (anonymous) publication" that is so available today had,
instead, been available 30 or 40 years ago. (conversely, what
impact this "disclosure-ability" will have on technology 30-40
years hence!).

E.g., many of the exploits covered in TAP in the 70's would never
have survived with the sort of INSTANTANEOUS and WIDESPREAD disclosure
common today! All of those holes would have had to have been patched
promptly. It's one thing to protect against (i.e., "eat your losses
from") hundreds of hackers exchanging photocopied/mimeographed sheets
via USPS -- another thing entirely when exploits are posted as YouTube
videos, forum messages, etc.

So, I have a patchwork of rationalizations governing what "flaws" and
"exploits" I will discuss openly (and a different set of criteria for
"trusted communiques"). It's always nice to see some *other* "public"
source of (informed... not hypothesized!) disclosure so I can ease
my conscience as to the legal/moral constraints placed on my own
disclosures.

OTOH, you need some sort of "pressure" on people and organizations to
force these things to be fixed instead of avoiding or defering those
costs indefinitely ("Well, credit card losses are only $XB/year so
it's not worth fixing the problem -- YET!"). E.g., I still see
websites/domains that are vulnerable to HeartBleed... how long before
someone gets off their *ss and fixes those? (as "simple" as installing
an update that someone else has already tested!)

To how many more people do you sell vehicles with faulty ignition
switches before taking on the INEVITABLE cost of introducing a fix?