For Christ's sake he makes the article seem fresh and new and then reaches back almost 5 years for evidence that it has been going on before this. How about reaching back about 30 years? This is the same tired old argument crackers made in the '80's and 90's.

"If someone doesn't show industry the flaws some REAL bad guys will take advantage of them. Oh, don't mind me crashing your system in my attempt to demonstrate that security hole." Every 2 bit hacker in the world used that stale line to justify their sorry excuse for a hobby - and all it gave us was a pantload of viruses, worms, stolen industry secrets, and the need for McAfee AV on every corporate computer in the galaxy. All in the name of testing the system security for weak spots.

I'm with the locksmiths on this one - I don't need some 2 bit punk downloading an instruction sheet then disabling my front door locks when I'm away - just so he can "show me how insecure my setup was".

Don't worry. If someone breaks into your house, he won't bother picking the lock. He will just force open the door with a car jack, or cut the lock away.

(Oops, maybe I'm giving away too much...)

Ummm, could you not use the word cracker? It's racially inflammatory.

Thank you.

No, I'm just kidding, I'm not even white. :)

The bad guys who bother to pick locks already know these tricks. Most just attack the door or windows. The old saying goes "Locks keep honest people out".

The White Hat cracker analogy really is a good one. Before there were sites like 8lgm vulnerabilities never got fixed. With disclosure and proof of concept exploits the vendors cleaned up their acts, began working with the white hats and issued patches quickly.

Ok, you almost got it right. There is a glaring flaw is your assumptions and understanding of the locksport community, however. We do NOT pick locks that we do not own or have permission to open. This is an ethical standard that is repeated time and time again. Are there misguided criminals out there who pick your door lock to teach you a lesson...probably not. If they exist, they certainly do not in the hobby lockpicking world.

I've been involved with hobby picking for about 3 years now. Recently my attention has been focused on breaking Medeco. The "open letter" and welcome to the industry therein was the response from the company to my Medeco picking tool and technique. I didn't have to break into anyone's home as you suggest in order to create change in the industry. In fact, many of us spend rediculous amounts of money on locks (esp high security).

Anywho, to compare us to "crackers" is missing the mark entirely. The reality is that we are a group of folks that enjoys sitting down in our living room or local bar and picking locks. You simply cannot attach an ill intent to that legitimately. Now the subject of disclosure and publishing exploits is a different matter. It's also a subject that is discussed at length and frequently in the community (as it is in the compsec world) to determine the right thing to do.

SO maybe you should just publish a statement on the internet saying you were able to pick a particular lock, but not how you did it.Then send the manufacturer a detailed analysis so they can fix the problem.

Its funny that you mention that. We call that "responsible disclosure". When I developed a tool to open Medeco, that is almost exactly what we did. The tool had been in the private realm of discussion for a few months prior, but nothing public. Myself and my publisher ( http://ndemag.com ) approached Medeco who sent their director of research out to my place. After some discussion and demonstration, they asked that we wait 2 months for them to fix the locks.

They have now fixed the vulnerability in all new locks coming off the line (so they say) and gave me their blessing when I spoke about it at the HOPE conference in new york last weekend. Here is a link to that talk if you folks are interested (im the ugly bald guy):

<link>