filmov
tv
DEF CON 21 - Marc Weber Tobias and Tobias Bluzmanis - Insecurity A Failure of Imagination
Показать описание
Insecurity - A Failure of Imagination
MARC WEBER TOBIAS INVESTIGATIVE ATTORNEY AND SECURITY SPECIALIST, SECURITY.ORG
TOBIAS BLUZMANIS SECURITY SPECIALIST, SECURITY.ORG
Homeowners, apartment complexes, and businesses throughout the United States and Canada have purchased locks from one of the leading manufacturers in the country in the belief that they were secure. Advertising represents they are the highest grade of residential security available as a result of security ratings from different Standards organizations. While the design of this lock effectively resists certain forms of covert and forced entry that are common with other mechanical cylinders, there are also what we perceive as serious design flaws that will allow these locks to be opened, bypassed, or decoded in seconds. Because this is one of the most popular locks in America, the consumer needs to understand the inherent security vulnerabilities in order to assess their risk.
In this presentation we analyze the design of this lock and earlier similar designs implemented by other manufacturers. The focus is on a failure of the design engineers to understand different methods of bypass and to protect against them, and why standards and what they purport to define may be misleading and misrepresent the real security of a product.Consumers rely upon the representations of manufacturers and the security ratings of locks by Underwriters Laboratory and the Builders Hardware Manufacturers Association to assure them of the quality and resistance to attack of the locks they buy. We present evidence that millions of homeowners and businesses that have implemented these locks can be vulnerable to simple methods of entry of which they may not be aware.This is a classic example of insecurity engineering in a very clever and unique mechanical lock. Unfortunately, the very unique mechanism also provides the basis for several incredibly simple attacks that can be performed with a minimum of time, tools and training.
Marc Weber Tobias is an investigative attorney and security specialist living in Sioux Falls, South Dakota. He is the principal attorney for Investigative Law Offices, P.C. and as part of his practice represents and consults with lock manufacturers, government agencies and corporations in the U.S. and overseas regarding the design and bypass of locks and security systems. Marc and his associates also conduct technical fraud investigations and deal with related legal issues.
Marc has authored five police textbooks, including "Locks, Safes, and Security", which is recognized as a primary reference for law enforcement and security professionals worldwide. The second edition, a 1400 page two- volume work, is utilized by criminal investigators, crime labs, locksmiths and those responsible for physical security. A ten-volume multimedia edition of his book (LSS+) is also available online.
Marc has written extensively about the security vulnerabilities of products and has appeared in numerous television and radio interviews and news reports as well as magazine articles during the past thirty years. He is a member of several professional organizations including the American Bar Association (ABA, American Society for Industrial Security (ASIS), Associated Locksmiths of America (ALOA), Association of Firearms and Tool mark Examiners (AFTE), American Polygraph Association (APA) and the American Police Polygraph Association (APPA).
Tobias Bluzmanis was born in Caracas, Venezuela. Tobias came to the United States in 1995 and was granted citizenship in 2000. He has been a professional locksmith for the past 20 years. Tobias is an expert in Covert Methods of Entry and has developed many unique forms of bypass, custom tools, including a decoder for Medeco locks, which was the impetus for the book "Open in Thirty Seconds".
Materials:
MARC WEBER TOBIAS INVESTIGATIVE ATTORNEY AND SECURITY SPECIALIST, SECURITY.ORG
TOBIAS BLUZMANIS SECURITY SPECIALIST, SECURITY.ORG
Homeowners, apartment complexes, and businesses throughout the United States and Canada have purchased locks from one of the leading manufacturers in the country in the belief that they were secure. Advertising represents they are the highest grade of residential security available as a result of security ratings from different Standards organizations. While the design of this lock effectively resists certain forms of covert and forced entry that are common with other mechanical cylinders, there are also what we perceive as serious design flaws that will allow these locks to be opened, bypassed, or decoded in seconds. Because this is one of the most popular locks in America, the consumer needs to understand the inherent security vulnerabilities in order to assess their risk.
In this presentation we analyze the design of this lock and earlier similar designs implemented by other manufacturers. The focus is on a failure of the design engineers to understand different methods of bypass and to protect against them, and why standards and what they purport to define may be misleading and misrepresent the real security of a product.Consumers rely upon the representations of manufacturers and the security ratings of locks by Underwriters Laboratory and the Builders Hardware Manufacturers Association to assure them of the quality and resistance to attack of the locks they buy. We present evidence that millions of homeowners and businesses that have implemented these locks can be vulnerable to simple methods of entry of which they may not be aware.This is a classic example of insecurity engineering in a very clever and unique mechanical lock. Unfortunately, the very unique mechanism also provides the basis for several incredibly simple attacks that can be performed with a minimum of time, tools and training.
Marc Weber Tobias is an investigative attorney and security specialist living in Sioux Falls, South Dakota. He is the principal attorney for Investigative Law Offices, P.C. and as part of his practice represents and consults with lock manufacturers, government agencies and corporations in the U.S. and overseas regarding the design and bypass of locks and security systems. Marc and his associates also conduct technical fraud investigations and deal with related legal issues.
Marc has authored five police textbooks, including "Locks, Safes, and Security", which is recognized as a primary reference for law enforcement and security professionals worldwide. The second edition, a 1400 page two- volume work, is utilized by criminal investigators, crime labs, locksmiths and those responsible for physical security. A ten-volume multimedia edition of his book (LSS+) is also available online.
Marc has written extensively about the security vulnerabilities of products and has appeared in numerous television and radio interviews and news reports as well as magazine articles during the past thirty years. He is a member of several professional organizations including the American Bar Association (ABA, American Society for Industrial Security (ASIS), Associated Locksmiths of America (ALOA), Association of Firearms and Tool mark Examiners (AFTE), American Polygraph Association (APA) and the American Police Polygraph Association (APPA).
Tobias Bluzmanis was born in Caracas, Venezuela. Tobias came to the United States in 1995 and was granted citizenship in 2000. He has been a professional locksmith for the past 20 years. Tobias is an expert in Covert Methods of Entry and has developed many unique forms of bypass, custom tools, including a decoder for Medeco locks, which was the impetus for the book "Open in Thirty Seconds".
Materials:
0:46:10
DEF CON 21 - Marc Weber Tobias and Tobias Bluzmanis - Insecurity A Failure of Imagination
0:34:46
DEF CON 21 - Mark Weatherford - The Growing Irrelevance of US Govt Cybersecurity Intelligence Info
0:46:10
DEF CON 21 Hacking Conference Presentation By Marc Weber Tobias and Tobias Bluzmanis Insecurity
0:46:10
Defcon 21 - Insecurity - A Failure of Imagination
0:46:17
DEF CON 21 - Richard Thieme - The Government and UFOs A Historical Analysis
0:46:27
DEF CON 22 - Mark Stanislav & Zach Lanier - The Internet of Fails - Where IoT Has Gone Wrong
1:41:24
Defcon 21 - Making Of The DEF CON Documentary
1:05:40
DEF CON 21 - Panel - Do It Yourself Cellular IDS
1:07:54
Live Lectio Sermon Prep, Year B, Proper 21, Mark 9:38-50
0:34:46
DEF CON 21 Hacking Conference Presentation By Mark Weatherford The Growing Irrelevance of US Gover
0:37:33
DEF CON 21 - Tony Mui and Wai Leng Lee - Kill em All — DDoS Protection Total Annihilation
1:47:55
DEF CON 21 - Panel - Ask the EFF The Year in Digital Civil Liberties
0:48:51
Defcon 21 - Conducting Massive Attacks with Open Source Distributed Computing
0:50:25
DEF CON 21 - Panel - Hardware Hacking with Microcontrollers
0:34:46
Defcon 21 - The Growing Irrelevance of US Government Cybersecurity Intelligence Information
0:48:55
DEF CON 21 - Runa A Sandvik - Safety of the Tor network
0:47:32
DEF CON 21 - Panel - Google TV
0:39:54
DEF CON 21 - Sean Malone - HiveMind Distributed File Storage Using JavaScript Botnets
0:26:53
DEF CON 21 - Michael Schrenk - How my Botnet Purchased Millions of Dollars in Cars
0:23:35
DEF CON 21 - Soen - Evolving Exploits Through Genetic Algorithms
0:52:09
Defcon 21 - Unexpected Stories - From a Hacker Who Made It Inside the Government
0:37:02
DEF CON 21 - Robert Stucke - DNS May Be Hazardous to Your Health
0:37:02
Defcon 21 - DNS May Be Hazardous to Your Health
0:47:19
DEF CON 23 - Omer Coskun - Why Nation-State malwares target Telco Networks
Комментарии