----MESSAGE-BEGIN---- <1987100101053800> From: DPickett@his-phoenix-multics.arpa 2-Oct-1987 08:45:38 To: Security@RUTGERS.EDU Subj: [792] SSN profit motives Anyone who has information on you indexed by SSN can sell it, reducing your privacy and possibly reducing their opinion of you so that you are harmed. The very fact that they have the data indexed by SSN means that anything they care to file on you can "travel" very far and fast, and sometimes it is not factual. Mistakes happen, and the first party can clean their files, but they have no power over the persons they copied it to.... Even if the organization collecting the information is not sharing it, the indexing by SSN makes it salable by a thief or future owner. Security, yours and mine, comes from giving out information on a need to know basis. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987100107384100> From: tencati@VLSI.JPL.NASA.GOV 2-Oct-1987 15:18:41 To: awalker@red.rutgers.edu Subj: [2976] re: Master keys Well, before I got into the computer biz, I used to work in a hardware store. One of my jobs was re-keying people's locks. The principle of a key is that when it is inserted into a lock, the ridges on the key raise these little pins inside the lock cylinder. If the right key is inserted, the tops of all the pins are flush with the stationary part of the lock which also has a set of pins of various lengths. The best way to describe it is to picture a 2 sets of pins. When you insert your key, the bottom pins rest on top of your key and are pushed up into the top of the lock, against a second set of pins. The lower pins are all different sizes which is why your key has different heights. If all the bottom pins are flush with the top of the lock cylinder, then you inserted the right key, otherwise, some pins will either stick up past the point where the cylinder turns and protrude into the upper cavity preventing the lock from turning, or the pin will not stick up high enough in which case the upper pin which is spring loaded will protrude down into the lower cavity again preventing the lock from turning. A "MASTER KEY" is any old key. The difference is in the upper pins of the lock. Instead of having only one pin in each upper chamber, the upper chamber is fitted with a series of pins with different heights. So there are segments instead of only one pin. If the correct key is inserted in the lock, the bottom pins are all flush and the cylinder turns. If the master key is inserted, some of the bottom pins may be flush. The ones that aren't correspond to a spot where the bottom pin is not pushed up far enough so that the top pin is pushed into the lower cylinder. However because the upper cavity was fitted with different sized segments (called "master pins"), one of the segments is flush with the top of the cylinder and the lock still opens. In order for this to work, the master key must be known, and each lock must be fitted with pins which allow the primary key to work, and then the master pins are put in. Because the top pins have to have a sum-total of a certain length, the segments can be put in any combination allowing more than one key to act as a master. This is why locks can be picked with a hairpin (it's tricky, but it *does* work). All you have to do is lift the pins to the right height and turn. The problem is overcoming the springs which act to force all pins down into the cylinder. Also, if you try a key in a lock, and any of the ridges cause the pins to be raised up such that the lower set of pins pushes up into the upper cavity and the upper pins can't move any higher, the key will not be able to fit any further into the lock, which is why sometimes your key won't fit in someone else's lock. Hope this answered your question. Ron Tencati Jet Propulsion Laboratory ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987100110173100> From: *Hobbit* 2-Oct-1987 17:57:31 To: security@RED.RUTGERS.EDU Subj: [2449] master keys Ah, finally someone *else* talks about locks... Master key systems can be done correctly or done stupidly. Normally [i.e. correctly] the cut heights for the master are mixed as to whether they're above or below the cut heights for the non-master key[s], and placed a sufficient distance away so that there's no possibility of placing pins at the master position by wiggling the slave key or inserting it to funny places. Often mastered systems use very thin splits [the little wafer inserts between the pin and the driver that allow the lock to open at different cut heights] which can jam or fall out of the cylinder. If the maid's key cuts were all lower than the cuts on your office key, then the system was done stupidly, and you could generate a master by cutting your key down to the master level. [You can determine the master level by taking your office lock apart and loading in just the master pins/splits as a template.] I suspect that there are quite a few systems out there that are done this way. Suspect this if all the slave keys look like they don't have too many low cuts in them. Sometimes odd-shaped drivers called mushroom drivers are used in heavily mastered systems, in an attempt to make them harder to pick. These will allow the plug to cock over a little bit during picking but with the given pin in the wrong position, so that additional fiddling has to be done to get it to the right position. Some older Russwins use ball bearings in place of rounded pin ends to reduce wear in heavily-used locks. [If you take your lock apart, of course, keep very close track of where everything went, or it obviously won't work anymore...] To disable the master position and only allow your office key to work the lock, you'd normally have to obtain different pins of the right heights. You might get lucky, however, and find two pins whose mastering parts could be swapped, changing the master height there but leaving the slave height. Then the maids couldn't get in but you could. I suspect that there are quite a few of us that majored in locksmithing in high school, and were dearly loved by the deans. If only I had had the presence of mind back then to explain to them how locks are perceived as little puzzles to take apart and solve, not as something standing in the way of theft. _H* ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987100111503600> From: Mike Linnig 2-Oct-1987 19:30:36 To: security@RED.RUTGERS.EDU Subj: [675] RE: garage frobs talking about the security of garage door openers... My house builder installed my garage opener. He probably also installed the same model in all of my neighbors houses. The garage door is digitally keyed.. there are 256 codes. I once thought of all the fun I could have if I got a one hundred watt linear amp and attached my tiny garage door transmitter to it. Of course I'd have to rig something to cycle through all 256 different codes but that wouldn't take long (grin!) An entire neighborhood with ONE remote control! Mike ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987100202335700> From: simsong@broadway.columbia.edu (Simson L. Garfinkel) 3-Oct-1987 10:13:57 To: security@RUTGERS.EDU Subj: [1040] Master keys Along the lines of keys and master keys, the system isn't always as good as people make it out to be. When I was in high school, I happened to be a computer consultant at the college across the street, and they gave me a key to open the computer room in the morning. One day, I discovered that the key blank from the college computer room fit into the lock of the highschool computer room (which also had a tendency to be locked in the morning.) Not only did it fit, but it also turned in the lock! After comparing my key with the key of one of the teachers, we figured out what happeend: the college computer room key fit about half of the pins for the high school computer room's "slave" key, half the pins for the "master" key. A real fluke, but it effectively gave me a generic computer room key, for which I was greatful. ................................................................simson ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987100308460000> From: bzs@bu-cs.bu.edu (Barry Shein) 4-Oct-1987 16:26:00 To: mlinar%poisson.usc.edu@oberon.usc.edu Subj: [1449] Telephone tapping via the isolation box >That is hardly worthwhile. What you have done MAY stop a true amateur, but >wire tapping can be cleanly done anywhere along your phone line. Waitaminute, do we have a case of security-macho here? Maybe he's only trying to protect against the "true amateur"? Remember, the only person that's going to bug his phone is a person with a motivation to do so. More often than not that will be someone w/in the organization who isn't going to expend the resources to hire a pro, but if a pair of alligator clips will do the job, what the hell, right? Years ago I had an office which had a wire-closet for a good portion of the building behind the door. I got curious and began playing with a pair of alligator clips and found a phone line which appeared to be unused. This was useful because my phone line could not dial off-campus while the discovered one could (not long-distance, that took an access code, but even up the corner for a pizza.) [standard disclaimer: this of course was on another planet where such things are encouraged.] If someone had simply put a locked box over it I'm sure I would have never bothered to investigate (unless it was such a dumb lock...but that's a different story.) Let's not make the best the enemy of the good. -Barry Shein, Boston University ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987100400550400> From: Phil Benchoff 5-Oct-1987 08:35:04 To: SECURITY@RED.RUTGERS.EDU Subj: [1781] Electronic door locks and anti-shoplifting devices. We have a very neat security system on our computer room here. Authorized people carry cards which are held in front of 'readers' at the doors to gain access. Each card has a number which the security system hands to a computer which determines if the person is currently authorized. The cards are credit card sized with no visible magnetic strip. The center layer of the card looks like a glass-epoxy printed circuit board. You can usually get in the door just by holding your wallet close to the reader. The manufacturer is Schlage Electronics. Does anyone know how this system works? The readers determine a 4-digit(?) number, so it can't be that simple. How expensive is such a system? It is very convenient to have one card that can be used on several doors, saves the cost of re-keying locks if one is lost, and provides an audit trail of who has been where. How about anti-shoplifting systems that work on similar principles? Stores that use them either remove something from a product when it is bought, or pass things over a demagnetizer(?) when they are paid for. I have disassembled several things that I have purchased to look for whatever they put there, but haven't found anything. I suspect that only a random sample or items actually have protection from being carried out. A final note: The two systems must be very similar, because I am told that the computer room card will trip some of the anti-shoplifting alarms. Oh, the joys of being a DP professional. :-) ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987100404323900> From: "Robert (Al) Hartshorn" 5-Oct-1987 12:12:39 To: security@RUTGERS.EDU Subj: [1362] Re: Telephone tapping via the isolation box Just a sort note. I retired from the US Army (MI). I inspected sites for security problems (TEMPEST). Just to let you know, there is so meany ways to monitor your PC. We could monitor your phone line at the house, at the pole, at a transmitting site, or even monitor your power lines. There are more ways to do it then one would normaly think about, and alot of the things that one would need can be gotten localy. If you have information that you don't want anyone else to see, filter your power line, put a ground screen on all four walls, floor and ceiling. Ground your PC to a ground point that you can only get to from inside the room, and now place your PC in a sheilded box, with you only access toward the largest mass of your house. This will do for a start. This may sound like a joke, but this is just some of what you would have to do. To me, it sound like to much work and I just don't have anything that I want to prevent anyone from getting so bad. But to secure your phone connection box is not a bad idea for other reasons. You can never tell when someone may connect to it and make a call. Have fun, and don't let this go to your head. Al ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987100406475800> From: Jeffrey R Kell 5-Oct-1987 14:27:58 To: SECURITY@RED.RUTGERS.EDU Subj: [444] Re: Master keys Not to mention the MASTER-master-key of most large-scale lock systems; if you watch them 'change' locks, a special little 'key' is inserted, turned, and THE WHOLE CYLINDER comes out of the door. 'BEST' (company) locksets work this way (a common supplier of large-scale locksets). /Jeff/ ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987100503093300> From: John Owens 6-Oct-1987 10:49:33 To: Security Mailing List Subj: [615] Re: Secure phones The most likely reason that the NSA couldn't decipher the multiply- encrypted operating system is that they were looking for text. How would they recognize the "cleartext" when they had it, if what was sent was machine code? I wonder if they believed it when the sender gave them the keys, since it still didn't come out to anything sensible. (Of course, this assumes that it was machine code that was sent, and not source. Glenn?) ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987100510463300> From: jcmorris@mitre-bedford.ARPA (Joseph C. Morris) 6-Oct-1987 18:26:33 To: misc-security@mitre-bedford.arpa Subj: [1029] Re: master keys Several years ago there was a report that MIT had been hit with numerous breakins (some versions say the intent was pranks, not burglary) which had been accomplished with keys which opened various locked offices. According to the reports (more accurately: rumors) going around the Institute the keys were manufactured by students who had removed the door locks from the bathrooms in the main MIT building (that's buildings 1 through 10) and had disassembled them to find the common pin breaks. All they had to do then was to file a key which aligned the common breaks with the cylinder radius; since the locks represented doors from all parts of the building (despite the range of numbers it's one structure) they had a master for almost every door. Except for buildings in which the bathrooms are routinely locked, who would notice that the doors were missing the lock cylinder? ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987100513542700> From: wayner@svax.cs.cornell.edu (Peter Wayner) 6-Oct-1987 21:34:27 To: misc-security@beaver.cs.washington.edu Subj: [604] DES is required by LAW for international communications??? Glenn (Everhart%Arisia.decnet@ge-crd.arpa) writes that all international communications must be sent encrypted by DES by LAW. ---- Is this true? Can anyone confirm, deny, or provide the necessary legal information? I thought you needed an export license to send the DES algorithm across the seas. How can the other side decode message? -Peter Wayner (wayner@crnlcs.bitnet or wayner@svax.cs.cornell.edu) ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987100608034200> From: murray@andromeda.rutgers.edu (Murray Karstadt) 7-Oct-1987 15:43:42 To: security@red.rutgers.edu Subj: [949] his may be somewhat off the mark for this group but... What we would like to do at our PC lab is leave software and manuls out for easy access by students. These disks are the usual mix of commercial stuff that most PC labs have. The question is: How can we have a relatively open environment and not have the disks ripped off. B. Daltons's and other large book/software sellers use electronic security systems that are supposed not to fry disks. It would be nice to have one of these systems installed at the lab. But most like they cost too much. Does anyone have any experience with on of these systems in a PC lab? Is there a cheaper way of securing disks while maintaning an open access system? Is this another example of my typical brain damage and not at all practical? waiting and hoping for some answers murray ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987100610133600> From: half@mitre.arpa 7-Oct-1987 17:53:36 To: security@red.rutgers.edu Subj: [1956] phone security It's always amazing to hear the stories floating around about comsec. Now another DES crack story withthe usual cast of characters: a grade student with a PC finds the famed trapdoor, --hidden years ago by a combination code designer past chess grandmaster. The proof is shown to civil servants from Ft. Meade who'se first instinct is to banish the student to a little known military reservation outside Atlanta, Ga. Of course, the officials knows nothing about this and have no comment on the specifics. But the student told his friend, word is out! OK, why not? But I figure this is the tenth such story in the last two years. As I understand it (from what I read in the press, specifically Cryptologia) DES can be attacked brute force; however, it's expensive. Now there is a cost per message were as formerly, the traffic was free to harvest. More traffic, more cost and the result is that you have to divert money from other more important projects to keep brute forcing all those DES messages. So management makes you limit your DES haul in favor of more productive projects. Remember, DES is usually low grade traffic. Your need a lot of it to makes sense of important things, --which is now expensive. Again going back to the press we see David Kahn writting in the Fall 1979 issue of Foreign Affairs " Cryptography goes Public" about intercepting telephone voice traffic. You can read what he says for yourself but basically, the STU-III telephone (described in the New York Times about six months ago) is to help keep government information private, not to help the telephone companies become "secure". I am looking foward to the next DES break story. In fact I may write my own: perhaps a former world war II cryptographer notices an uncanny pattern in s-box number two whose mirror image he sees in the key bits.... ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987100705383600> From: mason@OBERON.LCS.MIT.EDU (Nark Mason) 8-Oct-1987 13:18:36 To: AWalker@red.rutgers.edu, jm7@pyr.gatech.edu Subj: [942] Re: Simson Garfinkel's article, part 3 of 3 I recently wrote an RSA encryption algorithm to be used for encrypting banking system audit logs. The software hasn't been delivered yet but we are using 200 digit bignum arithmetic, which when Rivest, Shamir and Adelman wrote their paper in '77 they estimated 3.8 * 10E9 years to factor it. The great thing about RSA encryption is the more secure you want it to be the longer the number you use (and the slower it runs), whereas something like DES always takes the same amount of time to break. The reason banks use numbers small enough to be factored in a couple of (cpu) weeks is that the data is obsolete (and therefore useless) within a week. We have stuck to 200 digit arithmetic because it impresses people more and we don't actually have to use it yet. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987100706294100> From: Larry Hunter 8-Oct-1987 14:09:41 To: Subj: [2745] RE: Re: Secure phones GE: 1. DES was originally certified, but was designed with a short enough key that NSA could break it by brute force. (It IS a federal law that no cipher may be used for international traffic that NSA can't break, so the permeability of DES follows from reading the relevant US Code sections.) LH: Although the brute force math is easy enough to demonstrate, this legal stuff is news to me! What are the relevant US Code sections? As far as I can tell it isn't in the Foreign Intelligence Surveillance Act, and there is no mention of this in Bamford's the Puzzle Palace. Where can I find either the statute or a detailed reference? GE:I never did hear where in the US code the law I referred to exists; just got the info some years ago from some folks who did work on some spook jobs who were in a position to know. I'm suspicious. According to the Congressional Office of Technology Assement series on Federal Governement Information Technology (3 vols: Electronic Surveillance and Civil Liberties (1985), Management, Security and Oversight (1986) and Electronic Record Systems and Individual Privacy (1986)), the relevant policy documents are the Brooks Act (1965), the Privacy Act (1974), OMB circular A-71 transmittal memo 1, Presidental directive NSC-24, the Paperwork Reduction Act, the Federal Managers Financial Integrity Act, National Security Decision Directive 145 (the biggy: "national Policy on Telecommunications and Automated Information Systems," which sets NSA as the focal point for both military and civilian information security) and OMB circular A-130 -- None of which support your claim that there is statue (or even policy) prohibiting use of a cipher that NSA can't break. The Foreign Intelligence Surveillance Act, which made NSA into a legislated government body doesn't mention it, either. Even the idea is suspect: wouldn't that mean that there was a list somewhere of ciphers that NSA couldn't break?! Doesn't sound like the kind of list I'd want to see passed around. That doesn't mean I don't believe that NSA tries to ensure that it can crack every message, say by getting the key size of DES cut in half. I had an extended correspondence with one of the designers of DES where I convinced him that NSA cut the key size so that it would be vulnerable (you can have a copy of those messages if you are curious). I just don't believe there is any statute that says such a thing, and you should be careful about making any claim that there is. Larry ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987100706413700> From: jmturn%ringwld.UUCP@CCA.CCA.COM 8-Oct-1987 14:21:37 To: security@RED.RUTGERS.EDU Subj: [1435] Re: master keys Back when I worked for LMI, I had occasion to assist one of our resident amatuer locksmiths in rekeying a lock. The basic goal was to create a secure door for the video room, which would open to my key, and no one else's. LMI used the standard system where your office key was also the front door key. This is a varient on the concept of a master key. Rather than one key opens many locks, this is one lock with many keys. Obviously, you can't use the split-pin idea to make that work, you'd need an almost infinite number of sections in a large building. Instead, the lock only has some subset of the total number of pins (3 pins in a 5 pin system, for example). This makes for an interesting trade off. By definition, all the keys must share a certain number of common pins. Therefore, there is a trade-off. The more pins they share in common (and thus, the more pins on the outside lock), the more secure the outside door is. On the other hand, the less unique pins between keys, the easier it is to gimmick someone elses lock given you have a key. It was VERY easy to gimmick LMI locks... Save Your Vertical Blanking Intervals for Big Cash Prizes! James Turner (The Ringworld Engineer) ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987100710032700> From: jm7@pyr.gatech.edu (John McLeod) 8-Oct-1987 17:43:27 To: AWalker@red.rutgers.edu, jm7@oberon.lcs.mit.edu, mason@oberon.lcs.mit.edu Subj: [401] Re: Simson Garfinkel's article, part 3 of 3 ~50 digits is fine until someone bothers to break the code the first time. The first time that the key is broken, then the person who has the key has access to all messages as they are sent. jm7 ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987100712130100> From: ATSWAF%UOFT01.BITNET@WISCVM.WISC.EDU 8-Oct-1987 19:53:01 To: SECURITY @ RED.RUTGERS.EDU Subj: [649] BITNET mail follows Subject: Homing Devices Does anyone know where to conveniently purchase some kind of device to place in a car to track where that car is going? Does Radio Shack have anything like that? How much would everything involved with it cost? And what is a reasonable distance it would work at? Thanks Wendy Fraker University of Toledo ATSWAF%UOFT01.BITNET@WISCVM.WISC.EDU ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987100804370200> From: quintus!gregg@Sun.COM (W. Gregg Stefancik) 9-Oct-1987 12:17:02 To: security@red.rutgers.edu Subj: [1162] Master Keys.. Being a recent graduate of the Foley Belsaw Institute's course in locksmithing, I would like to describe the technique for master keying and the way one can make a master key. Most master key systems have 2 or more shear lines. One shear line is for the change key (the key which will open that door only). The second shear line is for the master key. If there are any other additional shear lines they would be for the grand master key, grand grand master key, etc. In a good master key system a change key will not have any of the same depth cuts as the master and the master will not have any of the same depth cuts as the grand master, etc. So there is no sure way of making a master key from any number of change keys. The only way I know of to make a master key is to remove a lock from service and either pick or open the lock with a key then dump the pins and determine how many keys will open the lock. Make all of these keys(proably no more than two or three keys) and see which one opens other locks. Gregg ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987100914064200> From: paul@uxc.cso.uiuc.edu (Paul Pomes - The Wonder Llama) 10-Oct-1987 21:46:42 To: security@RUTGERS.EDU Subj: [731] telephone tapping My object is not to be secure against professionals or those with excess cash for nifty devices. The "threat" to my privacy are the students in my Explorer post and the local high school students who shop at Radio Shaft. For the money ($3 and a half-hour) I've secured a too easy tap point. Beyond that it's not worth the trouble. The telco people in C-U usually lock the junction boxes. (Have you ever gone up a pole? It's quite stimulating to the adrenals when done illicitly. 'Tis far better to have a lower profile then stimulate that sort of interest in your calls.) -pbp ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987100914482200> From: webber@brandx.rutgers.edu (Webber) 10-Oct-1987 22:28:22 To: misc-security@RUTGERS.EDU Subj: [1862] Checking for trojan horses (Re:Simson Garfinkel's article, part 3...) > If you keep another copy of the program to run a diff against it should be > hidden so that both the program and the copy aren't changed. Best would be > to bring a copy in off some removable media to do the comparison. The medium > should only be mounted when the person to do the comparison is there in > person. Even then the program for reading the file in or the diff program > could have been tampered with. Actually, best would be to have the ``copy'' on an isolated system. You then detach the ``original'' from the public system and have the isolated system inspect it (but of course, not execute any files that are on it). Just as programs like ``crypt'' can be subverted, so can ``diff,'' ``ls,'' and even ``cat.'' Or things can be done directly in the operating system, e.g., setting it up such that ~cracker/bin is implicitly at the front of everyone's path -- then /bin/crypt will always look just fine (although no one is ever actually running it). Similarly, login shouldn't be handled by a system that can be remotely programmed. Properly done, password modems should be considerably more secure than letting login verification be handled by the ``exposed'' system. Of course, much of the hyper-concern about computer security is misplaced. Traditional security people say you should set up security so that it costs more to break it than it is worthwhile to break. On a computer system, we should probably say that you should set up enough security so that ``system bugs'' cause more problem than ``malicious users.'' Using this approach, many systems are exceptionally secure. ---- BOB (webber@aramis.rutgers.edu ; rutgers!aramis.rutgers.edu!webber) ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987101107364000> From: obrien@aerospace.aero.org 12-Oct-1987 15:16:40 To: security@RUTGERS.EDU Subj: [2458] Re: Master/sub-master keying systems OK, here's the poop on master/grandmaster systems, from one who was at one time a bonded locksmith. Master/grandmaster systems should not be used unless absolutely necessary. It's like the difference between a system that has a root password and one that doesn't. However, since these are physical systems, the mere existence of the "root password" actually weakens the rest of the security system. Yes, those folks who note the existence of several "splits" in a single pin are correct. That's how the trick is worked. However, note that lock pins are not very large. There is a limit to how close splits can be made, as these mean very thin disks of metal between the splits. These disks wind up riding around the cylinder wall every time either key is used; sometimes on the inside and sometimes on the outside, depending on which break is used. It can sometimes happen that a disk which is too thin will turn sideways in the chamber. Result: lock-out. In addition, the more splits there are in a lock, the easier it is to pick, for reasons I won't bother with here. Now to the question of keys. Remember that a key is just a long metal blade. The deeper the key is cut, the thinner the blade. The thinner the blade, the more likely it is to break off in a recalcitrant lock. Result: lock-out. The answer is then that most keys should be of the thick variety, since the sheer number of key-uses is far larger than the total number of grand-master uses, even if the grand-master is in constant use. So, individual keys get the higher cuts. Of course, you could argue, you could arrange the grandmaster such that some cuts are very high and some are very low. Indeed this is sometimes done, but there are two reasons against it: 1) A low cut in the middle results in a weakened key: it has a "thin spot" and can break. 2) In general, for all keys, there is (or should be!) a limit on the maximum "jump" in height from one cut to the next. Remember, as the key goes in and out of the lock, the pins have to ride up and down. Too great a difference between one cut and the next results in a very steep "roller-coaster" ride for the pins. Unless they are very well-lubricated, this can result in a stuck key. Result: lock-out. Hope this settles the hash of this question! Mike O'Brien ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987101113264700> From: simsong@broadway.columbia.edu (Simson L. Garfinkel) 12-Oct-1987 21:06:47 To: security@red.rutgers.edu, elbows@oberon.lcs.mit.edu, sipb@athena.mit.edu Subj: [805] Request One more request, if anybody can help... I'm doing some research on computer databases used for blacklisting purposes. I've heard of three of them, but haven't been able to get any pointers so far. The three that I've heard of are: 1. A database of oil workers who have filed workmen's compensation claims. 2. A database of people who have sued for medical malpractice. 3. A database of people who have filed complaints against their landlords. If you have any hard references for any of these databases or others, please let me know: simsong@broadway.columbia.edu -or simsong@eddie.mit.edu Thanks. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987101115585700> From: Brian A. LaMacchia 12-Oct-1987 23:38:57 To: simsong@broadway.columbia.edu Subj: [615] Request 2. A database of people who have sued for medical malpractice. I remember hearing that this one goes BOTH ways, i.e. there are two lists: one list is for doctors and lists people who have sued doctors for malpractice, and the other list is for patients and lists doctors which have been sued and what the results of those suits were. So while doctors are trying to avoid patients who sue a lot, patients are looking for doctors who get sued a lot (and lose). --Brian ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987101205263700> From: Clive Dawson 13-Oct-1987 13:06:37 To: security@RED.RUTGERS.EDU Subj: [1342] Unscrambling satellite signals I don't own any sort of satellite reception equipment, so don't really keep up with the latest developments. Prior to this weekend, I had the impression that the signal scrambling being used by most (all?) of the major signal providers was DES-based and basically fool-proof. I believe there was some discussion of this subject on this list several months ago, but don't recall whether the following was covered. A friend of a friend bought a Video-Cypher II box some time ago with the intention of paying a fee to the various providers of signals he was interested in. This weekend I learned that this person obtained a chip for the Video Cypher II box which will unscramble ALL signals at ALL times. The only instructions that were given when this chip was installed were: "Make sure that your box is turned on for at least 8 hours on the first working day of each month." (Presumably to get all the encryption key updates...) So it looks like somebody has actually "cracked" the system. Is this general public knowledge by now? Note that when I say "the system" I do NOT mean DES itself. It sounds to me like this chip most likely exploits a flaw in the key distribution procedure. Clive ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987101205310000> From: warren@xanth.cs.odu.edu (Frank F. Warren Jr.) 13-Oct-1987 13:11:00 To: misc-security@mcnc.org Subj: [1223] Re: Master/sub-master keying systems John is correct in his observations concerning deep-cut master key systems. Having earned a living as a locksmith for the past six years I can give a technician's view of master keying. Various sources have held forth for the use of both deep and shallow masters. My mentor in the trade taught me to use as few master pins as possible and shallow master cuts. This relates to the principal of making the system as small as possible while allowing for some expansion. Each master keyed cylinder has 2^N (N= number of master pins) potential keys. The system has 4^N potential operating keys. Given these values the reason for keeping to a small N is obvious. In practice I have found no need to use deep masters and anyone who does so is likely to be following his early training at the hands of a deep master proponent. -- Frank Warren, Jr. Old Dominion University - Norfolk, Virginia warren@xanth.cs.odu.edu Old Arpa: warren%odu.edu@RELAY.CS.NET warren@xanth.UUCP old uucp: {decuac,harvard,hoptoad,mcnc}!xanth!warren Packet: KB4CYC@WD4MIZ ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987101405530000> From: NESCC%NERVM.BITNET@wiscvm.wisc.edu (Scott C Crumpton) 15-Oct-1987 13:33:00 To: SECURITY@RED.RUTGERS.EDU Subj: [1846] re: Master keys There is a very simple reason why master keys tend to have less metal on them than the non-master keys. It's easier to make them that way. Let's take a simple example: A lock that will have one standard key and one master. To key it you start with an empty cylinder (no pins in it yet), the regular key, and the master (with less metal than the regular key). Place the regular key in the cylinder and try different length bottom pin segments in each position until each position contains one bottom segment that is exactly the right length to be flush with the edge of the cylinder. Remove the regular key and insert the master. All of the pin segments will now be too short. Add middle (mastering) segments, 1 each, in each position until their tops are again flush. Now insert the cylinder into the lock using the proper tools. The top pins in the lock are all the same length, no changes in these pins are made. Done. Notice that this is basically a trial and error process. If the master key has less metal than the regular key(s) it can be done in a single pass. If however, the master has more metal in one or more positions, several passes will be required. In a major job with many locks and several levels of mastering, the problem of a sparse master should never occur (unless the locksmith is either lazy or incompetent). Such jobs require significant planing and all of the necessary pin segment lengths can be determined in advance. Keying the locks is then a simple matter of dropping in the right pin segments in the right order. It is not even necessary to have the keys cut yet. Please note that I am not a locksmith, only an interested observer. ---Scott. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987101908184900> From: trwrb!ries@ucbvax.berkeley.edu (Marc Ries) 20-Oct-1987 15:58:49 To: Subj: [1606] Re: garage frobs >I once thought of all the fun I could have if I got a one hundred watt >linear amp and attached my tiny garage door transmitter to it. > >An entire neighborhood with ONE remote control! I installed a new, higher horsepower garage door opener about a year ago (after the old Genie died). Several times, several months back, I noticed that the garage door was up but shrugged it off as having forgotten to close it at night. A couple of weeks later the garage door was up again, only this time, several things had been stolen out of the garage. I changed the codes, but several times at night we caught the door just *opening* by itself with appearently no one around. Finally, I installed a "shunt" circuit to the opener, so that the door can be manually switched to not open. In retrospect, the door has *never* come up by itself during the day. The old door never came up by itself, period. They do use different controllers. However, most (if not all) of the "openings" have been before or after military hellicoptor passes. I remember reading about how alot of door openers get "openitis" when the Presidential Air Force One plane is in town, appearently having to do to with signal jamming. PS: The idea of "cycling thru the codes" is appearently also becoming a problem with the newer "remote" auto alarms. -- Marc A. Ries sdcrdcf!---\ ihnp4!------\----- trwrb! --- ries ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987101908272500> From: oster%dewey.soe.Berkeley.EDU@berkeley.edu (David Phillip Oster) 20-Oct-1987 16:07:25 To: misc-security@ucbvax.berkeley.edu Subj: [492] NSA joke A friend of mine just returned from a math convention. He tells me that the story circulating there is: The NSA is now funding research not only in cryptography, but in all areas of advanced mathematics. If you'd like a circular describing these new research opportunities, just pick up your phone, call your mother, and ask for one. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987101912375600> From: steinmetz!barnett@vdsvax. (Bruce G Barnett) 20-Oct-1987 20:17:56 To: misc-security@uunet.uu.net Subj: [799] Re: (none) Murray Karstadt writes: |Does anyone have any experience with on of these systems in a PC lab? |Is there a cheaper way of securing disks while maintaning an open access |system? I don't have a cheap solution, but one alternative is to use a product that provides NFS service to the PC's (yes you need an ethernet card). You would only need one copy of the programs on a hard disk, and the floppies wouldn't be necessary. (Assuming the programs themselves can run on a hard disk without floppies) One such product is available from Sun (PC-NFS). There may be others. -- Bruce G. Barnett uunet!steinmetz!barnett ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987101917163700> From: warren hik 21-Oct-1987 00:56:37 To: security@RED.RUTGERS.EDU Subj: [667] pc lab > The question is: How can we have a relatively open environment and not > have the disks and manuals ripped off. Put the manuals in a LOCKED manual rack, or have them chained to a table. Have one pc in your lab designated as a file server. Students must bring their own floppies and copy any needed software off off the (read-only) hard disk of the file server onto THEIR OWN DISKS. The file server would not be used except for this purpose to ensure that it was available. Who needs electronic surveillance... -Wren ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987101919322200> From: James Deibele 21-Oct-1987 03:12:22 To: tektronix!misc-security%reed.uucp@relay.cs.net Subj: [1720] B. Dalton Security Devices >The question is: How can we have a relatively open environment and not >have the disks ripped off. >It would be nice to have one of these systems installed at the lab. Those devices are manufactured by the Knogo corporation and are extremely expensive. They are not terribly effective, and you need to have someone keeping a close eye on things---an easy way to beat the system is to put the tagged item underneath or above the sensor panels. The tags are easy to find if you're looking for them, and not very difficult to remove. I spent a year managing a B. Dalton Software Etc. store, and we always had shoplifting problems. I'd recommend having people check out software by handing over their student ID or whatever instead. We were told that the Knogo system was there solely to scare amateurs: seeing the sensor device, which probably worked, the amateur would not rip off the store. This cuts down shortage (which also includes employee theft, I think) from 30% (unprotected) to 3% (!). Paying a work-study student will probably cost a lot less than installing the alarm system, and you won't have false alarms, etc. Even properly tagged, activated software won't always set off the alarm, so I'd say you're looking at catching someone 7 out of 10 times (if you're lucky)... -- James S. Deibele jamesd@qiclab or jamesd@percival TECHBooks: The Computer Book Specialists (800) TECH-BKS 3646 SE Division Portland, OR 97202 (503) 238-1005 TECHBooks One BBS (#1:105/4.0); 3/12/24 (503) 760-1473 ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987102003114900> From: kludge@pyr.gatech.edu (Scott Dorsey) 21-Oct-1987 10:51:49 To: misc-security@gatech.edu Subj: [1083] Re: telephone tapping Kaptain Kludge's Cheap and Easy Telephone Tap: --------+----| |------------) (----------------- phone | .1 MFD ) ( to mike input of cheap line | or so ) ( cassette recorder ---+----|----| |------------) (----------------- | | | ) 600-1000 ohm transformer, | ( or old transistor radio output +----) transformer to ----+---- 48V relay tape ---+---^ (110Vac relay works too... not well, though) control Total cost: assuming broken transistor radio is lying around, and a tape recorder can be 'borrowed' from somewhere: $5.00 or so for an RS relay. -- Scott Dorsey Kaptain_Kludge SnailMail: ICS Programming Lab, Georgia Tech, Box 36681, Atlanta, Georgia 30332 Internet: kludge@pyr.gatech.edu uucp: ...!{decvax,hplabs,ihnp4,linus,rutgers,seismo}!gatech!gitpyr!kludge ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987102018481000> From: campbell@maynard.BSW.COM (Larry Campbell) 22-Oct-1987 02:28:10 To: misc-security@seismo.css.gov Subj: [1347] Re: car homing devices <>Does anyone know where to conveniently purchase some kind of device <>to place in a car to track where that car is going? There's a local company that makes a gizmo called a LoJack. It's a gizmo you conceal in your car. If the car is stolen, you call the police, who transmit an encoded activation signal. The LoJack receives this signal and activates a radio beacon, and police homing radios can then locate the car in a few hours. Apparently it works quite well and has a range of several or even several dozen miles. It is currently available, but I think it's not cheap (wild guess: $500). I don't know, and rather doubt, whether you can buy one for your own use. You have to register it with the State Police when you install it, presumably so they have a record of the activation code or something. (For paranoids only: this is really so they can track you whenever they want.) And you probably need some sort of license for the transmitter on either end. -- Larry Campbell The Boston Software Works, Inc. Internet: campbell@maynard.bsw.com 120 Fulton Street, Boston MA 02109 uucp: {husc6,mirror,think}!maynard!campbell +1 617 367 6846 ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987102102541300> From: ISA@ISEC-OA.ARPA 22-Oct-1987 10:34:13 To: SECURITY@RED.RUTGERS.EDU Subj: [1170] Securing Floppy's FOR MURRAY KARSTADT Read your request for info regarding securing floppy's and have this to pass on. While attending a seminar in Colorado Springs on computer security a firm na med Media Security Inc demonstrated their products. Two of their products will fit your needs and are not very expensive. The first is called "SECUR-DISKETTES" which contain a paper-thin passive-resonant ciruit. These circuits can be retro-fitted on the outside of your existing media (diskette labels). The second product is the Door Detection Unit (DDU) which detects the passive-resonant circuit. The DDU is similar to a metal detector with a 36 inch walk-through pathway. You can contact them in Colorado Springs at 303-531-9411. Hope this will help you out. We are considering purchasing these items to implement Army wide. Good Luck Jim Vavrina Computer Security Specialist Assistant Chief of Staff for Intelligence and Security US Army Information System Engineering Command Ft. Belvoir, VA DDN: ISA@ISEC-OA.ARPA Phone: 703-664-3339 ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987102200005200> From: gatech!codas!ki4pv!tanner@RUTGERS.EDU 23-Oct-1987 07:40:52 To: security@red.rutgers.edu Subj: [1262] Re: Electronic door locks and anti-shoplifting devices The contents of that magical little card (or of the anti-shoplifting device, which is (as suspected) applied to a sample of the merchandise): One of more (for a 4-digit system, 4) layers of metal foil, cut in such a way as to resonate at a certain frequency. Contents of the door-watching box: an rf source, set to sweep across the range of frequencies for which the foil layers are set. Further contents: an rf dip detector, which notices at which frequencies the RF power takes a sudden dive (being sucked up by foil layers). The freqs are numbered, of course, and you can assign a number to any set of M out of N selected. Note that order is not important; thus (eg) {1,4,8,17} will look the same as {1,8,17,4} to the device. Simpler systems may just (like our school library) have one piece of foil glued to the inside of the book. If that freq dips suddenly, you sound the alarm. Print something such as the institution's name on the foil sticker so that people don't realise that it is not just a name-plate, of course. Tanner Andrews, Systems CompuData, Inc. DeLand ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987102306572400> From: imagen!hedley@decwrl.dec.com (Hedley Rainnie) 24-Oct-1987 14:37:24 To: security@RUTGERS.EDU Subj: [1338] NSA underwater tap The discussion earlier of what safeguards can be made to protect ones privacy remind me about a description in the new book on the CIA from 1977-1985 (???) I forget the book title, (its in hardback), It describes an operation which Pollard subsequently had leaked to the Soviets, involving the NSA and the Navy. The goal was to place a passive listening device AROUND the underwater cable. This device records the line transitions by command for a one-shot eavesdrop on sensitive military data, The Soviets were so convinced about the security of the cable they did not encrypt the data, as opposed to Soviet land-based comm. which has excellent coding. Once the recorder had done its stuff a submarine would launch a midget earth walker/diver to collect the tape and insert a new one. The device was made so that if the Soviets decided to examine the cable, the device would fall away staying on the bottom, leaving the cable 'untouched'. I think the book called the operation 'Blue Bells' (?), anyway they realised when the device was missing that the job had been compromised. I think a discussion about such interesting security penetrations would be of interest to many. Cheers, Hedley ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987102506264200> From: Jose Rodriguez 26-Oct-1987 14:06:42 To: security@red.rutgers.edu Subj: [430] re: master keys Talking about master keys and such, has anyone seen a type of key that has no teeth and it is just a straight piece of metal? I think they had "safety" stamped on them but I am not sure. When I was a little kid I had a couple but never found out what they were for. Jose jrodrig@edn-vax.arpa ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987102507404100> From: 26-Oct-1987 15:20:41 To: security@red.rutgers.edu Subj: [949] Homing device, Shoplifting detector To Wendy Fraker, who wants to track cars: I have never seen such a device advertised. Unless it were a complicated (=expensive) inertial guidance system gizmo, it would basically be something which gave off a signal which you located by triangulation. Maybe a Walkman (TM, or (R), or something) connected to a cheap walkie-talkie would work. But I think you'd need 2 distant locations which could both pick up the transmissions & communicate to each other. To Phil Benchoff, who asks about magnetic shoplifting security devices: Our library uses a magnetizable glue on its books (maybe some iron oxide is in it). They just put a drop in the binding of a new book. So if the stores are using glue, naturally you wouldn't find anything when you disassembled your purchases. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987102507415000> From: 26-Oct-1987 15:21:50 To: security@red.rutgers.edu Subj: [442] Software Security Murray: My favored way to keep students from ripping off original disks is to use only unprotected software. Only a jerk would steal the original when he could make a copy in a minute. Plus, you can keep backups in case someone does, or just give students the backup and keep the original locked away. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987102507424700> From: GREENY 26-Oct-1987 15:22:47 To: Subj: [1159] re: Re: Master Keys > Not to mention the MASTER-master-key of most... This is generally known as a Control Key. Only the Locksmiths or Police or other *trustworthy* people are supposed to have these keys. At the school I attend we have such a beastie (or BESTie) for a key system and one of 4 keys will take care of opening any lock on campus. These are 1) Your individual key 2) The Department Master Key 3) The Police Master Key (opens any key with that particular core) 4) The Control Key (which just pulls out the core so it can be changed or so that the latch can be turned with a screw driver....) In general, professional key systems are made so that you can't jiggle your key and get it to open another lock, by 'hitting' the master pins....Usually this is accomplished by using high tension springs or mushroom drivers if they have to have a large # of keys open the lock. bye for now but not for long Greeny Bitnet: miss026@ecncdc Internet: miss026%ecncdc.bitnet@wiscvm.wisc.edu ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987102510381600> From: Andy Mondore 26-Oct-1987 18:18:16 To: security@red.rutgers.edu, murray@andromeda.rutgers.edu Subj: [609] Murray Karstadt's item in Security Digest Here at RPI, we use a fairly low-tech solution for disk/manual security in the public labs. During the hours that the lab is open, a site monitor is always present. If a user needs a disk or manual, the user gives his or her ID card to the monitor who then signs the disk or manual out to them. When users return the item, they get back their ID card. As far as I know, the system is fairly successful. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987102515131000> From: nuchat!steve@uunet.uu.net (Steve Nuchia) 26-Oct-1987 22:53:10 To: security Subj: [2878] Re: Simson Garfinkel's article, part 3 of 3 > Often a program can be patched so as to remain the same size by using > partially full pages or replacing seldom used routines. On many systems the > modification date can also be changed back to the origional date (this is > nice when copying files). In general these schemes could be based on taking a checksum, CRC, or similar data-reducing agregate function of the data. If you keep several mathematically independent functions of each file you can check the system state with comparitively little overhead and acceptable certainty. The idea is that it is hard to find a patch which simultaneously preserves each check function. > If you keep another copy of the program to run a diff against it should be > hidden so that both the program and the copy aren't changed. Best would be > to bring a copy in off some removable media to do the comparison. Using the reduction allows one to base the scheme on a paper listing or equally secure object. Of course one has to trust the check program, and recursively the tools used to load the program, etc. If you postulate that the system has been corrupted it is very difficult to see how to get to a trustworthy checker. Assuming unix, for instance. You could mount a removable pack containing the trusted program, and we can assume that the virus hasn't invaded the mount system call. Now what? The shell is corrupted, so you can't be too sure it will really execute your checker. The kernel may be infected and translates calls to open on the kernel to open calls on a copy of the old kernel. Isn't security fun? In general security, or trustworthyness, is a property of the system which must derive by strict induction from a trusted base condition. Once the chain of induction is broken by an event which _might_ allow a virus into the securtity base you cannot trust the system again. You _can_ freeze the system and audit it from the outside. On my system I would build an audit program on a bootable floppy and keep it in a safe place. I'm not that paranoid - I believe that I'm not a sufficiently desirable target to expect really sophisticated viral attacks. But if I were I'd do a floppy boot and run a security audit before I made backups each day. The possibility of this is assured by my faith that the hardware physically cannot alter the bootstrap ROM. Of course I have not proved the boostrap code, but its operation is sufficiently removed from the area of interrest that I'm pretty sure it cannot be subverted. -- Steve Nuchia | [...] but the machine would probably be allowed no mercy. uunet!nuchat!steve | In other words then, if a machine is expected to be (713) 334 6720 | infallible, it cannot be intelligent. - Alan Turing, 1947 ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987102516534000> From: ut-sally!ivan@uunet.uu.net (Ivan M. Milman) 27-Oct-1987 00:33:40 To: misc-security@uunet.uu.net Subj: [612] Re: Request >I'm doing some research on computer databases used for blacklisting >purposes. An excellent source for such information is "The Rise of the Computer State" by David Burnham. He mentions a company called U.D. Registry which maintained a list of tenants who had been involved in litigation with their landlords. Ivan -- Ivan Milman: ivan@sally.utexas.edu or {ihnp4,ctvax,seismo}!ut-sally!ivan "Basic research is what I do when I don't know what I'm doing." - Werner Braun ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987102519024900> From: EVERHART%ARISIA.decnet@ge-crd.arpa 27-Oct-1987 02:42:49 To: AWALKER@RED.RUTGERS.EDU Subj: [1089] DES is NOT legally required I'm afraid Peter Wayner misunderstood what I had reported. I was told, by some folks I was inclined to believe, that international communications must be decipherable by NSA. This may be law, regulation with the force of law, or simply misinformation that I was passed. I'm not a lawyer and have neither time nor inclination to dig through the roomsfull of US federal law and regulations to search for any such thing. However I was told this by a few different sources several years back in the context of DES ciphers etc... As I understand it, various agencies, some with 3 letter acronyms, claim the right/power/etc. to require that you furnish the keys to your unbreakable ciphers or that you use breakable ones, DES being breakable when your computer resources include a few Crays, as some agencies' do. I did NOT report that DES is required for international communications. In fact, I'm not sure that it's even a very good idea to use it... glenn ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987102701162900> From: Jeffrey R Kell 28-Oct-1987 08:56:29 To: SECURITY@RED.RUTGERS.EDU Subj: [1514] Re: Master/sub-master keying systems One more lock note: one of my first real paying jobs was as a bellman (read: Flunkie) at a local franchise hotel. They had just over 250 rooms, plus assorted locked service areas (housekeeping, maintenance, storage, etc). Although not a real bona fide locksmith, one of my tasks was to cut keys once a week, as plenty of people don't leave their keys when they check out. All the real keys are kept in a locked cabinet behind the front desk (including masters) and all keys given to guests are just copies. There were three key blanks: two for guest rooms (divided in half by floors, there were two systems) and one for maintenance areas. The maintenance areas were not on a master system at all (somewhat obviously). The rooms had (1) the "maid" key which was a straightforward master cut from the regular room blank, and (2) the "security" master which was identical to the "maid" key except that it had one additional pin; in order to duplicate the "security" master (which you weren't supposed to do, but you get tired of signing keys in/out to do room checks) you had to cut the room master back one additional tumbler location and extend the horizontal grooves back through the extra space. The "security" master would open the deadbolt! I've always felt safer with a chain or doorstop than a deadbolt ever since. /Jeff/ ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987102702544100> From: "Curtis C. Galloway" 28-Oct-1987 10:34:41 To: Security@RED.RUTGERS.EDU Subj: [1277] Re: Unscrambling satellite signals >A friend of a friend bought a Video-Cypher II box some time ago with the >intention of paying a fee to the various providers of signals he was >interested in. This weekend I learned that this person obtained a chip for >the Video Cypher II box which will unscramble ALL signals at ALL times. As I recall from a magazine article in Radio-Electronics, this particular pirate chip actually contained a valid serial number from some unsuspecting person. The chip was then hacked up to turn on all the satellite services. The net result was that the scrambler company could disable all the "universal" chips by simply deactivating the original serial number. The pirates could keep switching serial numbers, but at the time of the article a few months ago, all the supposed "universal" chips used this technique, and it was not possible to scan the satellite broadcasts for valid encryption keys. --Curt Galloway ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cg13+@andrew.cmu.edu UUCP: ...!{seismo, ucbvax, harvard!andrew.cmu.edu!cg13+ Drop In Any Mailbox, Return Postage Guaranteed ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987102709233300> From: *Hobbit* 28-Oct-1987 17:03:33 To: security@RED.RUTGERS.EDU Subj: [1462] mastered systems Creating master keys is *not* a trial-and-error process. A correctly configured system never sees brass until it's all planned out as a huge chart of cut numbers, or actual thousandth-inch measurements. All the cuts conform to the basic common-sense rules of keying, like cuts must be a certain minimum distance apart so you don't get the tiny-split-fell-out screw, and the user keys don't have low cuts near the bow, and the master cuts aren't necessarily all above or below the user cuts, etc. There are even programs for micros out now to help locksmiths plan mastered systems that know these rules and the maximum cut heights of different brands of locks. They also aid the locksmith keep track of what key opens whose door when repairs are needed, and print out the final chart of the whole thing. Similarly, if you're going to try and determine the master combo for a given system, you do need to take at least one example apart. A pair of .001 inch calipers is very helpful, because then one doesn't need the lock itself to cut the key. All you need is pin heights, spacing, and the outer diameter of the plug minus a small slop factor. [The MIT students someone mentioned apparently didn't think of this.] It gets even hairier when you have control keys for Best and friends. Sometimes even *those* are mastered. _H* ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987102905161000> From: gwyn@brl-smoke.arpa (Doug Gwyn ) 30-Oct-1987 12:56:10 To: misc-security@uunet.uu.net Subj: [2424] Re: master keys jcmorris@MITRE-BEDFORD.ARPA (Joseph C. Morris) writes: >the keys were manufactured by students who had removed the door locks from >the bathrooms in the main MIT building I don't know of any techie university where this doesn't occur. When I was at Rice, it was usually stairwell doors. To make matters worse, there was a "GreatGrandMaster" key that would open most doors on the whole campus. With Best locks (or ones of the same general style), disassembly of a single cylinder (usually involving milling off the top) is tantamount to obtaining the master key. This is due to the fact that generally a single "control key" is used to remove all cylinder cores. Having removed the core, a simple tool (or even a large screwdriver) can be inserted to operate the cylinder. Alternatively, the lock breaker could surreptitiously remove one core at a time (presumably leaving in its place a core of his own, possibly keyed to open on all alternate-numbered splits in each column in case someone tries to enter while the substitute is in place); removed cores can be taken home and disassembled at leisure. Of course, the true master key bitting eventually emerges as the common bitting that would open all examined locks. There are several steps that institutions can take to minimize the risk from such activity. An obvious one is to avoid excessive master-keying, especially the use of a single GGM. Another is to not master-key doors that are usually left unlocked. Periodic rekeying (including control keys) is also advisable. The other big techie pastime at Rice was exploring the "steam tunnel" system; these tunnels connected the major buildings to carry water pipes, conduits, etc. Generally once a single entry was found, one could wander anywhere. University administrations should consider why smart students have to resort to such misdemeanors for intellectual stimulation. One would think that the normal activities should provide that. P.S. I don't recommend this kind of activity, even if you feel the need for some excitement. If you get caught, you'll get more excitement than you bargained for. Try making nitrogen triiodide, or trinitrotoilet tissue, or something else like that for excitement. Too bad you won't get any official credits for it either. Be careful! ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987103009161000> From: simsong@broadway.columbia.edu (Simson L. Garfinkel) 31-Oct-1987 16:56:10 To: hunter-larry@yale.arpa, security@red.rutgers.edu Subj: [1802] DES and international communication I just bought John M. Carroll's Computer Security, second edition, which is really a terrible book that I cannot recommend, because it is not adequately footnoted (ie: it doesn't have any references), is full of anecdotal information that is just plain wrong, and has lots of inaccuracies. But it does have some kernels of truth. one of them, about DES, is instructive: Anyway, there is a paragraph in the section on DES which is interesting: "In all fairness to NSA, it should be noted that according to the 1932 Treat of Madrid, every national government is responsible for the nature and contents of all telecommunications messages originating within its territory. The national cipher agency may well have an obligation in international law to be able to break ciphers used by its citizens. In some Western European countries, a private person or firm wishing to use cryptography is obliged to deposit a copy of the keylist with the national Post, Telephone and Telegraph Agency." (p.202) Which is a great paragraph, except that it answers more questions then it raises: which countries, what are the penalties for not doing this, does it apply in United States or Canada (Carroll is a Canadian), and things like that. ................................................................simson BTW: If John M. Carroll *is* reading this mailing list, or if somebody on this mailing list knows him, please ask him to send me a message. I would like to ask him the reasons for some of the inaccuracies in his book. I'm curious if they are intentional or if they are for some sort of "security" reason. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987103105064500> From: kludge@pyr.gatech.edu (Scott Dorsey) 1-Nov-1987 12:46:45 To: misc-security@gatech.edu Subj: [1667] Re: Homing device, Shoplifting detector > To Wendy Fraker, who wants to track cars: I have never seen such a >device advertised. Unless it were a complicated (=expensive) inertial >guidance system gizmo, it would basically be something which gave off a signal >which you located by triangulation. The solution is to install a small oscillator transmitting on the Class C Citizens band in the remote car. Just put out a continuous signal at whatever power you can manage. If possible, run a wire to the car antenna, but a drag line will work. Now in the chase car, you have a loop antenna mounted on the roof (or a ferrite loopstick if you wish to be less conspicuous and can afford to lose the gain), going into a shortwave set with a BFO and an S-meter (like an old military rig or a ham mobile set). By rotating the antenna you can determine the direction of the signal from you. if the car is moving, you can follow it, keeping it at 0' at all times and hope that you are gaining. If it's stationary, you can take a bearing, move over a few blocks, take another bearing and triangulate. Years ago, Fudalla and Associates made a CB beeper. I think Miles Wireless Intercom made one using the FM band, and R.B. Clifton made a 49 MHz version, but it's been a long time since I've been looking at such devices. -- Scott Dorsey Kaptain_Kludge SnailMail: ICS Programming Lab, Georgia Tech, Box 36681, Atlanta, Georgia 30332 Internet: kludge@pyr.gatech.edu uucp: ...!{decvax,hplabs,ihnp4,linus,rutgers,seismo}!gatech!gitpyr!kludge ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987103112083700> From: gwyn@brl-smoke.arpa (Doug Gwyn ) 1-Nov-1987 19:48:37 To: misc-security@uunet.uu.net Subj: [2240] more about master key security In my previous message about techie school lock cracking, I forgot to mention a couple of other important issues. If one has an ordinary unprivileged operating key for a lock, and if the lock is master-keyed, then by disassembling the lock one can quickly determine possible master-key bittings. In particular, in a one-level mastering system, any split in a pin column that does not match the operating key bitting is almost certain to match the master key; if there is only one split in a column, then the master key must have the same bitting as the operating key in that column. This and the previous information I posted makes it clear that in order to gain reasonable security in a master-keyed system in an environment such as a college campus, the lock cylinders must be protected from removal for disassembly and inspection. Properly-installed Best mortise lock cylinders have this property, because they are fastened not only with the typical long screw against a notch in the side of the cylinder that can be loosened after removal of the plate on the side of the door, but they also have an internal diagonal set-screw that prevents simple removal of the cylinder unless the core is first removed with the control key. If the whole system is properly installed, there is no first loose cylinder to be removed to figure out the control key.. Use of restricted key sections can help, too, since one cannot simply buy such a blank at the local 7-11. However, a diligent lock cracker can make his own blanks. I knew a fellow who filed one out of a piece of stainless steel; if you have access to a milling machine, it is not hard to make a suitable key blank. I again remind you that I'm not recommending this activity, which involves more risks than anyone in his right mind should decide to take! It also usually involves property damage, which is unethical. I hope this information will help campus locksmiths improve the security of their lock systems to the point that few students will find this activity sufficiently rewarding to bother with, compared to the effort required. ----MESSAGE-END----