Locksport F.U.D.

Below is an email I sent to a "journalist" named Chip Johnson and the editor of his paper, about the recent hatchet job he posted in SFGate about locksport.

I quote the words Journalist, because Mr. Johnson, in my opinion  did not stand up to the journalistic qualities I learned while writing for a college news paper. I actually think that this article wouldn't even have been accepted by said college news paper. The article Mr. Johnson wrote was filled with senstionalist quotes, and a lack of understanding that is the core of  Locksport and the value it brings.

Read the article here: http://www.sfgate.com/bayarea/article/Quan-s-wrong-note-on-lock-picking-class-4318130.php

--- begin email ---

From: Chris J
To: chjohnson@sfchronicle.com
Cc: wbushee@sfchronicle.com, deviant.ollam@toool.us
Subject: recent lock picking article
Date: Thu, 28 Feb 2013 23:32:33 -0500


Dear Mr. Johnson,

I recently read your article on SFGate Chronical's site about Quan's
news letter containing lock picking. I found the article poorly
researched, and borderline libelous.
http://www.sfgate.com/bayarea/article/Quan-s-wrong-note-on-lock-picking-class-4318130.php

I teach lock picking, along with other forms of physical security. While
I run a lock sport group, I am not speaking for any organization.

The poorly researched aspect:

The lock on the door to your home, is based on a design that dates back
to the ancient Egyptians. The current style of lock most people are
familiar with, is the Yale style lock. It's design dates back to the the
1800s. Created in the 1840s by Linus Yale Senior, and patented in 1861
by his son Linus Yale Junior.
http://www.yalelock.com/en/yale/com/About-Yale/History-of-Yale/

If you were to look deeper, you'll see that most of the features that
have improved locks in the last several years are because of groups like
TOOOL, Locksport International, The Fraternal Order Of Lockpickers, and
others. By showing people how weak the security really is, consumers
have started to demand better quality products.

Did you know you can either bounce most safes, or hit them with a hammer
and open them? These include gun safes. The groups you link to criminals
do, and they share that information with the world.
http://lifehacker.com/5853610/crack-almost-any-electronic-safe-with-just-a-bounce

At Maker Faire (http://makerfaire.com/), a huge event held in the Bay
Area, you'll find they have a Lockpick Village there as well. It is
usually staffed by lock sport enthusiasts sharing the skills and
knowledge.


The Borderline Libelous aspect.

In your article, you have associated lock picking with crime and
terrorism, and did little to argue against that.

Picking locks takes time, and skill. It is much faster to do a smash and
grab. Was any research done, looking in to how many homes in your area
were burglarized that had the locks picked?

Is picking a lock you own illegal?

quote:
' "Oakland Police Chief Howard Jordan was not pleased.

"I'm in shock that people would provide a class to teach people a skill
to violate the law," Jordan said. "It's unconscionable."'

One thing that is stressed is to only pick locks one has permission to
pick.


Picking a lock, is not like building an IED. But your article associates
lock picking to terrorism, and terrorist acts.
quote:
' "Given the uncontrollable crime in Oakland, we are beyond ourselves
that Oakland can advertise an event on lock-picking. It's akin to
teaching a class on making IEDs in Iraq." '


The call a locksmith comment by the Chief of Police also does your
readers a dis-service.

quote:
'Jordan has a more conventional solution to that problem: "Call a
locksmith!"'

There are plenty of cases where people have created fraudulent locksmith
companies, and are preying on people.
http://consumerist.com/tag/locksmiths/

By learning the skills of lock picking, it helps to protect people from
being preyed upon.


The truth is, locksport is one of the ways to improve security for
everyone. It gives people a better understanding of the things securing
their lives, instead of them taking "you're secure" on blind faith. It
prevents them from being taken advantage of. Kids learning how to pick
locks today, are given an opportunity to learn a recession proof skill,
that can lead to a decent living as a Locksmith, or in personal
security.

Christopher Jenks

Open Letter to Auto Industry

Dear Auto Industry.

I understand that brand loyalty is important to you, so I'm left wondering why building said loyalty isn't considered an important part of your business.

Zappos has been known as one of the better places to buy shoes from. Part of this is because to them Customer Service is important to them, and actually make all there staff work the customer service department when they first start. Domino's knows that making the best possible pizza is the important part of their business, and all there staff work in a kitchen for a week on at least once a year.

If American car makers, or any other for that matter, want to build loyalty, may I suggest that you make your car designers  and anyone not working a line, to work in a factory for at least a week. I would also suggest following that up with having them work in garages fixing the cars for a week.

The garage week should be spent doing simple tasks. Replacing radios, changing light bulbs, fixing squeaky doors, fixing broken windows and the mechanisms that allow the windows to go up and down, and changing oil. Mainly the things that should be simple tasks for those that like to feel an owner ship of their car by fixing the small things themselves. For example I'm sure if the people designing the engine compartment had to take the battery out, and force a bundle of wires out of the way just to change a light bulb, they'd design better engine compartments.

If they don't have a passion for the car, why do you want them working for you anyway. It's like when Zappos offers to buy out and employee after a week of two of work. It shows if the person is there because they want the paycheck, or because they love the product. Sadly Henry Ford didn't have the foresight to come up with that. Instead he created the $5.00 day. Which brought people who cared about pay more than building the car.

It's time to change the culture, and start making cars that people enjoy working on, and driving so they will have a brand loyalty to you. The Maker culture is here and it is growing. People are remembering working with their hands and doing something themselves gives them a great feeling. You should embrace that more than alienate them. I know for a fact that there are Makers working "White Collar" jobs in the auto industry. I've worked with several of them at 2 of the Big Three. Heck one of my co-workers, in a white collar position at one of the Big 3, is looking at buying a project car. And I of course like to change the light bulbs when they burn out, without having the pull a battery, and force wires out of the way.

Really?

Dallas Police Depart@DallasPD

Our apologies for the fruit Ninja tweet sent earlier. One of our kids played the game on our iPhone and unknowingly tweeted their score.

12:22am · 27 Jan 13 · Twitter for iPhone

Really? Seriously? I'm left wondering. Was this IPhone issued by the department? If it was, why was it where a child could reach it. If I was his superior, I would seriously be asking some questions. Maybe I'm jaded from the bs that happened with the ex-Mayor in Detroit.

Look, I get that Chefs bring their own knives, and that mechanics bring their own tools. However... BYOD is a bad idea. Tell me when has an accountant, a CEO, Lawyer, or any other business unit brought their own filing cabinet, corporate ledger, etc. Ok I know they have the briefcases, file folios and the like, but the damage is smaller with those. It's not everything.

I understand we have commoditized computers and technology, but people really need to think about what that piece of tech does before that hand it someone else.

Sure there are some questions, was it a work phone or a personal phone. If it's personal why does it have work stuff on it? If it's business why is he being handed to a kid, I'd be worried about them reading the other stuff on the phone.

Lastly I'm curious, would this officer hand his service weapon to his child to play with, or leave it laying around where the kid could get it? I'm sure he is shamed by this point, but seriously it is time to have grown up conversations about BYOD and how the devices are used outside of work.  

Finally...

After 140+ miles, 38 hours and 6 minutes of training time, and just over 2 years (Started in December of 2010), I finally, FINALLY cleared 5k.

Down sides. on a treadmill. 5 minutes walking, 30 jogging / running, 5 minutes walking. total time 40 minutes.

I never got past week 8 of couch to 5k (offically), but I do know week 9 was the times I listed above. So I call couch to 5k complete. Now to improve my time.

All these years and I still don't get it.

So back in the day, when the internet was new (and I really mean that, when it was new), a co-worker of mine was blown away. We were NOC techs (and he the senior tech) for one of the original six backbone providers; the people the government turned the DARPANet over to, to be the Internet. I told you I was serious about the internet being new.

Anyway, CIDR was still something everyone was trying to get their heads around. There was a great cheat sheet someone had made, but we couldn't remember where to get it. So my co-worker went to a search engine (back before there was Google), yahoo I think, or maybe dogpile.

Anyway, my co-worker searched for it on the internet. He went from his computer in the Network Operations Center, to a computer in California, only to find that the first link was on a computer sitting 10 feet away from us.

For some reason, this blew his mind, and he spent a good hour of our shift flipping out over it and trying to make me understand just how awesome it was that a computer in California, knew the contents of the computer behind us in the NOC.

Still don't see why it was so awesome...

Probably because I spent time on BBS systems connected to DARPANent when I was teen, and was already used to it.

looks like someone's tool is a little broken

So got a bunch of emails today, via deny hosts. Lots of traffic at my ssh server. Running failed (there is an old version on the blog, I'll add the latest version below), I saw the typical automated attack mess. But one thing caught my eye. In the invalid user section.


Oct 20 18:56:52 from root
Oct 20 19:23:57 from root

Hmm... those don't conform to my normal search for that section.

Now all failed does, is goes through and parses my auth / secure log for matched failed instances. And here is what was in the log file.


Oct 20 18:56:52 $SERVER_NAME sshd[11347]: Failed password for invalid user root b0#pdl!PP from $ATTACK_IP port 55778 ssh2

Oct 20 19:23:57 $SERVER_NAME sshd[31205]: Failed password for invalid user root c from $ATTACK_IP port 42388 ssh2

From the lines in the logs. It looks like they sent the password as part of the user name. that or my system was being slow and their's faster.

The shell script "failed"

#! /bin/sh

# checks for /var/log/auth.log for login failures.

# version 0.2

# chrisj@rattis.net

# prints failed invalid users

echo "Failed Invalid User Attempts"

grep "Failed" /var/log/auth.log | grep -i 'invalid' | awk '{print $1,$2,$3,$13,$11}' | sort -u

echo ' '

#prints failed vailid users, except for me.

echo "Failed Valid User Attempts"

grep "Failed" /var/log/auth.log | grep -vi 'invalid' |  awk '{print $1,$2,$3,$11,$9}' | sort -u

echo ' '

if you want to be a hacker, go read this

Alex, a good friend of mine and a former Eastern Michigan IA student, wrote a great article for his company's blog. You really should go read it

"The first few months of penetration testing, what they don't teach you in school."