Category: Blog

Today a charming lady called me because she was locked out of her car.  After making quick work of opening the 2003 Saab, I returned to my own car to get back home before my better half.  In my haste, I inserted my motorcycle key into the ignition.  It felt like the first tooth might have cleared two wafers.

It was interesting being the 1% of people who could remove the key without actually getting any additional tools.  A lockpick was all that was necessary for manipulating the stuck wafers out of the way and getting the motorcycle key out.  It made me think what would happen to somebody else though.

For people without lockpicks or a firm understanding of how locks work, getting your key out will be more difficult.  The first step is of course to wiggle and pull the key lightly.  If you pull too hard you could bend the wafers and damage the lock.

The second step is to find something really thin made of metal, like a hacksaw blade.  You have to stick it in alongside the stuck key, right down the middle.  Then, you move it up and down and try to visualize what it is getting stuck on.  If you feel something that won’t move easily, try pushing slightly harder.  Hopefully it is the wafer that is sticking.

Of course, this whole process has an added level of complexity if you have successfully turned the ignition partially with the wrong key.  Then you have to torque it back into the position for taking the key out before performing the above steps.  You can also possibly remove the entire ignition if you have turned the key and more easily manipulate the inner workings of the ignition, assuming it is the type where the wafers are visible.  Don’t bend it too hard or you will shear off the key!  The best way to accomplish this is with some vicegrips and grip as close as possible to where the key comes into contact with the keyway.

Of course, if you mess anything up this was just friendly advice and I am not to be held liable for your own dumb self.  Call a pro if you can’t get it!

If you are like most Seattlites, you have a wireless access point transmitting and receiving your data for all the world to listen to.  If you are smart, you will encrypt this traffic using WPA2 using a complicated passphrase involving letters, numbers and symbols.  If you are really cagey, you won’t transmit information wirelessly at all but use ethernet cables.

The reason for this paranoia is that there are entire linux distributions written for the express purpose of decrypting your passphrases and gaining access to your wireless network, where various actions of ill intent can be taken such as hijacking your internet sessions with facebook or even worse your bank, accessing your financial records and important information about you that can be used to steal your identity, etc.  This can also be accomplished by those with less technical knowhow by applying elbow grease and digging through your trash.

How to prepare against this possibility?  Put a passphrase on your wireless internet.  Shred important documents.  Practice good computer security, i.e. don’t set up data shares without passwords on your home network.

There are programs available that can let somebody crack WEP in a few seconds flat, if the password is easy.  Likewise for windows user passwords.  Therefore, use strong encryption like WPA2 and use complicated passwords, and especially don’t use common passwords like the word password, because people who like to compromise networks have built dictionaries (called rainbow tables) of the most common passwords and can cycle through the 5000 most common ones in ten seconds.

If you are concerned about lending out a key to somebody and then they go to the hardware store (or Fred Meyer’s) and copy it and then give it back to you without telling you that they still retain a copy, you can prevent this hypothetical problem with getting keys in a restricted keyway.  This means that the profile of the key looking at it when pointed at your eye will be a different shape than fits in other locks.  This also means that people can’t buy the same key blank, and thus can’t copy your key.  If they had detailed information about the key they could copy it, or they could use a lost wax method or something to copy the key with a different medium than pre-cast key blanks.  They will also have to go to a great deal more trouble to do so however.  More trouble than simply pulling your door off with a tow hitch or blowtorching through your wall, etc.

The point of all of this is that with a restricted keyway, you can protect against a lot of scenarios involving security breaches that you can’t protect against if you have a common keyway.  The costs are minimal: changing your keyway won’t break the bank.  You are also not tied to my business.  If you want you can pay another locksmith to change the keyway.  If you want key copies however you have to come to me, and I maintain a database of who has what keys, and if you aren’t the same person who bought that key I will call the person in my database for that key.  That is called key control management, and it means that nobody has the key unless you give it to them.

When I rekey people’s houses I always ask if they would like one knob or lever to be keyed differently to allow them to give out a key to workmen.  On days when workers are expected, the deadbolt can be left unlocked and entry is permitted by unlocking the knob or lever.  When entry by people without the common housekey is not desired, the deadbolt is left locked.  This allows you to maintain a relatively safe and secure house though it still leaves you vulnerable to impressioning, picking and bumping.  Criminals don’t usually employ these methods but it is worth thinking about to employ a keyway that makes it almost impossible to use a bumpkey or impressioning on.  Such a lock is still susceptible to picking, but I also offer the upgrade of anti-pick pins which will defeat those of common criminal lockpicking skill.  If your door is thick and your door frame is secure and your lock is grade 2, with a restricted keyway and anti-pick pins you are going to be nearly unassailable.

For those who are interested in the most reasonable prices, I can also give you a less expensive keyway that isn’t restricted, but is old and unused by most and only a locksmith will probably have access to the same key blank.  Let me know!

Today I was reading lock related periodicals as I am wont to do when time weighs heavily and I came across some interesting information regarding masterlock.  Nobody thinks of this company as producing anything that could be called high security as everybody knows somebody that can open their combination locks using a pop can or by listening to the clicks and writing down numbers and doing a small amount of number crunching.

Apparently masterlock did a study on bumpkeying locks and figured out a way to prevent it.  Unfortunately the changes they made to their locks make it even easier to pick them.  You can turn the plug after setting 3 of the 4 pins!  They have always been easy to impression as well.  The silly part is that their locks are now being marketed as “high security” and “ultra security” at Home Depot even now.  Of course, none of this will stop anybody who has a $35 bolt cutter found farther down the store a few aisles, or even a digging bar that will fit in the shackle.

The best security against bumpkeying to my knowledge without buying better locks is to retrofit your locks with higher tension springs and spool pins or serrated pins.  These won’t stop bumpkeying but they will require about ten more taps which is enough to make burglars think twice in the middle of the night.  A well-lubricated Kwikset lock with no security pins only requires one or two taps, for comparison’s sake.

Some days we start at 5am and don’t stop working until after midnight.  There’s plenty of time for a nap in between jobs though!

Today I only had a few jobs and it left me some time to reflect on increasing door security (these are the things locksmiths muse about). A common mantra amongst the security conscious is that your total security is only as good as the weakest link in the chain. A good lock is only as good as the door and the door frame if somebody kicks your door.
The good news is that you don’t have to be a locksmith or a genius to improve your door security. You can certainly call a pro and get it done right probably, but you can also just buy a strip of steel and cut holes in it and screw it into your doorframe. One of my favorite sites has a walkthrough for how to do this.

Illustrating the idea is this wonderful video from a “master locksmith” in Atlanta:

I can also install a door jamb reinforcer for $60.  As mentioned above, you can do this yourself by screwing a strip of steel with holes for your strikes.  Or you could buy this thing for the same price as I charge to install one.

Don’t use kwikset smartkey!

I just bought this great key copier from a guy in Port Angeles who is getting out of the business.  I don’t know what he paid for it, but it looks like it must have been about $1000 after shipping.  He sold it to me for considerably less because he lost a retainer screw for the key stop that guides you where to put the key for copying.  It is the same retainer screw used in kwikset levers so I had a spare put in right fast.  A few small adjustments and I am in business.  The very first copy worked in my door.  I got curious about all of the various dials, though I think most of them are self-explanatory.  I wanted to make sure I understood this thing before I did something that would harm it so I emailed lockpicks.com and asked for the manual which they emailed to me.  Now I am in turn posting it so that anybody else with one of these doesn’t have to go to all the fake manual sites that are actually adwords spam farms like I did.

 

Many of you may have read in the news about the US government’s tracking of your internet and phone activities.  Some of you may use the common refrain, “I don’t do anything illegal, why should I care?”  I am interested in security and privacy.  My business has revolved around this from building fences to installing locks and modifying current locks and doors to increase security, and by way of increasing security, increase privacy.

My interest in secuirty and privacy extends to computers, and I am going to share a few tips on how to increase your security and privacy on your computer in the next few paragraphs.

Obviously you want to install a password on your computer, and probably want to install a password on your screensaver as well.  This makes it impossible for somebody to easily get your data if they break into your house and your computer is running.  To further improve this security aspect, have your computer housed in a desk that locks shut, and buy a computer case that has a locking door.  Also put a password in your BIOS.  And when you leave, lock your doors and windows.

To further improve your security, consider encrypting your home directory.  All of the major operating systems offer this feature.  This means that if somebody takes your hard drive home with them after a break-in, they can’t recover any data that was in your home directory without attempting to crack your password (you did pick a password with letters, numbers, and symbols in it, right?)

Use a different password for every website that has your personal information.  For forums or websites where you don’t care if somebody steals your password, use the same password but use a fake name.  Keep all of your passwords stored in a password keeper program like keepass.  Save your passwords in firefox but put an administrator password on your passwords that is difficult.

Put a password on your router and make sure it is wpa or wpa2 and has letters, numbers, and symbols.  There are rainbow tables for l33tsp3@k so don’t trust that.  Make sure that you install a scriptblocker like noscript and disable third party cookies.

Now that everything is encrypted and password protected, you may want to consider installing a proxy if you are concerned about google et al. knowing where you are browsing to.  Installing tor is a great way to anonymize what you are reading.  Install tor and then install foxyproxy in firefox and then run the tor wizard.  Then browse away.  One caveat: if you use tor, the NSA will automatically be barking up your tree.  The NSA probably also runs a few tor exit nodes as well out of interest in what people are using anonymous proxies in the USA for.

Don’t use smartphones.  They record everything you do and everywhere you go.  If you want to be private, use a dumbphone at the very least, and preferably use a landline only.  Who knows, all the warnings about testicular cancer and brain cancer from cellphone use may turn out to be true and then you would be ahead of the game.  If you do buy a smartphone, register a new email address with it that you don’t trust, and use cash when you buy a phone plan that is month to month, like simplemobile.  If you want to be really really private, buy the burner app and buy a new phone number to give out.

Don’t use social media like facebook and tumblr.  These are made to track you.  There is a reason you don’t pay for them: you are the product.  Your information is sold to advertisers to fund the expensive bandwidth and maintenance of these websites.  My rinkydink website hardly anybody visits costs a fair amount a month, so I hate to know what facebook pays per month for bandwidth.

If you follow all of this advice, the NSA will most likely be very interested in your behaviour.  If a lot of us follow this advice, the NSA will have difficulty tracking us.  They may remedy this situation by increasing their budget from congress but free software programmers will no doubt up the ante by releasing new and better tools for maintaining your privacy and security.  Good luck with maintaining these hard-to-find and disappearing facets of a free country.