Security by Insecurity = Insecurity
by DocSlow 

     The rather expensive education of protecting your personal belongings from 
theft offered up by many so-called security "experts" usually involves 
obfuscating the simplicity with which most barriers can be bypassed.  This is 
simply a part of the flawed concept of "security by obscurity" that many 
self-proclaimed security authorities pass on to everyman as their intimate 
brand of super-secret technical wizardry.  These security experts want us to
believe that they can, for a fee, mentor us on how to secure our most treasured
belongings. More often than not, their instruction is completely invalid. 

     Last year, at DEFCON, there was an entire ballroom reserved for nothing but
lock picking.  Hackers have always had a romantic fascination with picking locks
(myself included), and this ballroom was packed with those who were teaching
techniques, some of them selling wares, and there were a host of avid students 
of the sport. 

     Let's just focus for a minute on your transportation.  I'm sure you've all
seen the movies where there are elaborate collections of "high-tech" tools used
to start a car (especially those with a steering console ignition) minus a key.
Usually, these absurd methods either involve large vise-like tools (e.g., slide 
hammer puller) that remove the lock from the console (and expose an abysmal
myriad of color-coded wires), or the use of brand-specific bypass keys, and 
many yet still show the silliness of pulling a few wires from underneath the 
dashboard to simply "hotwire" the ignition.  Most of these Hollywood techniques
irreparably damage the vehicle in some way, and all of them offer nothing in 
the form of car-jacking reality.  Real car thieves are having a good laugh. 

     A good locksmith (one that knows the true intricacies of locking 
mechanisms) can open your car and start it in seconds, without the use of any 
high-tech gear.  No need for Slim Jims, pick guns, or Lever Wedges (expensive 
lock picking tools marketed to the programming equivalent of script kiddies). 
The job can be done with nothing more than a couple of simple rake picks.  And 
the beauty of a steering console ignition is that you don't need any 
sophisticated external leverage device to tum the lock - it's built in to most 
console ignition locks. 

     While I've heard that the use of two simple jagged rake picks can do the 
job in short order, one might also use a snake rake pick and a double ball pick.
But simple rake picks work just fine, as they do on almost all locks. 

     To test this theory (one that I acquired from real experts), I performed a 
quick trial run on several subjects that included all manner of console  
ignition switches, and all turned out to be easy "pickings."   

     My first test case, a 1995 Jeep Grand Cherokee, proved to be a reference 
standard for all other experiments.  The first attempt at entering the vehicle
and successfully starting it took a little under 30 seconds.  Most others took a
similar amount of time. 

     And, remember, the beauty of 4-inch slender picking tools is that if the 
cops show up in under the 30 seconds it takes to drive off with your cache, you 
can quickly and easily hide them in your shoe (or wherever your imagination 
takes you), and claim that all cars look alike these days. 

     Oh yeah, and getting into your house is even easier. 

     No, I'm not providing you with exact details on how to do this, but, we're
just speaking hypothetically here (yes, that's a disclaimer). 

     To quickly conclude... this is why some governments hire hackers.  Hackers
don't bullshit you about your security.  They show you how easy it is to break 
in and steal your shit (after the "security experts" have "consulted" you that 
your  security is now OK - subsequently implementing a whole host of useless
measures), and hackers prove that their possession of real security knowl­edge
far surpasses that of the "security expert." 

     Obscure that.