Have the Tobias boys done it again?? :)

[digital_blue]

http://www.thesidebar.org/insecurity/?p=248

I am told a follow-up article will be posted tomorrow on thesidebar.org. Stay tuned.

db

[lockaholic]

What a tease..... I need to hear more. When can I buy his next book? I really enjoyed "Open in thirty seconds."

[mh]

I am told a follow-up article will be posted tomorrow on thesidebar.org

Apparently not.
So what was this all about? Just the "they didn't give me locks to tests so they are probably not secure" thing?

Cheers,
mh

[jpb06080]

I doubt he picked a logic. Seems like a pretty good lock.

[mh]

I didn't find good cutaway pictures of the Logic locks, this is the best I could find
http://www.ikon.de/produktkatalog.php?l ... 0&ID=12089
(Verso Cliq is the identical system from Medeco's sister company IKON).

Any better pics out there?

Cheers
mh

[jpb06080]

Wanna bet?

Sure. MWT is full of exaggerations, and clearly has a chip on his shoulder towards medeco. Why does he continue to attack their product line? Maybe he should move on to something different. MTL seems to have vulnerabilities. Assa?

WHAT WE ASKED IN RETURN: That they would recall all locks that displayed design defects or deficiencies which could result in security vulnerabilities for their customers. In return we would agree to withhold any publication for at least three months, so long as the company would replace all products at no charge to the consumer.

Also, this is just absurd. Who does he think he is? Doing a recall on every medeco lock in existence?!?! He is asking medeco to go out of business. Besides, what makes him think he's going to do something to the lock that UL won't try? Also, Ive read about his findings on code setting keys, bumping medeco, etc, and I don't think theres anything in there that poses any real threat to the owner of a medeco. He acts like he has completely bypassed the security of medeco. He has done no such thing.

As a locksmith, the only thing I have seen that seems like it could be useful is JKs medecoder, and as he points out, ARX pins defeat this attack.

[mh]

Barry has a link on blackbag http://blackbag.nl/?p=441 to a new story by Wired Magazine:
http://www.wired.com/techbiz/people/mag ... _keymaster

The part that refers to this new attack on Logic and/or NexGen (?) is at the very end:
---
"As far as we can tell—and there's still testing to be done—we're talking about a full-blown engineering defect," he says, "like the Kryptonite. Any idiot can hack these locks in 10 seconds! Without leaving a single trace that they were there!"
Tobias points his pickle accusingly. "Tell me every college Coke machine won't get stripped!" he yells. "Tell me nobody's going to treat parking meters like cash machines! Or treat bill changers like bowls of bar peanuts! Hell, even you could do it!"
---

[jpb06080]

Fair enough. I'll read the book before I start bashing mtw anymore, but I do feel that medeco gets a bad wrap unnecessarily. Also, although this doesnt pertain to the security of the lock, medeco is a pleasure to work on. Master keying is straight forward as is dissasembly.

[Legion303]

Medeco makes fine locks. But you'll know Marc isn't giving them an unfair "bad rap" when you see the video (it's on the LSS+ Medeco supplement disk) of his co-author popping off the tailpiece in about 5 seconds with a simple tool.

-steve

[SnowyBoy]

I agree with this statement, It might appear to some people Marc really has it in for Medeco, but I say it is for good reason due to the arrogance of Medeco and their statements when confronted with flaws. Their continued discontent with the locksport community really REALLY annoys me, if they worked with us & took our findings and projected thoughts seriously on new lines their design & manufacture times would dramatically reduce. You'd think they would jump at the chance to offer locks to selected locksport groups for testing, but for some strange reason they think their in house techies (whom they pay ridiculous amounts of money I assume) are the best thing since sliced bread!

Good on Marc, I think his increased persistence towards Medeco & their trading practices (read attitude) will eventually make them understand that designing & manufacturing secure systems desperately needs an independent source to test their resistance as evidently their in house testers have become complacent from having a well know brand name backing them.