{"id":1021,"date":"2009-09-28T10:37:54","date_gmt":"2009-09-28T08:37:54","guid":{"rendered":"http:\/\/blackbag.toool.nl\/?p=1021"},"modified":"2009-09-28T10:37:54","modified_gmt":"2009-09-28T08:37:54","slug":"what-is-the-lifetime-of-a-public-secret","status":"publish","type":"post","link":"https:\/\/blackbag.toool.nl\/?p=1021","title":{"rendered":"What is the lifetime of a ‘public secret’?"},"content":{"rendered":"

I wrote about public research<\/a> before. As far as I am concerned research should be done out in the open. And all parties involved should know the vulnerabilities in detail. And parties involved for me are: the (potential) customers, the manufacturer and the rest of the research field (in other words: everybody). It is a fact that if you make a public announcement revealing eighty (or more) percent of your discovery, some clever person will stand up and fill in the missing part. And the more common a lock is, the sooner this will happen (as people have hardware to compare and try attacks on). <\/p>\n

\"Bi-Axial<\/a><\/p>\n

The greatest and most clever ‘lock hack’ I have even seen is a method to bypass some Medeco sidebar locks (on locks with bi-axial pins, filled by the official codebook, manufactured before Q4 2007). Marc Tobias and Tobias Bluzmanis hacked the lock and even wrote a book<\/a> about it … an all time classic and ‘must read’ if you ask me (and I wrote the foreword<\/a>). However, the book does not reveal the last twenty percent needed to actually make the so called ‘code setting keys’ that are needed to bump and\/or pick open the locks. <\/p>\n

I learned some time ago someone did his\/her homework and published the findings on the net. A document called ‘code set.zip<\/a>‘ appeared on a site called ‘mega upload’….<\/p>\n

I wonder how long it takes before someone will post a cliq.zip<\/a> there …. <\/p>\n","protected":false},"excerpt":{"rendered":"

Someone revealed the code-setting keys for Medeco on a site called mega upload …<\/p>\n","protected":false},"author":171,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"_links":{"self":[{"href":"https:\/\/blackbag.toool.nl\/index.php?rest_route=\/wp\/v2\/posts\/1021"}],"collection":[{"href":"https:\/\/blackbag.toool.nl\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blackbag.toool.nl\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blackbag.toool.nl\/index.php?rest_route=\/wp\/v2\/users\/171"}],"replies":[{"embeddable":true,"href":"https:\/\/blackbag.toool.nl\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1021"}],"version-history":[{"count":1,"href":"https:\/\/blackbag.toool.nl\/index.php?rest_route=\/wp\/v2\/posts\/1021\/revisions"}],"predecessor-version":[{"id":4186,"href":"https:\/\/blackbag.toool.nl\/index.php?rest_route=\/wp\/v2\/posts\/1021\/revisions\/4186"}],"wp:attachment":[{"href":"https:\/\/blackbag.toool.nl\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1021"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blackbag.toool.nl\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1021"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blackbag.toool.nl\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1021"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}