http://www.twincities.com/mld/twincities/living/15473832.htm By JULIO OJEDA-ZAPATA Pioneer Press Sept. 11, 2006 Computer-hardware makers keep churning out new laptop locks, and Marc Tobias keeps trying to crack them often with what he said is absurd ease. His new victim: Targus' Defcon CL Armor Combo Cable Lock. It's the latest in a series of devices with reinforced cables designed to lash a laptop (or any other computer with a built-in security slot) to an immovable object. Targus said it released the new lock partly in response to 2004 reports that an earlier version of the lock could be cracked with little effort as Tobias dramatically demonstrated to a Pioneer Press reporter at the time. But the new lock is all but worthless, said Tobias, a South Dakota lock and lock-picking authority. The $55 device, like its predecessor, sports a combination-style mechanism that slips into a security slot so a laptop can't be moved. But, much like the flawed earlier version, the new lock can be probed with ordinary objects a length of wire, a straightened paperclip or a sliver of pop-can metal, in this case to ascertain its combination, according to Tobias. This chore can be completed in minutes with little training, he argues. "Targus has learned little from their original mistake," Tobias writes in an analysis of the locking mechanism. It "continues to put laptop users at a significant risk of loss and theft." Targus' much-ballyhooed "steel-on-steel, extreme-cut-resistant" cable is also fatally flawed, Tobias said. Ringlets used to sheath the cable are, indeed, difficult to damage, he acknowledges. But a thief need only pry apart two of the ringlets to get at the cable beneath and slice it with ordinary cutting tools sold in hardware stores, he said. An outer transparent-plastic coating provides little protection because it can be easily cut or melted, Tobias adds. "Although the (lock) appears to be virtually invincible, it is not," said Tobias, who suggests Targus hire better engineers. Tobias has details on the Targus lock and its vulnerabilities at www.security.org. He said recently released Kensington and PC Guardian locks have better locking mechanisms and harder-to-cut cables that offer far better if never absolute security for computer users. Targus defends its lock. "Based on our internal tests, the ringlets on our Defcon Armor lock are snug and have some movement to allow flexibility of the cable and still protect the cable from cable cutters," product manager Henry Watanabe said in a statement. "Our notebook lock is foremost a theft-deterrent device," Watanabe said, "and is one of the most robust notebook cable locks available in the market." Poorly reinforced security slots built into some laptops are "the weakest link" when using such locks, Watanabe argues. "The strength of (that) attach point varies quite widely from notebook to notebook. The stronger the attach point, the more secure the notebook." Tobias agrees that a computer lock's mechanism or the strength of its cable is irrelevant if a computer's security slot is easy to compromise. He said the slots must be cut into a hardened-metal portion of a computer or reinforced somehow. But, as the Pioneer Press recently found, ripping locks from too-fragile slots such as those built into certain HP laptops is all but effortless. -=- Julio Ojeda-Zapata can be reached at jojeda (at) pioneerpress.com or 651-228-5467. For more personal technology on the Web or via RSS, go to TwinCities.com and click "Business," then "Personal Tech." 2006 St. Paul Pioneer Press and wire service sources. All Rights Reserved. _________________________________ HITBSecConf2006 - Malaysia The largest network security event in Asia 32 internationally renowned speakers 7 tracks of hands-on technical training sessions. Register now: http://conference.hitb.org/hitbsecconf2006kl/
This archive was generated by hypermail 2.1.3 : Tue Sep 12 2006 - 00:40:45 PDT