For an electronics person: Rewire the keypad so it enters different numbers than the legend. That way the manufacturer code will only work if you know the new layout.
@DeviantOllam Жыл бұрын
hahaha that's amazing
@MichaelMaynard Жыл бұрын
This may be the smartest comment on the video, kudos.
@GashimahironChl Жыл бұрын
I've done this as a joke on one of the doorway access control keypads at my old tech school, but it never occured to me that my mild amount of trolling could have genuine security applications... until now.
@H3110NU Жыл бұрын
back in 95/96 in typing class we used to flip the m and n (or reverse the num pad) keys to mess with our friends…
@mikes_.5_cent Жыл бұрын
@@H3110NU I had a supervisor ask me to clean a keyboard one time. I accidentally put some of the keys on wrong, then got a call because a keyboard was giving the wrong letters. 😀
@jessharriman3254 Жыл бұрын
I did a brute force attack on a combo lock at a place I was renting. It was a 4 digit lock, I figured I could start at 0000 and go through several numbers every time I walked by. Set it to 0000, and it opened
@DeviantOllam Жыл бұрын
flawless victory
@bholdr----0 Жыл бұрын
Some people could conclude that they iuggt to set their code to 9999!
@Laotzu.Goldbug Жыл бұрын
@@bholdr----0slightly more smart but not smart enough people will pick 5555
@mattgayda2840 Жыл бұрын
Pay attention to what Liberty isn't saying, their keypad vendor still has these codes. They'll just redirect the call to them! Keypad swaps will become a niche market for a while. For the time being you can remove the SN and have a swap party with friends
@DeviantOllam Жыл бұрын
Indeed.... S&G or AmSec or Securam or whomever will still have the details, most likely.
@TMS5100 Жыл бұрын
@@DeviantOllam for amsec and fort knox safes that would be la gard / dormakaba /kaba mas
@delta3244 Жыл бұрын
21:00 - Ian has said things like this before, though he's never done a deep dive into when or why this specific act can be held against a person in court. In his recent Liberty Safe videos, he went at it from the angle of (paraphrased) "cops love to say that a search was consentual when their warrents are challenged (since establishing it renders the validity of the warrent moot). If they had to destructively open your safe, that provides strong evidence that the search wasn't consentual." In the past, within a video titled "why your spouse needs a gun license (if you are a gun owner)," he pointed out that the police can use the tatic of asking your spouse to open your safe containing your guns to demonstrate that they are in possession of the guns, and thereby justify laying charges against them if they lack a license. It is important to note that Ian has not stated that "opening a safe can be used against you in court" in such general terms. It is also important to note that he talks to Canadian law most of the time, which may not relate 1:1 with the US (but is often similar).
@JaedoDrax Жыл бұрын
"why your spouse needs a gun license" is a specific Canada problem, under it's tyrannical gun licensing regeime
@delta3244 Жыл бұрын
@@JaedoDrax Regardless of what it is, it serves to demonstrate the point that opening a safe is an admission in some sense.
@ZarkowsWorld Жыл бұрын
My wife does not have the safe code, so she cannot be taken by this trap.
@johanneswerner1140 Жыл бұрын
If you have access to the gun you need a license. If you keep your gun in a place where a non-licensed person can access it, you should lose your license (in many countries you do). I cannot see the problem. The rules are quite clear on this, as far as I understand rules in some European countries - of course. I find these very simple rules pretty clear .
@delta3244 Жыл бұрын
@@johanneswerner1140 This topic is irrelevant to my comment, because my comment is solely about the risks of opening a safe for LE and contains no moral judgements of one's hypothetical actions as a gun owner, but there _is_ a problem. It lies in the element you neglected to mention: that one's spouse gets charged with possession. They don't choose whether one shares the code with them, and it should go without saying that the vast majority of couples will live in the same building as a matter of course. Charging them over the choices of their spouse strikes me as a clear injustice. I will not comment on whether I think people should lose their license over telling their spouse the gun safe combination or key location, because this strikes me as a place where reasonable minds will differ with little room for productive debate. I'd be happy to explain why people may have either opinion if you'd like, but my own opinion will remain unsaid. (edit: typo; fixed "producitive" because it was bothering me)
@rooster6271 Жыл бұрын
So to be clear, the company who sold you out would like to compensate you by promising to delete the override code on your safe. The only thing is, you have to trust them again.
@mpioman9885 Жыл бұрын
Talking about a company's promise to respect user privacy calls to mind a recent article I saw highlighting one of the private DNA/genetics analysis services who give customers an option, and their promise, to opt their genetic data out of law enforcement searches. It came out that not only was there a backdoor to bypass that choice, but members of the company willingly used the backdoor to specifically search within the database of opted out users in searches at the direct request of law enforcement. And certainly in the absence of subpoena.
@mpioman9885 Жыл бұрын
I really hope to see a widespread push for better privacy and accountability from these large corporations that we're practically forced to use. For everyone's sake. Thanks for the great informative content as always Dev!
@Tomeccho Жыл бұрын
@@mpioman9885...and that will happen the same day the Patriot Act gets repealed. ie Don't hold your breath. The willingness with which citizens hand over vast amounts of private data to third parties through mostly unread but agreed to Terms & Conditions - information most would never willingly or knowingly give to governing bodies and enforcement agencies - is just far too convenient for governments worldwide to pass up or ignore.
@SnakebitSTI Жыл бұрын
If a company has access to data, expect bored employees to look at that data if nothing else.
@jessthemullet Жыл бұрын
I mentioned it on another video, but my experience with Liberty was totally 180° from how this mess all went down. A friend passed away, and I was helping his family (and the executor of his trust/will) get into his safes. The person I talked to at Liberty on the phone was sympathetic, but stuck to sensible, professional security responses and wanted actual physical paperwork vetting us and proving we hadn't stolen the safe we were trying to access. I got the impression that they took it seriously and I felt *better* after talking with them when it was all going down. I'm just disappointed they'd change their policies and approach so drastically when law enforcement concerned.
@tomferrin1148 Жыл бұрын
If Liberty Safe hadn't taken that stance with you, their reputation would be totally trashed forever. There can be no legitimate argument, _ever_, to provide a master code or MCA based on just a phone call or two, not even if the incoming caller ID shows it to be from someone Liberty knows and trusts. I'm sorry for the loss of your friend, but people who own safes die all the time and their death doesn't give anyone the right to access their property, whether it's their family or their executor, without a court order. That court order can then be used by a locksmith to legally open the safe, either destructively or non-destructively if they have the means.
@jessthemullet Жыл бұрын
@@tomferrin1148 That's what I was saying, I fully expected that response from them, and I'm disappointed they flip flopped on it for the feds. As a random citizen, they rightfully expected me to prove who I was and why I should have access. I hoped they were like that with everybody. If the policy is "we need bona fide physical paperwork to cover our asses" that would be perfectly reasonable. The issue here with liberty is that they didn't stick to that policy with the feds, and word got out.
@bertkelher4970 Жыл бұрын
I appreciate a non screaming analysis of the situation.
@Agent22817 Жыл бұрын
Runkle has advised that the gov't having to destructively open your safe is also useful as evidence in that it shows you did not willingly consent to the search of your safe.
@RobertSzasz Жыл бұрын
Is that the "calling my client a piece of shit is defamation, as he isn't a literal piece of feces" guy?
@Agent22817 Жыл бұрын
@@RobertSzasz not that I know of. It's the lawyer, Ian Runkle/Runkle of the bailey, that is referenced a few times in this video.
@RobertSzasz Жыл бұрын
@@Agent22817 he's part of the whole Vic Mignogna lolyer circle though?
@theKashConnoisseur Жыл бұрын
@@RobertSzasz Runkle is Canadian lol, he's got nothing to do with Mignogna.
@marcogenovesi8570 Жыл бұрын
Gotta love all the security by obscurity going on in the lock industry, that's been their mantra since forever.
@djcfrompt Жыл бұрын
"Gravy seals" in your last video I had heard before. "Beer gut putsch" was a new one that left me laughing for a full minute.
@jrmbayne Жыл бұрын
Thanks, DevO. I've always appreciated your well-reasoned insight coming from the opposite side of the political spectrum. There's a lot of disturbing government overreach no matter how one views the politics. It fascinates me how polarizing this issue is, when it REALLY shouldn't be.
@TMS5100 Жыл бұрын
authoritarians are the only ones who think any of this is even remotely ok.
@ColonizerChan Жыл бұрын
I mean the guy did something absolutely illegal, and we all knew this was gonna be route the Feds were gonna take. I.e. let them walk in and expose themselves, keep people protected, and catch anyone they can later. However, yeah, it is still concerning how many backdoors and vulnerabilities there are in technology these days. Mfs wonder why I prefer my early 00s car (edit, also just don't buy a Kia if you don't know about that backdoor)
@churblefurbles Жыл бұрын
@@TMS5100 He defends authoritarians, the regime is putting people in prison over memes for decades, prosecuting people who didn't even show up for a protest even, this is on him.
@bandana_girl6507 Жыл бұрын
Staying off people's radar is just so big of a suggestion. I hadn't gotten any phishing emails until I started my most recent job. And even now, I only get phishing emails to my work email. As much as I hate the idea of security through obscurity, it actually works as a front line to just not be a target for attacks
@delta3244 Жыл бұрын
The problem with security _through_ obscurity is that the obscurity is the only line of defense, and anyone knowledgeable of your secrets has already defeated your security. Obscurity as a layer of security does work.
@DRNewcomb Жыл бұрын
1) I once had a faulty mechanical combination lock on a two-drawer Mossler file that frustrated the locksmiths' attempt at manipulation. Because of the remote location they were not able to bring their "special" tools. We ended cutting it open with a exothermic torch. Moral of story, if the FBI has a warrant, they're going to get into your safe. It may be the easy way or the hard way but they're going to get in. 2). When the electronic lock on my safe was starting to fail, I decided to replace it with a mechanical one. I knew that mechanical locks were subject to manipulation, thus less secure. OTOH they work for many years without issues and are not subject to EMP. I now know that they also don't have any "backdoor" codes.
@lostboytnt1 Жыл бұрын
One of the things that people in the non-security industry don't realize, it doesn't matter what your security is, on your home, on your safe, on anything. If someone wants entry bad enough, they can, and will get it. It only comes down to how difficult it is. You could have the biggest most secure safe in the world, a properly placed tap drill, a bit of thermite on the hinges, a chop saw, an autodialer, and various other forceful entry methods can, and always are an option, it's just how much time and effort it takes. Yes, non destructive methods are always preferable, and often quicker, but Even a heavy duty safe, buried in a panic room, guarded by an army of security personnel, still . is . vulnerable. Just less so.
@cagneybillingsley2165 Жыл бұрын
your attempt to sound studied failed. being invaded by a crack team of heisters with drills and explosives is not a realistic expectation for most people. it would have been smarter to simply advise people to invest in ways to hide the safe behind a false wall or something similar. but yes, ultimately the government will get into your safe using brute force methods if they wanted, another reason to invest in opsec so that isn't a problem in the first place
@lostboytnt1 Жыл бұрын
@@cagneybillingsley2165 wasn't attempting to sound anything.. Just saying, where there's a will, there's a way.
@grayrabbit2211 Жыл бұрын
Security is there to deter and slow people down. There are some homes south of me which have priceless master works of art. They have some amazing security procedures and systems, but even their installers (and their insurance cos) warned them that none of this is foolproof. Given enough time and resources, it's all defeatable.
@purplepenguin43 Жыл бұрын
the fire department with a gas chop saw could have gotten into the safe faster then It took the feds to get past call screening with the manufacturer.
@tohothewriter8002 Жыл бұрын
That's common sense, which isn't very common nowadays, unfortunately. XD
@GulfCoastNihilist Жыл бұрын
I have no trust in any company who has collected my data (either with or without my consent) to actually delete my data upon request.
@gluuuuue Жыл бұрын
The most “trustworthy” (systems, algorithms, protocols, schemas) are ones where you can safely know you don’t have to put your trust in another party.
@Keneo1 Жыл бұрын
You shouldn’t. They probably have backups of that data somewhere and no process to clean those ho, so it could all just reappear after a restore from backup.
@ponderinggeek7861 Жыл бұрын
Something else that safe owners may not know is their lockable dials are often keyed alike. This is not the internal lock that locks the safe's bolt work and keeps the safe shut. This is just a small lock for the outside dial on mechanical locks. S&G, and others, offer lockable dials as a small form of nuisance protection. S&G does offer them to be keyed different, but most safe manufacturers are ordering these keyed alike. They do this so it's easier to stock parts, replace keys, etc... But this means if my neighbor and I both have Liberty safes with lockable dials, it's probably the same key. All liberty safes I've ran across with lockable dials use the same key. IMO I wish safe companies wouldn't do this as the "default". They don't tell customers they are keyed alike and there is already too much key sharing in this world. cough-CH751-cough
@gcflower995 ай бұрын
@ponderinggeek7861: My RV lock has entered the chat!
@iankester-haney3315 Жыл бұрын
I feel bad for the folks who thought Liberty would stand up for their rights. You can never trust a third party against government intrusion, either formal subpoena or simple request. Never trust a third party. Even Chinese or European entities can be forced to disclose info they have. The only difference are the hoops the government has to jump through. This is well known to any InfoSec professional.
@1rbdfl Жыл бұрын
no for profit venture of any type stands up for their rights, let alone their customers'.. that's not good business.
@1rbdfl Жыл бұрын
correction, very few for profit... etc.
@PrivateUsername Жыл бұрын
Sure. However, the government will get into the safe if they have a reason to; if someone is a J6 douchebag, their safe will be opened. The only question is if the safe will still be be serviceable in 10 years or whatever when they are out of prison, or if it has a large hole cut in the side of it. A Liberty safe is not meant to keep out a state actor. It's meant to keep out the basic crackhead or withstand a house fire or similar. So in this case this guy's kids will get a working safe instead of having to get a scrap company to come remove a half-ton block of useless steel and gypsum. Don't buy a commercial safe of any brand if you need to keep out the government.
@theKashConnoisseur Жыл бұрын
Apple seems to do a decent job at it, which is saying a lot considering the politics of most silicon valley corps.
@mycosys Жыл бұрын
A really good rule of thumb is any business marketing to your patriotism is taking advantage of you.
@theoneleggedraven1940 Жыл бұрын
Preach, Deev. We need to know as much as possible about as much as possible: especially our safety and privacy. Keep up the stellar work.
@DeviantOllam Жыл бұрын
Thanks for the very kind feedback!
@keithduthie Жыл бұрын
Ian was talking about this on the "Legal Friday" livestream on the "Laid Back News" channel earlier today, and he mentioned the whole thing around knowing the safe code implies knowledge and/or ownership of the contents.
@petergerdes1094 Жыл бұрын
Also, part of criminal litigation is simply raising the cost to the prosecution. They are balancing both the chance of success and the resources it would take to bring you to trial against any plea they offer or a potential deciscion not to prosecute. Yes, (not definitively settled but see law prof Orin Kerr's discussion) the gov can almost certainly compell you to produce the code to either decrpyt your data or open your safe -- provided they can prove you do know the code (not sure under what standard). But, even so, that represents complexity and cost that increase their costs to go to trial and can be used by a good lawyer to increase your chances of either a better plea or a dropped case.
@matthewellisor5835 Жыл бұрын
Thanks for the 2M explanation and the leads to go search for possibilities of changing the manufacturer's reset code. (Even if there's no reason that there couldn't be some other persistent code in there.) I've already started looking for someone wanting to unload a safe and I'm no certified safe tech but I've managed manipulating open a few and I'm very comfortable with dropping in a group 2 if I can get a deal on the box. For daily driver use I like LPL's definition of an adequate lock. Instead of misquoting I'll paraphrase: Will it stop a curious adolescent for the longest time that I will need to leave the firearm unsupervised?
@FFVison Жыл бұрын
1 2 3 4 5 6? That's amazing. That's the same code I have on my luggage.
@andrewharrison8436 Жыл бұрын
It's a fluke
@FFVison Жыл бұрын
@@andrewharrison8436 lol. It's a "great" Mel Brooks movie
@crestonriley64819 күн бұрын
it's factory default
@__Ben Жыл бұрын
For people with no audio, I think it's an error in the mobile apps/processing because it's working fine here.
@dack42 Жыл бұрын
This seems like an opportunity for someone to make open source safe lock firmware. If the factory microcontroller can't be used (not flashable, etc), replace it with an ATMEGA 328p or something (or do a full open source replacement board). Obviously it would need to have protections against differential power analysis and such, but those attacks and mitigations are pretty well known.
@DeviantOllam Жыл бұрын
it may be an "opportunity" in an academic sense, but as far as a market opportunity, that'd be a tough business decision, since sadly i think a lot of customers wouldn't understand the value or the work that goes into it
@dack42 Жыл бұрын
@@DeviantOllam oh, yes. Definitely not a business thing - a hacker/diy thing.
@jameskelly16806 ай бұрын
This guy regularly gives Ted-Talk quality videos. Fantastic!
@oseansoldier Жыл бұрын
I’m definitely thinking about replacing my lock with a mechanical one. I got a Liberty safe earlier this year and am now regretting it.
@cheebees Жыл бұрын
Nice you mentioned Runkle. Just watched him on with Rekieta.
@Tomeccho Жыл бұрын
The name familiar from hearing him mentioned by RantingMonkey. Same dude? I've not seen him myself on any livesteam or podcast that I recall. Rekieta I've been subbed to for years. A+ guy.
@marcogenovesi8570 Жыл бұрын
Yeah nah, we go from one "trust me bro the safe is safe" to a "trust me bro I deleted the backdoor code from record". Let the mob drag them through the coals, they earned this and must become an example to guide other manufacturers.
@gluuuuue Жыл бұрын
When they say they’ll trust literally anyone more than they’ll trust “the federal government”, some of them really take it to heart and die on that hill. 😆
@lililililililili8667 Жыл бұрын
Backdoors are a conspiracy theory we only install doors on the front of our safes.
@r2db Жыл бұрын
Unless their code is open-source it would be impossible to determine if there was another backdoor, but we know that they would not agree to releasing the source.
@RichardCranium321 Жыл бұрын
Their owners donated the MAX AMOUNT to "Fetterman for Congress" just within the past year... let them burn. I hope they get slapped with a class action lawsuit from their customers.
@marcogenovesi8570 Жыл бұрын
@@RichardCranium321 ah yes probably the most radical anti gun proponent around. Makes sense they would immediately triple backflip for the feds.
@matthewhicks6089 Жыл бұрын
Absolutely y I love this & ur content. People literally offended about their privacy (well placed), but completely unaware of the world we've lived in since datamining was the responsibility of manual investigators at the credit rating businesses & not evaluating the costs & work for more than simple security theater.
@mycosys Жыл бұрын
Are you really attacking people for not being able to see past a concerted propaganda campaign with no help?
@matthewhicks6089 Жыл бұрын
@mycosys You need to specify the Info Op you are referencing. I was referencing that as early as the 1820's w/ Tapan & definitely by the Woolford's in 1899 there had already developed a market & serious incentive for the disruption of individual privacy rights via businesses & government. Fast forward through WW2, the Cold War, Web Search companies, Patriot Act, & now the Social Media era & Im simply continually flabbergasted that people do trust S&G et. al. to not regularly participate in this activity. They are simply behaving par for the course across a large cryptifascist dataming socioeconomic landscape.
@johannajohnson4069 Жыл бұрын
This is funny to watch because I remember 20 years ago working on ATMs, we had a couple guys in the refurb shop who could call Mas Hamilton to get safe codes. (Plus other mechanisms of entry like the dialer behind you).
@DeviantOllam Жыл бұрын
Yes on the SenCon electromechanical safe locks, that may be possible.
@DeviantOllam Жыл бұрын
Oh and yeah back then if they were calling Mas Hamilton, that would have been the old Soft Drill auto dialer! Super amazing and sadly no longer exists.
@tweake7175 Жыл бұрын
one of the issues we had here, despite our privacy laws, was a company had to hand over ALL of their firearm client data to the police. as that was evidence in the case, it was handed over to the lawyers who passes it onto their clients the local gang. how long before something like that happens with the reset codes. don't need to hack the manufacture for the code list, the police might just do the job for ya.
@jerrykinnin7941 Жыл бұрын
Im a professional trucker. We have E logs dipatch apps cutomer apps routing maps. Prepass and pikepasses those scale houses have radiation hot wheel bearing, low tire pressure sensors That take a picture when you go through checking for seatbelt handheld phones, licence plates, Pre weigh to trip bypass or big scale arrows. Im almost certain that its all time stamped. We had a driver his ex had the cops put out an apb on him For something she said he did. He was at work at the time. The best advice i have is Its best they don't know you. Which is getting harder to do.
@randygreene5977 Жыл бұрын
I am changing my locks to the SG 6631-004.. Group 2M 4 digit. That should give there auto dialer a good workout
@camronbay1 Жыл бұрын
One good choice.
@gluuuuue Жыл бұрын
I still remember the Clipper Chip from the '90s. The government will always try to have backdoors for their own convenience.
@aquahoodjd Жыл бұрын
I was a KY Assistant Attorney General and Montana Deputy County Attorney both criminal division but live overseas and am a dual national.
@792slayer Жыл бұрын
My guns are largely not stock. When I finally buy a large safe, I'll be taking some of this advice and upgrading it.
@taiiat0 Жыл бұрын
cheers. People do indeed need to be more aware of the World around them. it benefits us all for more People to be.
@patrickheim7682 Жыл бұрын
Great factual, balanced, and level headed analysis.
@alun7006 Жыл бұрын
Fascinating as always! I wonder about the car datamining thing in Europe. GDPR is quite wide-ranging but I wonder if/when it'll get tested as most seem oblivious/indifferent to the practice of data harvesting.
@mycosys Жыл бұрын
The page that mentions those things (sexual orientation and activity) says they would only collect that information direct from the customer themselves in the next column, i presume its some sort of promo that they did to try and get in with some community. Being misled by people with agendas from both sides is such fun
@franklyanogre00000 Жыл бұрын
Thanks for the intelligent followup explanation.
@gluuuuue Жыл бұрын
Re: Slowing Down Attacks In computer security (RSA, other public key systems, ECC, quantum security), the basic principle in most, if not all, digital security is how long or difficult a task you make an attacker with zero knowledge have to take, and how many resources it requires. It's all relative.
@ryshellso526 Жыл бұрын
"Encryption".
@Tomeccho Жыл бұрын
Make the hassle outweigh the reward. Works 99% of the time unless the attacker is one of those who does shit 'just because' and enjoys the challenge. I've got friends that have gotten into a lot of places they shouldn't have simply because it was hard to do, so they had to try. Zero reward except the accomplishment.
@GamesFromSpace Жыл бұрын
At the low end, it's "age of the planet", when you do things properly. More securely, it's "heat death of the universe". Of course, this assumes computers don't improve in the next few billion years while you're brute forcing it...
@biocode4478 Жыл бұрын
19:26 The cops literally burned a house down where a fugitive snuck into to get him out and fought to tooth and nail to pay nothing to the owners who didn't even have anything to do with anything. They don't "have" to do shit.
@reikyfoxxe1847 Жыл бұрын
This is a very good thing, it has opened up a lot of peoples eyes to digital security I hope.
@Scotty_in_Ohio Жыл бұрын
at my last house I had a safe installed and I received from the installer the full docs around the S&G lockset it came with - the installer showed me what is being described in this video. The situation still doesn't "sit well" with me and I'll be looking to obfuscate that part of my safe setup. at the end of the day it's only about adding time to the attempted threat.
@MAlanThomasII Жыл бұрын
Yeah, a subpoena like we're talking about can't demand the contents of your mind, just objects and data stored in objects, like physical documents and files on a hard drive. And a warrant allows officers to search for physical objects but doesn't compel you to talk. And there's a whole thing I haven't read up on in years about when a subpoena runs into the Fifth Amendment rule against self-incrimination because your ability to access an object via something you know might incriminate you. I'll definitely look for a refresher from a lawyer on that. The traffic stop bit is interesting, because there's limits on traffic stops that don't normally apply when showing up with a warrant, so it might be useful in that one specific instance.
@codyhemus7718 Жыл бұрын
This is good, they acknowledged they messed up and have provided a clearway forward and are taking it.
@theKashConnoisseur Жыл бұрын
Not really. Even IF (and it's a huge if) they actually delete the codes from their database, the same codes are stored by S&G or Securam or whoever makes your particular model of lock. As stated, this practice is industry standard. So even if they delete your code, the Feds just call the lock maker and get it from them instead. But with information being more valuable now than any other time in history, I don't believe any claims of data deletion regardless.
@turnermd1302 Жыл бұрын
This is a bit more than messing up, and if you genuinely believe they will "delete" your codes you are a fool. Liberty Safe might do away with their personal database of codes, but whoever manufactured the lock will 100% keep your codes stored nice and secure waiting to assist any three letter goons wishing to violate your rights
@pavlzachary6999 Жыл бұрын
I'd love to hear more about the Kaba Mas X07 mechanism.
@MrSmokin04 Жыл бұрын
Love your stuff brother. I'm in the Security world myself and seeing your talk about safe cracking made me wonder about X-10s. Will a brute force auto dialer attack work against that??? In my line of work, we rely on them quite exclusively. Them being susceptible to a brute force introduces the possibility of a change in security measures.
@DeviantOllam Жыл бұрын
It is not possible to brute force an electromechanical safe lock of that variety... After failed attempts, they go into penalty mode for a timeout period. It effectively makes brute forcing impossible. Not to mention, with the dial randomly jumping to other digits when you change direction, a conventional robotic dialer wouldn't be able to do anything with this.
@stupidburp Жыл бұрын
Using your right to remain silent and not providing the combination could potentially give you time to contact your lawyer and give your lawyer hours to days to review legal documents and respond. But there have been cases where people have been threatened with legal action if they refuse to provide the means to circumvent security of their property and the legal details of that under various circumstances should be discussed with a lawyer.
@djcfrompt Жыл бұрын
Remain silent, require them to produce a warrant which requires your compliance, and call your lawyer immediately. Don't let the government intimidate you into giving up your rights. ETA: Also, if threatened with arrest, force, etc., state that you are complying under threat. Preserves your objection later that your cooperation was coerced and the search was not consensual.
@M1911jln Жыл бұрын
Law enforcement will lie and make threats. Just STFU. Until a judge orders you to give them the combination, they can go pound sand.
@Aviation_Professional Жыл бұрын
I think your June 2021 video that sings the praises of 4 compaines included LIBERTY. Now that could be because of structural build, but integrity they get an "F".
@timothypryor7952 Жыл бұрын
I've started writing up liberty safes as a finding. I had to do that yesterday for a law office.
@eugenetswong Жыл бұрын
Thanks, Ollam. It's good to hear this from you. KZbin recommended this video, by the way.
@seanseoltoir Жыл бұрын
One thing that I do not like about most of the electronic safes is that they have the membrane type keypads. There are *some* keypads out there that have the more mechanical keys on the keypad (e.g. old push button phone), but most have the membrane type. I've had these keypads fail on devices over the years (even though the devices were infrequently used), so I'm extremely hesitant to put such a device on my safe... Now, if the safe had the same push button switches that the old Western Electric (Bell) Model 2500 phones had on them, I would have no qualms about that type of keypad... Those things were robust -- I've never had one of them fail and they were used a lot more times each day than a safe's keypad would ever be used... One issue with any safe though is remembering the combination... If you are not using the combination every day, it's entirely possible that you will forget it... If I'm out of the country for a month or so, I often forget things like this by the time I get back... Part of that is just memory issues from getting older, I suspect... So, you want to write the number down and store it someplace that it would be unlikely to be found by criminals (or jackbooted thugs)... Maybe written / engraved on something that is attached to the bottom of a large piece of furniture or appliance (washer, dryer, fridge, freezer, etc)?
@Remsster Жыл бұрын
With your last point. If you do write down codes or passwords, don't keep them together and also don't label them. It can be smart to purposely make them incorrect slightly in a way that you will automatically know. Like reversing number orders, leaving out Capitalization, etc....
@seanseoltoir Жыл бұрын
@@Remsster -- Agreed... Also, another option might be writing the code (possibly obfuscated) in permanent marker or engraved on the inside of an electrical outlet somewhere in the house... Or split between multiple outlet boxes... Just did a rough count of all the outlet and switch boxes in my house and garage and it was over 100... And, of course, you could always write / engrave it on something and put that in a short piece of PVC pipe with caps glued on the ends and buried somewhere in your yard...
@chemistrykrang80659 ай бұрын
Get a password manager (Lastpass etc). Not just for safe combinations, for every password. All my passwords are 24 characters of gibberish, and I don't know any of them except my work IT account sign in (have to input it manually to get into my laptop) and my LastPass master password. Proper password managers keep your data "hashed" and they cannot access it.
@chemistrykrang80659 ай бұрын
Get a password manager (Lastpass etc). Not just for safe combinations, for every password. All my passwords are 24 characters of gibberish, and I don't know any of them except my work IT account sign in (have to input it manually to get into my laptop) and my LastPass master password. Proper password managers keep your data "hashed" and they cannot access it.
@chemistrykrang80659 ай бұрын
Get a password manager (Lastpass etc). Not just for safe combinations, for every password. All my passwords are 24 characters of gibberish, and I don't know any of them except my work IT account sign in (have to input it manually to get into my laptop) and my LastPass master password. Proper password managers keep your data "hashed" and they cannot access it.
@ibex485 Жыл бұрын
Beergut putsch is the perfect way to describe it. Sums up the intention, the seriousness of what was attempted, and the ineptitude.
@tyler_racing Жыл бұрын
Great video. Thank you very much! It’s hard to find a discussion anywhere online about which group 1 combination locks are recommended. I watched that part of your video several times and learned a lot. Thank you
@Bostonaholic Жыл бұрын
Thanks for all of the great information. I do know that the ProLogic L01 by Securam is an upgrade option for some Liberty safes.
@jackpestaner6925 Жыл бұрын
Great walk thru the plusses and minuses of mechanical versus electronic, thanks Dev! Curious what you think about the Kaba Mas X10/X09....hard to imagine the GSA has backdoor access to its own locks, but maybe not?
@DeviantOllam Жыл бұрын
Oh yeah, we have a number of X-09 and X-10 locks on containers around our offices. They're pretty solid, and quite well-made. (I'm certified on the Kaba and S&G FF-L-2740 locks under the GSA and DoD lock program) I even have some original X-07 locks on display in our spaces. Just stay away from the X-08 units which had a high failure rate, heh.
@wreckingpress7080 Жыл бұрын
I worked as a tech under contract for a cash machine company and if that electronic lock, which one time it did on a service call, it was simply a corded drill with a 1/4 bit, a ruller and some oil and 30 minutes later it's open. It just had to desroy a pawl on the inner mechanism and it can be opened.
@EyeKnowRaff Жыл бұрын
I was waiting for your take on this. Thank you.
@Adam.NavyVet Жыл бұрын
Great informative video. You make many excellent points and suggestions about how we can actually improve the preservation of our data. Making it harder and taking more time and resources is important. Easy to watch and understand. Thanks.
@marcogenovesi8570 Жыл бұрын
That's cool, it's been master codes all the way down
@CurtisThomas-x3y Жыл бұрын
“Sometimes your purpose in life is to serve as a warning to others”
@UCp6Q6LE7IYCO Жыл бұрын
i love the long form videos! thanks for them ❤
@panopticemu Жыл бұрын
it depends on the jurisdiction but at least in some places warrants can be worded in such a way that you're required to give access to anything inside safes etc, and refusing to do so is seen as failure to comply with warrant... just fyi
@allenshepard7992 Жыл бұрын
Update: Armed Attorney's Legal review and opinions - Liberty safe & third party information - kzbin.info/www/bejne/aaWbqYOIdsaEqq8
@robertboudrie2234Ай бұрын
Deviant - how about getting a Taylor Phoenix through your connections and showing how the vast majority of quality name brand electronic safe locks can be electronically manipulated (with the exception of GSA standard 2740-B compliant locks like the Kaba-Mas X-## or S&G 2740B locks). They even make a special version of the Phoenix only available to our betters (LE) that is in a black rather than orange case and bypasses audit features for black bag/sneak and peek operations. The "Liberty Leak" pales in comparison to the fundamental flaw of information leakage between the keypad and lock body.
@scriptles Жыл бұрын
@deviantOllam have you seen EEVBlog where the host Dave showed you how you can use an ossiliscope on the battery terminals to figure out if you pressed the right key or a wrong key in the code sequence based off the eletrical voltage difference between a correct and incorrect number based off the subroutines thats the lock calls when a button is pressed? It's a really fascinating video.
@DeviantOllam Жыл бұрын
Yep, that's differential power analysis 👍
@herzogsbuick Жыл бұрын
Moe: "Where's the key to the safe?" Curly: "I put it in the safe so I'd remember where it was!"
@KeepEvery1Guessing Жыл бұрын
Presumably, the keypad communicates which button is pressed, through wiring, to a module inside the safe that accumulates the sequence entered, and compares it to the legal codes, and decides whether to unlock the safe. This would seem to provide and opportunity to intercept (within the secure volume) the key press information, and permute it (or worse, ala Enigma) before passing it to the lock mechanism. Then, even if an attacker knew the manufacturer's reset code, he would need to pre-un-permute it, requiring him to know the permutation. This seems to be an amelioration of any back door codes, though it makes you vulnerable to failure of the permutation module. Also, this would invalidate the supply current measurement during code ROM read out attack, since knowing the codes doesn't keep you from needing the permutation. If there's a wire per button, such a module could be completely passive. If the front panel encodes the button and sends it serially, the module would need a micro processor to receive the code, permute it, and send it to the back end. But with enough GPIO pins the permutation could still be set with jumper wires, denying the opportunity for programming software to have been compromised. Do you think that there's a market?
@dbackscott Жыл бұрын
“Be a good person. Try to stay off the Fed’s radar…” Like that’s stopped them before.
@bosstowndynamics5488 Жыл бұрын
Nothing is a panacea, but it's still worth reminding people that you have the *option* of not antagonizing the feds. That might not be the right choice under any given circumstance, and it might not be good enough/they might come after you anyway, but it's still an option that decreases your exposure
@dbackscott Жыл бұрын
@@bosstowndynamics5488 fair point.
@bobthecannibal1 Жыл бұрын
@@bosstowndynamics5488 That's not how this country works. _They_ work for _US._ That constitution is a 4 party social contract between "We the People" and the three branches of government we created and delegate authority to, in order to secure our liberty and provide for our common and collcetive good (Doing the things that individuals and/or small groups can't do because of economies of scale.) They need to be reminded of it as much as possible. "Don't complain or they'll trample all over you and your rights" is the wrong attitude. That's the time you stand up high, raise your middle fingers higher and say *_"Don't tread on me,_* because I'll bite a motherfucker."
@Robert-Wilson Жыл бұрын
Heck just watching videos such as this probably got us on a list.
@caseydoherty7160 Жыл бұрын
20:00 ish ...usually the warrant will authorize the search of any place where the evidence sought could be kept. The warrant won't distinguish between a safe owned by another person but kept in the place to be searched. expectation of privacy and possessory rights are more of a consent search issue.
@DanMaker Жыл бұрын
Liberty Safe is based in Payson Utah. In Utah, don't look to state law to protect consumers, Federal law is usually more protective.
@randysmith9636 Жыл бұрын
I have two old Browning safes from the 90s. One smaller long gun safe and the big boy is for "other" important items and handguns. The plan is to build the new house next year with a safe room. Is the walk in safe doors as good as a typical safe? For the record, building a fire proof (within reason) room 10×12 is not for the faint of heart.
@lyfandeth Жыл бұрын
Don't know where you got the "agonized liberty" picture from, but that can be a comment on SO many things. I'd like to use it on T shirts. You make it, I'll buy one.
@saltyroe3179 Жыл бұрын
I wish I had dad's 1956 Buick Special.
@OrginalDravas Жыл бұрын
Do they have a lock with a clutch that if it spins to fast it disengages the lock?
@andrewharrison8436 Жыл бұрын
Sneaky - I like it. The mechanical equivalent of the increasing timeout after each failure to the next trial on an electronic lock.
@LogicalNiko Жыл бұрын
One of the upsides of most of the privacy laws that do exist is that they are setting the rights upon the individual. This means that even if the company is not itself located in California (for example) the fact that they sell to California residents, and do business in California, makes them subject to the law. Technically if they didn’t mind withdrawing from sales in the state of California they could ignore the law, but I don’t think they would do that. Secondly as it’s not cost effective to produce “right to be forgotten” policies for each state and the EU you can generally bet they will just enact their procedures for any customer.
@mpioman9885 Жыл бұрын
I'm inclined to agree with Dev on the preference for mechanical locks. It's often said good security is a tradeoff for accessibility. Losing some advanced functionality such as multiple user codes or ease of use seems like a reasonable tradeoff to remove a low hanging fruit attack vector that an unwanted third party may exploit, situationally dependent of course.
@weaselodooms Жыл бұрын
Never been more glad to have an old 1905 bank safe with no keypad. You need 2 keys and a 4 digit dial lock number...
@DeviantOllam Жыл бұрын
That's really cool that you have that
@Moose_338 Жыл бұрын
This is prime time to buy a safe on the cheap used if your okay with the issues lol
@55seddel Жыл бұрын
What if someone wanted to go absolutely insane with safe security? Top of the line with the absolute billy badass mechanical lock.
@DeviantOllam Жыл бұрын
S&G 2937 - list price is about $800, although as a dealer I can get them for closer to 500. This is the current generation, still in active service, DoD weapons container lock
@iwt2byrfreak Жыл бұрын
I have a question a friend asked me, he and his best friend both bought the same model Liberty safe, at the same, and live across town from each other, would it do any good for them to switch locks with each other.
@Tomeccho Жыл бұрын
Going off what was said, if I understood correctly, if the locks are the same nodel, then they will have the same master and MAC codes. If you wanted delay, and trusted your friend explicitly, then your safe being at his place, and his being at yours, so neither safe is in the possession of whoever address is on any search warrant, would slow down proceedings. Just make sure you don't know eachothers codes, for plausible deniability.
@somedaypilot Жыл бұрын
when we got our mechanical lock RSC, it came with a combination that had been set by the local Liberty distributor. Is changing that as easy as installing a new lock?
@Jesses001 Жыл бұрын
I never really found mechanical locks THAT much more difficult to use than electronic, so I just have manual for everything. Maybe people access their safes more often than I? Like they open their safe 5 times a day or something? Anyway, any lock can be broken into, but they should at least have to work at it, or call a specialist to do it.
@dalemurry8623 Жыл бұрын
Sounds like a digital to mechanical swap would be an excellent presentation for SaintCon this year... just saying.
@Smrts955 Жыл бұрын
On the auto dialer can you set digits for it to try first like birthdays, and anniversaries the person might have used as a combination
@allenshepard7992 Жыл бұрын
I always learn more than I expected to. BTW Lock Picking Lawyer who lives near Richmond VA, showed an auto dialer. Does anyone know - if the authorities have to destryo a safe who pays to replace the safe? Is it like doors - they are allowed to break it to get in with no compensation ?
@delta3244 Жыл бұрын
I'm fairly sure they do not need to compensate broken safes, but I don't know for certain.
@jonathanbailie Жыл бұрын
"Small bits of isotope on the end of a rod, trying to look through your safe" .... Please, do tell! 😲 😆
@jdmillar86 Жыл бұрын
basically xraying the lock, but since you can't really get an x ray machine inside the safe, you use a little bit of gamma emitter that you slide into the safe. then a fluoroscope or whatever to look at.
@GJToken11 ай бұрын
With the proliferation of stepper motors, SBC's and the like, i wonder how easy and cost effecting a home brewed version of that AutoDialer would be?
@prehnRA Жыл бұрын
Complying with cops/feds absolute doesn't stop them from trashing your place. They're going to trash it either way. They'll punch holes in your drywall for fun and then claim they were searching for drugs in the walls. Just keep your mouth shut.
@svbarryduckworth628 Жыл бұрын
Nice video. Car? We don't even own a car and even when we did we never owned anything newer than one made in the 90's. When we rent a car or borrow one from someone we wont even plug our phones into the USB jacks built into the dash and use our own Anker 12v lighter USB charger instead. We live full-time on a small sailboat. Weight and the inability to properly secure an effective safe to anything substantial inside are things that make securing anything valuable on a small boat a challenge. And because we move constantly from state to state with the seasons replacing a CCW that is stolen is problematic when you are 1000 miles from your home state where you can legally buy a new firearm.
@tjmarx Жыл бұрын
I can't seem to find a link to the full car report on the Mozilla blog post you linked too. Specifically I'm looking for more information about the claims that automakers are acquiring • Genetic sequencing • Information about my sex life And by what mechanisms they're acquired by. I'm pretty sure they aren't putting genetic sequencers in the steering wheel, so this claim seems suspicious. Similarly, I'm pretty sure that assuming I'm not having sex inside the vehicle with a vehicle connected camera pointed at me, then it seems weird they'd somehow acquire that information. Any help on where I can find more information about these claims?
@jdiluigi Жыл бұрын
Most alarms before remote disarm were the same thing. When u left (that) job I had spreadsheets of installer codes and MACs for every brand sold in US. Im sure most of it is online by now.
@allenrusselljr Жыл бұрын
As a person who used to break into safes my advice is ditch the electronics and get a mechanical. I found work arounds for a variety of brands. They were in the price range of 750-2000 dollars new. Most of them i could open in under 2 minutes without cutting/drilling/damaging. A couple brands would require me to make 2 visits. One to retrieve a number in order to purchase a "backup failsafe key". One brand i remember only had a dozen different keys. In theory i could buy them all for 1200 cash and have them in my collection or just buy the needed one for 100 bucks. I later discovered a unique lock pick available overseas that would open these safes. Ive never seen the tool in the US. (Pop your digital keypad off and see if theres a strange key hole behind it) Safes just slow someone down. With enough research and brain power they will open it. Just like your front door lock will keep honest people out but anyone who wants in will get in. For anyone curious i was not a burglar or thief. I was someone who enjoyed hacking and knew people who were willing to pay for discretion . Unlike a locksmith when i unlocked it i didnt open the door wide and look inside.
@PraxZimmerman Жыл бұрын
I would never keep anything incriminating in my safe. Just my 100lb collection of loose thermite.
@BTheBear Жыл бұрын
I had a capacitor failure on the electric S&G on my Liberty safe back in 2014. I replaced it with a mechanical lock for exactly the reasons above and the failure mode pissed me off.
@tiagotiagot Жыл бұрын
Are there mechanical models with long enough combinations to make autodialers unfeasible, and with designs that can't be manipulated? Are they much more expensive than most common safes?
@aquahoodjd Жыл бұрын
I'm a lawyer, haven't looked this up but remember there are States laws and Federal laws....so there are two sets to check out and there are so many criminal laws that a NGO trys to keep track of all the criminal charges in the federal code, it's a challenge. I'm not actively privately practicing but will be back in the "active" KY list but am active in FIVE federal court to the Supreme Court. Would be an interesting research idea. Perhaps, I'll do it and dump you the results.
@livthemdns Жыл бұрын
I've been thinking about this for a few days now. The thoughts that are still bouncing around in my mind: - STFU is still the best advice ever :) Whether someone else gives them the manufacturer's code or they have to do a destructive entry, they'll have one more hurdle to overcome in proving that you knew the combination to that safe and that it wasn't just on the property under someone else's control. - While there may be a lot being made of this, it actually might be as simple as them having a kinda stupid (but not totally stupid) policy and a legal department that should have done a better job. From what I've seen, their policy is to snitch when presented with a warrant for the property, meaning that authorities did have to at least show probable cause for the search, but didn't have to go the extra step of seeking to legally compel Liberty to give up the goods. Their legal department should have done better, but it sounds like there was at least some bar the cops had to reach. I'd be curious what the bar is for other safe manufacturers and component suppliers... how cozy with the feds does S&G really want to be and are there any entities that will simply give up the goods for a mere request from law enforcement? Just because Liberty had a shitty policy and that showed its head here doesn't mean that there aren't entities out there with worse ones that we just don't know about. - As bad as this is, it's worth noting that the feds seem to have gone to some effort here to minimize the damage caused by their search and avoid a destructive entry on an expensive safe along with all the mess that it would cause to the surrounding property. I actually wish they would lean into this more and try to avoid causing damage when serving search warrants. I have to wonder why authorities took steps to avoid damage on some caught-on-camera J6 dingus while showing such a high degree of blatant malice when executing the search warrant on Missy's apartment for her doodily-do. Again, I'd actually prefer that the authorities in both cases took measures to be somewhat tidy in their search; 4A specifies search and seizure, not search and destroy.
@christopherreed4723 Жыл бұрын
A "seizure" under the 4th Amendment can include a rather wide range of actions, many of which don't fall under what your average person would consider a "seizure". For example, if, as an LEO, I detain someone, I have just made a "seizure" under the 4th Amendment. I have also made a "seizure" if I use force against a person, for example by shooting them. That means I *must* have a certain level of suspicion that the person committed a crime in order to perform those "seizures". For a use of deadly force in the US the threshold is generally a "reasonable suspicion" that the suspect's actions pose an *immediate threat* of *death or serious injury* to the officer or others. Except when the use of deadly force on a fleeing suspect is concerned, where "probable cause" is required. This comes about due to the 4th Amendment's protection of "...persons, houses, papers, and effects...", and various courts' rulings that a use of force amounts to a seizure by the government of the subject's person. One could argue that the destructive opening of a safe is a seizure of that safe, since that action has deprived the owner of its use, and therefore subject to a determination of objective reasonableness. If the destructive opening is found *not* to be reasonable, then there are implications for any evidence obtained, as well as for potential compensation.