I just had a discussion with my father and with my granny about security issues ignated by the previous post.

My father and my granny say that one should not spread the information about a vulnerability and the way it may be exploited. One only should say that there is one and that one should change something and what to change.

I think in the contrary that when I do not tell how to exploit a big security hole no one will give it trust. Everyone will say that it is only a hoax and not truth because fixing the potential security hole is very expensive (to fix the security hole from the previous post you need to spend 100Eur or more).

I ask you for comments and statements about that. Also links to pages dealing with this problematic.

Yesterday on HackADay there was a post linking to lock bumping. A very interesting technique for opening most of the current door locks.

It is a security vulnerability that is so severe because it is so terribly simple that it looks nearly like magic. A guy inserts a self made key into a lock, hits it with the head of a screwdriver and the lock pops open. Having only 10 most common bump keys you can open about 90% of the current door locks.

You can see a full video about lock bumping on the Toool home page here recorded on WTH this year. There is also a list of locks that are not vulnerable to the bumping attack.

I really encourage you to check if your door lock is vulnerable and get a new one if you can. The only real problem is that there are not many good lock under 100Eur level. But everyone knows how much security is important for him.