The most secure networks in the world are easily hacked by foreign states - how are businesses to secure themselves? If security is but an illusion, then American businesses must do better to expand business continuity and disaster recovery planning to deal with the real risk of economic terrorism. -Bryan
Sunday, August 28, 2005
TIME.com: The Invasion of the Chinese Cyberspies (And the Man Who Tried to Stop Them) -- Sep. 05, 2005 -- Page 1
The Invasion of the Chinese Cyberspies (And the Man Who Tried to Stop Them) -- Sep. 05, 2005 -- Page 1:
Thursday, August 25, 2005
US Air Force scrambles after privacy breach | The Register
"The US Air Force has been forced to notify more than 33,000 airmen that their personal details might have been exposed following the discovery of a computer security breach. The notification comes after Air Force personnel officers discovered suspiciously high activity on one account into a careers database, called AMS (Assignment Management System), dating back to June."
This hack was done using existing and valid login credentials....Shows the need for good multifactor authentication.
-Bryan
Friday, August 19, 2005
Exploit for unpatched IE vuln fuels hacker fears | The Register
http://www.theregister.co.uk/2005/08/19/0day_ie_exploit_fears/ "Microsoft is investigating an IE security bug amid fears that a hacker attack based on the vulnerability is imminent. A flaw in Microsoft DDS Library Shape Control COM object (msdds.dll) is at the centre of the security flap."
This problem may be partially mitigated by blocking activeX at the perimeter until there is a patch/architecture fix from M$. Now, if the exploit comes in via HTTPS (secure tunnel) forget scanning for it - I know of only one company that makes an HTTPS scanning transparent firewall at this time...not Fortinet, not Cisco, not Checkpoint...
It may be that Finjan would stand a chance at stopping upcoming exploits that are 0-day, beating the AV community to the punch...we'll see.
Still, I recommend stopping ActiveX at the border preemptively.
Thursday, July 14, 2005
Apache Security - The Complete Guide to Securing Your Apache Web Server
Apache Security - The Complete Guide to Securing Your Apache Web Server: "This all-purpose guide for locking down Apache arms readers with all the information they need to securely deploy applications. Administrators and programmers alike will benefit from a concise introduction to the theory of securing Apache, plus a wealth of practical advice and real-life examples. Topics covered include installation, server sharing, logging and monitoring, web applications, PHP and SSL/TLS, and more."
This book is a must read for anyone who maintains web security, and not just for Apache/PHP admins. The security topics and concepts are applicable in whatever environment you are maintaining. And go add Ivan Ristic's blog to your RSS feeds to stay up to date
http://www.modsecurity.org/blog/
Stay Secure! -Bryan
This book is a must read for anyone who maintains web security, and not just for Apache/PHP admins. The security topics and concepts are applicable in whatever environment you are maintaining. And go add Ivan Ristic's blog to your RSS feeds to stay up to date
http://www.modsecurity.org/blog/
Stay Secure! -Bryan
Tuesday, June 07, 2005
Personal Data for 3.9 Million Lost in Transit - New York Times
Personal Data for 3.9 Million Lost in Transit - New York Times: "CitiFinancial has begun sending letters to all 3.9 million customers advising them of the loss and offering them 90 days of free enrollment in a credit-monitoring service. Other institutions with data-loss problems have also offered free credit-monitoring services, some for as long as a year."
I think that 90 days is a joke and that a couple of years is the least that CitiFinancial should offer, since identity theft is not a temporary condition.
Since it is not mentioned in this article, I am assuming that this data was transported in an un-encrypted form.
-Bryan
I think that 90 days is a joke and that a couple of years is the least that CitiFinancial should offer, since identity theft is not a temporary condition.
Since it is not mentioned in this article, I am assuming that this data was transported in an un-encrypted form.
-Bryan
Monday, April 25, 2005
Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD
Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD: "What is BartPE and PE Builder?
Bart's PE Builder helps you build a 'BartPE' (Bart Preinstalled Environment) bootable Windows CD-Rom or DVD from the original Windows XP or Windows Server 2003 installation/setup CD, very suitable for PC maintenance tasks.
It will give you a complete Win32 environment with network support, a graphical user interface (800x600) and FAT/NTFS/CDFS filesystem support. Very handy for burn-in testing systems with no OS, rescuing files to a network share, virus scan and so on.
This will replace any Dos bootdisk in no time!"
I have been using various methods over the years to recover, debug, crack, and fix Windows systems, and I think that Bart has created a very useful tool that all admins should learn to use before they are under the gun to get a sytem back into operation. Combine this Windows Live-CD with your in-house tools like Ghost, Mcafee/Trend/SymantecAV, Winternals/Sysinternals, etc., and you will be the hero of the day. -Bryan
Bart's PE Builder helps you build a 'BartPE' (Bart Preinstalled Environment) bootable Windows CD-Rom or DVD from the original Windows XP or Windows Server 2003 installation/setup CD, very suitable for PC maintenance tasks.
It will give you a complete Win32 environment with network support, a graphical user interface (800x600) and FAT/NTFS/CDFS filesystem support. Very handy for burn-in testing systems with no OS, rescuing files to a network share, virus scan and so on.
This will replace any Dos bootdisk in no time!"
I have been using various methods over the years to recover, debug, crack, and fix Windows systems, and I think that Bart has created a very useful tool that all admins should learn to use before they are under the gun to get a sytem back into operation. Combine this Windows Live-CD with your in-house tools like Ghost, Mcafee/Trend/SymantecAV, Winternals/Sysinternals, etc., and you will be the hero of the day. -Bryan
Carjackers swipe biometric Merc, plus owner's finger | The Register
Carjackers swipe biometric Merc, plus owner's finger | The Register: "Carjackers swipe biometric Merc, plus owner's finger
By John Lettice
Published Monday 4th April 2005 13:52 GMT
A Malaysian businessman has lost a finger to car thieves impatient to get around his Mercedes' fingerprint security system. Accountant K Kumaran, the BBC reports, had at first been forced to start the S-class Merc, but when the carjackers wanted to start it again without having him along, they chopped off the end of his index finger with a machete."
Security designs must always prioritize the security of personnel over the security of objects...-Bryan
By John Lettice
Published Monday 4th April 2005 13:52 GMT
A Malaysian businessman has lost a finger to car thieves impatient to get around his Mercedes' fingerprint security system. Accountant K Kumaran, the BBC reports, had at first been forced to start the S-class Merc, but when the carjackers wanted to start it again without having him along, they chopped off the end of his index finger with a machete."
Security designs must always prioritize the security of personnel over the security of objects...-Bryan
Tuesday, March 15, 2005
SecurityFocus HOME Infocus: WEP: Dead Again, Part 2
SecurityFocus HOME Infocus: WEP: Dead Again, Part 2: "
WEP: Dead Again, Part 2
by Michael Ossmann
last updated March 8, 2005
Introduction
In part one we examined the latest generation of passive WEP cracking tools that use statistical or brute force techniques to recover WEP encryption keys from captured wireless network traffic. This time, in the second and final article, we take a look at active tools that use 802.11 transmissions to attack WEP networks."
If you thought that you could keep your WEP secure...read this and think again. Keep your WiFi in its own DMZ and consider its traffic an open book. -Bryan
WEP: Dead Again, Part 2
by Michael Ossmann
last updated March 8, 2005
Introduction
In part one we examined the latest generation of passive WEP cracking tools that use statistical or brute force techniques to recover WEP encryption keys from captured wireless network traffic. This time, in the second and final article, we take a look at active tools that use 802.11 transmissions to attack WEP networks."
If you thought that you could keep your WEP secure...read this and think again. Keep your WiFi in its own DMZ and consider its traffic an open book. -Bryan
Wednesday, March 02, 2005
High-Security Locks Are Key In Protecting Game Machine Revenue
High-Security Locks Are Key In Protecting Game Machine Revenue
By Jim Samuel
Locks are a paradox for the gaming industry. Seeming simple mechanical devices that are easy to operate and have remained virtually unchanged for decades, locks can also be one of the most difficult security devices to properly manage.
The cause of the paradox? Like most security issues in casinos, the cause is people. No matter how well a lock performs or how well it is made, it can’t be secure if its keys are improperly managed. The fact is that even the strongest locks cannot protect against lost or duplicate keys.
This is a great article that is written for the casino industry, but has great parallels in any security consideration. Take for instance, the fact that I am contracted to recover or change Windows administrator passwords at least several times per year. All I need is physical access to any system and I can own it within 10 minutes (up to 4 hours in the worst case so far). So all I need is access to the server room to own the server....right? Not quite. All I need is access to any system that is currently or has been on the network that has a valid and cached Domain Admin password. By cracking that system, I can own the Windows Domain/AD servers. It is time to get proper access control and auditing processes into place in today's small business, especially since the tools are already in place, just unused. Access control in a casino may be easier than in the average modern business - which has the better payout?....you decide, it's your money. -Bryan
By Jim Samuel
Locks are a paradox for the gaming industry. Seeming simple mechanical devices that are easy to operate and have remained virtually unchanged for decades, locks can also be one of the most difficult security devices to properly manage.
The cause of the paradox? Like most security issues in casinos, the cause is people. No matter how well a lock performs or how well it is made, it can’t be secure if its keys are improperly managed. The fact is that even the strongest locks cannot protect against lost or duplicate keys.
This is a great article that is written for the casino industry, but has great parallels in any security consideration. Take for instance, the fact that I am contracted to recover or change Windows administrator passwords at least several times per year. All I need is physical access to any system and I can own it within 10 minutes (up to 4 hours in the worst case so far). So all I need is access to the server room to own the server....right? Not quite. All I need is access to any system that is currently or has been on the network that has a valid and cached Domain Admin password. By cracking that system, I can own the Windows Domain/AD servers. It is time to get proper access control and auditing processes into place in today's small business, especially since the tools are already in place, just unused. Access control in a casino may be easier than in the average modern business - which has the better payout?....you decide, it's your money. -Bryan
Wednesday, February 16, 2005
HNS - The Threat Within - Why Businesses Need To Manage And Monitor Employee Email Usage
HNS - The Threat Within - Why Businesses Need To Manage And Monitor Employee Email Usage: "The Threat Within - Why Businesses Need To Manage And Monitor Employee Email Usage
by Jamie Cowper - Senior Technical Consultant, Mirapoint - Monday, 14 February 2005.
In a few short years, email has become a major part of the national psyche and a business-critical tool of communication. However, while companies have been more than willing to embrace the business benefits of email, they continue to remain oblivious to many of the responsibilities this new form of communication brings, particularly as it affects their employees.
"
Security starts with policies, but those policies must have sharp teeth in the form of technology and defined IT processes. And while technology can help with the monitoring and enforcement of your policies, you still need periodic user education and proof that those policies are enforced without prejudice (in law enforcement, wars, and streetfighting this is called "a show of force"). Just make sure that your show of force can survive a wrongful termination suit by having properly executed policies in the first place. -Bryan
by Jamie Cowper - Senior Technical Consultant, Mirapoint - Monday, 14 February 2005.
In a few short years, email has become a major part of the national psyche and a business-critical tool of communication. However, while companies have been more than willing to embrace the business benefits of email, they continue to remain oblivious to many of the responsibilities this new form of communication brings, particularly as it affects their employees.
"
Security starts with policies, but those policies must have sharp teeth in the form of technology and defined IT processes. And while technology can help with the monitoring and enforcement of your policies, you still need periodic user education and proof that those policies are enforced without prejudice (in law enforcement, wars, and streetfighting this is called "a show of force"). Just make sure that your show of force can survive a wrongful termination suit by having properly executed policies in the first place. -Bryan
HNS - A Simple Guide to Securing USB Memory Sticks
HNS - A Simple Guide to Securing USB Memory Sticks: "A Simple Guide to Securing USB Memory Sticks
by William Lynch - Senior Consultant for CTG's Information Security Services Practice - Wednesday, 2 February 2005."
This is a great article for every end-user who uses ANY portable media: CD's, USB, MicroDrives, etc. As well, any data on the local drives would be well protected using this same, free method.
by William Lynch - Senior Consultant for CTG's Information Security Services Practice - Wednesday, 2 February 2005."
This is a great article for every end-user who uses ANY portable media: CD's, USB, MicroDrives, etc. As well, any data on the local drives would be well protected using this same, free method.
Tuesday, February 15, 2005
Ping Identity Announces Risk-Free Trial, Pilot & Production use of PingFederate --Advanced Federation Software for Simplified Identity Federation - Pi
Ping Identity Announces Risk-Free Trial, Pilot & Production use of PingFederate --Advanced Federation Software for Simplified Identity Federation - Ping Identity Corporation: "Ping Identity Announces Risk-Free Trial, Pilot & Production use of PingFederate --Advanced Federation Software for Simplified Identity Federation"
Federated identity management across domains, sites and organizations....and the server is free until 100,000 transactions. Plenty of time to get it running and realize its value. -Bryan
Federated identity management across domains, sites and organizations....and the server is free until 100,000 transactions. Plenty of time to get it running and realize its value. -Bryan
Monday, February 14, 2005
Welcome to SmartWater Technology
Welcome to SmartWater Technology
SmartWater will provide your commercial property with a unique 'forensic fingerprint', which whilst being virtually invisible to the naked eye, glows under UV light and is practically impossible to remove entirely. SmartWater will protect individual items, especially mobile items such as laptops and phones, but it also protects the whole of your business or organisation from burglary and theft. It’s a chilling thought that the majority of theft for most organisations comes in the form of pilferage. So whilst you will be letting burglars know you’re protected by forensic coding, your staff can also be taking the message on board.
Now this is cool...permanent microdot watermarking for anything that you can imagine! Stealthily applied or overtly advertised....many possible uses. See this link for a real-life example of this in action:
http://www.met.police.uk/pns/DisplayPN.cgi?pn_id=2005_0007
-Bryan
SmartWater will provide your commercial property with a unique 'forensic fingerprint', which whilst being virtually invisible to the naked eye, glows under UV light and is practically impossible to remove entirely. SmartWater will protect individual items, especially mobile items such as laptops and phones, but it also protects the whole of your business or organisation from burglary and theft. It’s a chilling thought that the majority of theft for most organisations comes in the form of pilferage. So whilst you will be letting burglars know you’re protected by forensic coding, your staff can also be taking the message on board.
Now this is cool...permanent microdot watermarking for anything that you can imagine! Stealthily applied or overtly advertised....many possible uses. See this link for a real-life example of this in action:
http://www.met.police.uk/pns/DisplayPN.cgi?pn_id=2005_0007
-Bryan
Artists Against 419 - Is this a legit bank or company?
Artists Against 419 - Is this a legit bank or company?: "Is this a legit bank or company?
Online search tools
Have you received an offer from a bank or a security or off-shore company, or perhaps a winning notification from a foreign lottery? Want to know if they're real? If you can't find your bank on our list of 419 fake banks and lottery websites, that doesn't mean it's legit! New fakes come online every day. The following tips and tools can help you identify and avoid fraudulent banks and other fake web sites. If you're suspicious about a site, contact the artists!"
I get so many questions about suspected fraudulent emails in this category. A danger in these sites is not only from the fraudsters themselves, but from the danger of their sites being cracked and that data getting into even more criminals hands. I investigated a site recently and found several security flaws that could have been used to crack the site and potentially gain fraudulently gathered bank account data. The banks, FED's and the ISP's simply do not have enough personnel to properly attack this growing problem. See my full-disclosure post regarding this incident and the resulting discussion thread:
http://www.networksecurityarchive.org/html/FullDisclosure/2005-01/msg00893.html
Online search tools
Have you received an offer from a bank or a security or off-shore company, or perhaps a winning notification from a foreign lottery? Want to know if they're real? If you can't find your bank on our list of 419 fake banks and lottery websites, that doesn't mean it's legit! New fakes come online every day. The following tips and tools can help you identify and avoid fraudulent banks and other fake web sites. If you're suspicious about a site, contact the artists!"
I get so many questions about suspected fraudulent emails in this category. A danger in these sites is not only from the fraudsters themselves, but from the danger of their sites being cracked and that data getting into even more criminals hands. I investigated a site recently and found several security flaws that could have been used to crack the site and potentially gain fraudulently gathered bank account data. The banks, FED's and the ISP's simply do not have enough personnel to properly attack this growing problem. See my full-disclosure post regarding this incident and the resulting discussion thread:
http://www.networksecurityarchive.org/html/FullDisclosure/2005-01/msg00893.html
Institute for Information Infrastructure Protection
Institute for Information Infrastructure Protection: "The I3P Knowledge Base has been developed to support the I3P's mission to protect the information infrastructure of the United States. This web-based resource provides access to events, funding opportunities, experts in the field, and I3P initiatives. As the I3P Knowledge Base matures, we will be integrating tools for online collaboration, and other services to support the work of the I3P Consortium."
A good place to find upcoming security conference events (see the event calendar) and to see what some of the security community is thinking up for the future.
-Bryan
A good place to find upcoming security conference events (see the event calendar) and to see what some of the security community is thinking up for the future.
-Bryan
SecurityFocus HOME Infocus: Penetration Testing IPsec VPNs
SecurityFocus HOME Infocus: Penetration Testing IPsec VPNs: "Penetration Testing IPsec VPNs
by Rohyt Belani and K.K. Mookhey
last updated February 9, 2005
1. Introduction
As companies expand their presence globally, there arises a need for secure electronic communications between geographically dispersed locations. Virtual private networks (VPNs) provide an economically viable option to address this need."
All IT managers need to understand the points made in this article. The VPN can be the single most exposed point on the corporate network. Given a list of usernames, cracking the VPN is a great way to get ownership of the whole corporate LAN since most are configured for unfettered access to all devices in the LAN. And if there is a site to site VPN in aggressive mode with PreSharedKeys (PSK), then it is trivial to force the VPN server to send the PSK HASH, from which you can easily bruteforce the PSK at leisure on your own system. This can all be done without triggering any major alerts or doing noisy/detectable scans. -Bryan
by Rohyt Belani and K.K. Mookhey
last updated February 9, 2005
1. Introduction
As companies expand their presence globally, there arises a need for secure electronic communications between geographically dispersed locations. Virtual private networks (VPNs) provide an economically viable option to address this need."
All IT managers need to understand the points made in this article. The VPN can be the single most exposed point on the corporate network. Given a list of usernames, cracking the VPN is a great way to get ownership of the whole corporate LAN since most are configured for unfettered access to all devices in the LAN. And if there is a site to site VPN in aggressive mode with PreSharedKeys (PSK), then it is trivial to force the VPN server to send the PSK HASH, from which you can easily bruteforce the PSK at leisure on your own system. This can all be done without triggering any major alerts or doing noisy/detectable scans. -Bryan
Tuesday, February 08, 2005
Loren Bandiera's weblog � sussen
Loren Bandiera's weblog � sussen: "Loren Bandiera's weblog"
Loren Bandiera's weblog...some interesting NASL and other network probe and vuln experiments going on here. -Bryan
Loren Bandiera's weblog...some interesting NASL and other network probe and vuln experiments going on here. -Bryan
Wednesday, February 02, 2005
WASC Articles: The 80/20 Rule for Web Application Security
WASC Articles: The 80/20 Rule for Web Application Security: "...we'll look at a few techniques anyone can use to decrease the risk of their website being hacked. And to make it really easy you won't have to alter a single line of code!"
Some good points made in this article to quickly improve security while other improvements are being made as well. Just applying these rules does not create a healthy security implementaion.
-Bryan
Some good points made in this article to quickly improve security while other improvements are being made as well. Just applying these rules does not create a healthy security implementaion.
-Bryan
Monday, January 31, 2005
SecurityFocus HOME News: 'Thiefproof' car key cracked
SecurityFocus HOME News: 'Thiefproof' car key cracked: "
'Thiefproof' car key cracked
By John Leyden, The Register Jan 31 2005 8:33AM
Researchers have discovered cryptographic vulnerabilities in the RFID technology used in high-security car keys and petrol pump payment systems. The attack against Texas Instruments DST tags used in vehicle immobilisers and ExxonMobil's SpeedPass system was identified by experts at Johns Hopkins University and RSA Laboratories. "
Security through obscurity really is neither.... -Bryan
'Thiefproof' car key cracked
By John Leyden, The Register Jan 31 2005 8:33AM
Researchers have discovered cryptographic vulnerabilities in the RFID technology used in high-security car keys and petrol pump payment systems. The attack against Texas Instruments DST tags used in vehicle immobilisers and ExxonMobil's SpeedPass system was identified by experts at Johns Hopkins University and RSA Laboratories. "
Security through obscurity really is neither.... -Bryan
Monday, January 24, 2005
Matt Blaze's Technical Papers - Safecracking and Physical Locks - AT&T Labs -- Research
Technical Papers: "Physical Security
Cryptologic techniques can be applied outside of computers and networks, Perhaps surprisingly, the abstractions used in analyzing secure computing and communications systems turn out also to be useful for understanding mechnical locks and their keyspaces. Indeed, modeling master keyed locks as online authentication oracles leads directly to efficient solutions for what might naively seem like exponential problems for the attacker. In fact, it seems like almost a textbook example, as if master keying practices for locks were designed specifically to illustrate this class of weakness. We sometimes assume that hardware-based security is inherently superior to that based in software, but even the humble mechanical lock can be just as insecure as complex computing systems, and can fail in similar ways."
Matt's Master-Keyed Lock Vulnerability article is here
And Matt's safecracking PDF is here
Since information security and risk reduction invariably relies on physical security, it is time that infosec pushes the envelope on mandating physical security that is not based an illusion of security, but on provable security. That tape library with millions worth of intellectual property and trade secrets is sitting in a "Safe" somewhere right? Is that really safe? Probably in name only. As a great mind or two have concluded over the centuries: "security through obscurity is neither..."
-Bryan
Cryptologic techniques can be applied outside of computers and networks, Perhaps surprisingly, the abstractions used in analyzing secure computing and communications systems turn out also to be useful for understanding mechnical locks and their keyspaces. Indeed, modeling master keyed locks as online authentication oracles leads directly to efficient solutions for what might naively seem like exponential problems for the attacker. In fact, it seems like almost a textbook example, as if master keying practices for locks were designed specifically to illustrate this class of weakness. We sometimes assume that hardware-based security is inherently superior to that based in software, but even the humble mechanical lock can be just as insecure as complex computing systems, and can fail in similar ways."
Matt's Master-Keyed Lock Vulnerability article is here
And Matt's safecracking PDF is here
Since information security and risk reduction invariably relies on physical security, it is time that infosec pushes the envelope on mandating physical security that is not based an illusion of security, but on provable security. That tape library with millions worth of intellectual property and trade secrets is sitting in a "Safe" somewhere right? Is that really safe? Probably in name only. As a great mind or two have concluded over the centuries: "security through obscurity is neither..."
-Bryan
Onion Routing
Onion Routing: "Onion Routing
The Onion Routing project researches, designs, builds, and analyzes anonymous communications systems. The focus is on systems for Internet-based connections that resist traffic analysis, eavesdropping, and other attacks both by outsiders (e.g. Internet routers) and insiders (Onion Routers themselves). Onion Routing prevents the transport medium from knowing who is communicating with whom -- the network knows only that communication is taking place. In addition, the content of the communication is hidden from eavesdroppers up to the point where the traffic leaves the OR network."
Been playing around with this since a friend pointed me back to it the other day (thanks Joel). A must use for browsing around sites that you may not want to know your identity. Will setup a hardened and malware resistant tor server here soon.
And since I don't want my tor server to be used to anonymously hack other systems, ingress/egress layer-7 screening will be used even if it upsets the cyber-anarchists out there.
-Bryan
The Onion Routing project researches, designs, builds, and analyzes anonymous communications systems. The focus is on systems for Internet-based connections that resist traffic analysis, eavesdropping, and other attacks both by outsiders (e.g. Internet routers) and insiders (Onion Routers themselves). Onion Routing prevents the transport medium from knowing who is communicating with whom -- the network knows only that communication is taking place. In addition, the content of the communication is hidden from eavesdroppers up to the point where the traffic leaves the OR network."
Been playing around with this since a friend pointed me back to it the other day (thanks Joel). A must use for browsing around sites that you may not want to know your identity. Will setup a hardened and malware resistant tor server here soon.
And since I don't want my tor server to be used to anonymously hack other systems, ingress/egress layer-7 screening will be used even if it upsets the cyber-anarchists out there.
-Bryan
Sunday, January 23, 2005
On the discussion of security vulnerabilities
On the discussion of security vulnerabilities: "Is it harmful to discuss security vulnerabilities?
The debate over the open discussion of security vulnerabilities long predates the Internet and computers. The recent reaction of some locksmiths to my master keying research paper heightened my interest in this subject. Here's what one of the 19th century's foremost inventors of mechanical locks had to say 150 years ago:"
The debate over the open discussion of security vulnerabilities long predates the Internet and computers. The recent reaction of some locksmiths to my master keying research paper heightened my interest in this subject. Here's what one of the 19th century's foremost inventors of mechanical locks had to say 150 years ago:"
Tuesday, January 18, 2005
Subscribe to:
Posts (Atom)