General Cycling Discussion - Your brand new bicycle u-lock is not safe!

kida makes you wonder what a Bic lighter is capable of doing, huh?

I have a crappy lock and now I can't write a complaint letter!

http://www.pakin.org/complaint?firstname=Kryptonite&pgraphs=3&gender=c

I am not machanicaly inclined and I was able to unlock my lock without a problem,,,

I wonder if this will work on the MASTER brand locks. I have the "Street Cuffs" made by MASTER. The key hole is bigger than the Kryponite locks and locks used on trditonal U-Locks. I tried getting into it and I was not able to but I am still worried they are copermised by this same trick.

-Lars

I wonder if this will work on the MASTER brand locks. I have the "Street Cuffs" made by MASTER. The key hole is bigger than the Kryponite locks and locks used on trditonal U-Locks. I tried getting into it and I was not able to but I am still worried they are copermised by this same trick.

-Lars
Nothing has been said about it. However due to the fact that the center pin has to pop out for the lock to release I don't think the pen trick would work.

hea, new here (just got this for this thread)

anyways, all of the locks made before 2002, 2000, one of those (cant remember which) are susposed to be much LESS vunrible to this trick, but i pulled it off on a friends lock in 5 seconds. lock was made in 2003, thus rendering it bad. as for replacements, another lock that kicks backside is the lock with metal WIRES (the tiny ones). its not nearly as good as a kryptonite, but you can get them in lots of different types of keys, or in combo. the reason they are so good is because a hacksaw will snag like hell on all the wires, but it is easily reversible by pouring a bit of hot solder on, thus making it hard and easy to cut. anyways, im keeping my eye out for anyone with a ballpoint pen that is hollowed out (i actually have one in my pocket at all times for spitwads (highschool fun) near the bike cages at my school.

I'm definitely not a lock expert... As far as I can tell, locks using flat keys with two bumpy edges like the ones used in cars are much more difficult to pick than ones with one bumpy edge and one flat edge. That's because in one, you need to move the pins in the lock to the correct location on both sides of the keyhole, but in the other, the pins that keep the lock from turning are only present on one side of the keyhole.

The car locks I have taken apart to rekey and the like (vw/audi team doorhandle products) that have dual toothed keys only do it so you can put the key in either way, there is still only one set of tumblers on one side.

(n00b who joined to post, but I do have a 25 year old Viscount!)

I own a 3' NY Chain and EV Disc Lock, that unfortunately I purchased about two weeks ago. The bic pen definately works on mine.. If you kind of vary the pressure and make the end of the tube a little jagged it works better.

At any rate, it's nice of Kryptonite to replace the locks, but with the NY Chain locks, why in the heck are they giving us a less secure lock?


Take a look at the features of the Molly Lock:
Solid hardened steel body resists common methods of attack
2" Molybdenum alloy steel shackle
Dual steel ball locking mechanism
High security 6-pin brass cylinder is rekeyable and changeable
Accepts Lori, Medeco, Schlage and American Lock cylinders

Now look at the features of the compromised EV Disc Lock:
Padlock defies bolt cutters, saws, hammers and chisels to provide maximum security
Through-hardened 1/2" (13mm) Kryptonium Steel(TM)shackle
Withstands over 10,000 pounds of pull force and 20,000 pounds of cut force
Bent foot(TM)design and easy to use pivoting shackle add strength and flexibility
7-pin, pick-and-drill resistant, tubular locking mechanism
Compact, vinyl-coated and weatherproof


The only lock they have that is even comparable as far as metal composition and thickness is the lock that comes with the NY Fahgettaboudit chain/lock combo:
Through-hardened 1/2" (13mm) Kryptonium(TM)Steel shackle defies bolt cutters, saws, hammers and chisels to provide ultimate security
New Piksafe(TM)disc-style cylinder- virtually pickproof
Steel sleeve over crossbar provides double security protection
Double deadbolt locking mechanism for extensive holding power
Integrated sliding dustcover protects cylinder
Available with a yellow shackle
Compact and weatherproof


The shackle size is smaller and of lesser quality, and there is no weatherproof coating on the molly lock. The NY Chain & Molly has an even cheaper MSRP than the same chain and ev disc lock. I'm going to call monday I guess and voice my concerns.

Even if I were to have to pay an extra $5-$10 (plus shipping even), I would rather do that than have a lesser lock. They should at least give a lock with the same features, if not a better one because of the inconvienence.


Rob K
in NC

Even if I were to have to pay an extra $5-$10 (plus shipping even), I would rather do that than have a lesser lock. They should at least give a lock with the same features, if not a better one because of the inconvienence.


Rob K
in NC
Damn straight.

Registered to post this, I am not affiliated with Kryptonite in any way.

Let’s all take a step back and look at the situation.

1. There is a major security issue with most (cant say all) locks that use the same design as the ones Kryptonite uses.
2. It is not just a Kryptonite issue. This problem could also impact vending machines, video games, other bike locks, and ANY product that uses the same design that is used by Kryptonite locks.
3. Any lock is able to be picked. It is unacceptable that a lock can be opened with a BIC. That is a major design flaw and needs to be corrected ASAP.

That being said, if I asked this forum, a month ago, what lock should I buy? How many of you would respond by saying Kryptonite?

How many readers of this forum are using a computer that has/had an OS venerability which prompted you to say “I am never using this OS again?” I expect the most of you are still using the OS with the most security holes reported.

unaesthetic,

While I thank you for finding this major issue, the next time I wish you would be a little more careful on how you release it. Your finding is causing a stir worldwide, however most people think it is just a Kryptonite issue and not a design flaw of the type of lock used by many companies in many different applications. As a result people are finding that when they return to the bike there is a BIC jammed in the lock, or worse the bike is gone.

In computer security the general “approved” practice, when a flaw is discovered, is to notify the manufacturer first and let them address the issue quietly to resolve the problem. This is done to help prevent hackers from using what you discovered. After a certain time if the problem is not resolved to your satisfaction, then you are free to go public.

I have always trusted Kryptonite to be a very good deterrent of theft. Once they resolve this major flaw I will purchase one a product from them again (assuming it meets my needs as a deterrent.).

With 11,000+ views of this thread, obviously the word is getting out. I would love a list of other forums / websites discussing this issue, anyone want to toss out some URL's?
www.onlinesportsleague.net
www.teamwarfare.com
(not confirmed, but i will make it confirmed as soon as im done with this thread) www.tribalwar.com

What about the Kryptonite U-lock with a key entry on one end of the straight tube bar? Mine is covered with yellow rubber/plastic and has a tubular key with a Kryptonite (R) mark - the diameter is larger than BIC pen - no way to push a pen up?

I had purchased one by the same description for my nephews bike...after softening the bic pen in hot water, I was able to open it....with the packaging still on the lock!

www.onlinesportsleague.net
www.teamwarfare.com
(not confirmed, but i will make it confirmed as soon as im done with this thread) www.tribalwar.com


slashdot (http://www.slashdot.org)

[begin edit]

Here is the direct link (http://slashdot.org/articles/04/09/19/0120225.shtml?tid=172&tid=1)

[end edit]

Crap, slashdot hit us two days ago! Again?!

Sad to say yes. Time to start asking for donations to cover the bandwidth issues.

BTW site handled /. quite well from what I saw.

Hi Folks,

I wanted to report back on my efforts to contact customer service at OnGuard to see if their locks with cylindrical keys are suceptible to the same bic pen flaw. I heard back from them w/in 24 hours and this is what they said:

If you have one of our locks that have the round key way we will be happy to exchange them with our European flat keys.

They are the only type that is on all of are locks for the past 2 years.

If I may ask, when does Kryptonite plan on supplying this replacement policy?

The only locks they have now with the flat key are their New York line.

Please let me know what lock you have and I will arrange for a replacement.

If anyone wants to contact OnGuard directly their email again is...support@todson.com

In computer security the general “approved” practice, when a flaw is discovered, is to notify the manufacturer first and let them address the issue quietly to resolve the problem. This is done to help prevent hackers from using what you discovered. After a certain time if the problem is not resolved to your satisfaction, then you are free to go public.

Is 12 years enough time? This reminds me of what recently happened in the network routing world with BGP. I was chatting with some friends when one of them said something about having to do a mass upgrade of all their routers because Cisco had "secretly" notified them of some "HUGE BGP BUG". Since I work for a software company that produces routing software, I of course was quite interested and spent the whole day trying to figure out what this bug was.

A day later, I found out that the "bug" was not in BGP itself but actually a vulnerability in the underlying TCP transport layer. It was the infamous sequence number vulnerability. This has been known for... well... since almost the inception of TCP. It effects much more than BGP. Exploits were regularly done in the early 1990s. An RFC specifying the use of MD5 on the BGP TCP stream was actually released to address this problem dating back to 1998 and was discussed even before that at IETF meetings since 1996. Yet, all of a sudden there's a scare. All of a sudden people are freaking out. All of a sudden, Cisco is super-secret about handing out new IOS images which have MD5 protection on the TCP stack. When I found out about what everyone was so razzled about, I felt like it was akin to someone watching the movie Titanic and then yelling out in the middle of the movie, "OMFG! You mean the ship sank?!?!"

The Bic-trick was well known in many circles for a long time. Its effect on U-lock security was initially publicised 12 years ago. I don't really think the original poster of this thread handled the notification badly given the history of the vulnerability.

Is 12 years enough time? This reminds me of what recently happened in the network routing world with BGP. I was chatting with some friends when one of them said something about having to do a mass upgrade of all their routers because Cisco had "secretly" notified them of some "HUGE BGP BUG". Since I work for a software company that produces routing software, I of course was quite interested and spent the whole day trying to figure out what this bug was.

I agree with you that 12 years was far too long to let this go unfixed, and that is not right IMO. If that is what happened.

From some of the posts I have seen on this site this appears to be new news from Kryptonite, from their statements, they did not know about this in 1992, (I take that with a grain of salt but give them benefit of the doubt for now).

I think I know about the Cisco issue you referred to. By Cisco "secretly" letting your friends know about the bug. You and your friends were able to take steps to protect yourself/networks, and do research on the flaw before it became public.

What happened with this issue was that the flaw was released to everyone in the world at the same time. Including the people that steal bikes (or hack computers).

If this major issue was given to Kryptonite first, and let them address the problem, (in a timely manner) and notify the lock owners that "we have a problem". Then I expect some posters would not come back to the bike and find a BIC jammed in the lock with no bike present.

I am happy that this issue was reported, not happy the way it was. (My Klein is in my closet now). I expect there will be a major crime spree on bikes this month because this major flaw was released before it could be addressed by the company and the customers could take corrective action in a more controlled manner.

If Krypto failed to take corrective action, then by all means, make it public.

I think I know about the Cisco issue you referred to. By Cisco "secretly" letting your friends know about the bug. You and your friends were able to take steps to protect yourself/networks, and do research on the flaw before it became public.

It was a silly way to handle it. The vulnerability had been well known by now. Exploits have been around for over a decade. These exploits were circulated pretty widely at this point. It was already public knowledge and had been for quite some time. However, the scare caused a lot of people to think it was some new problem and a problem with the routing protocol at that. This was of course not the case.

Bikedock.com has ABUS for sale online.
http://www.bikedock.com/posit/shop/manfstk.php?manf=ABUS

You can set your currency (top right corner) to
GBP Euros CAN USD AUD or DDK.

They are in Belfast, but they ship anywhere. There are
a range of ABU cycle locks, and not all of them cost an
arm and a leg.

Happy cycling,
Laura (in Sweden, not affiliated with Bikedock, but
really happy I have an ABU lock already this week.)

Nothing has been said about it. However due to the fact that the center pin has to pop out for the lock to release I don't think the pen trick would work.

It does work on the street cuffs, just use the pen cap instead and they pop open. I have not heard back yet from Master on what they plan to do with mine. I think we need to be fair here and also let people know that it is not only Krypto but every tubular cylinder.

Yeah, my friend's street cuffs is already broken (the circular part is sticking out on one of the locks, he told me it's broken when I asked.) He was using the other cuff but probably difficult to find stanction narrow enough to get frame and post in one cuff. He had an OnGuard before that which he had to cut off with a torch when the lock froze up.

I've tried many different pens and pen caps on my lock and nothing seems to work.

I did find one pen to fit the diameter. I tried for nearly 20 minutes with no luck. My lock was bout in 2000 so it must be one of the locks that is "less" susceptible to the Bic technique.

In computer security the general “approved” practice, when a flaw is discovered, is to notify the manufacturer first
going public immeadietly was the only way to handle this. If the maker had been contacted instead of going public, it still would have gotten around pretty quickly by word of mouth. and think of how many bikes would have been stolen in the weeks it would have taken the makers to react. their first instinct would have been to keep it quiet and replace as few locks as possible leaving the majority of us with no idea why our bikes are disapearing. By going public first, we were given the chance to replace our own locks quickly. or, if you couldn't do that, you would at least know the risk of using your old one (I didn't ride all last week and I got a new lock yesterday).

tim

In computer security the general “approved” practice, when a flaw is discovered, is to notify the manufacturer first

Just for the record, it was not me that said the above. You quoted the wrong person.

What happened with this issue was that the flaw was released to everyone in the world at the same time. Including the people that steal bikes (or hack computers).

If this major issue was given to Kryptonite first, and let them address the problem, (in a timely manner) and notify the lock owners that "we have a problem". Then I expect some posters would not come back to the bike and find a BIC jammed in the lock with no bike present.


For what it's worth, I spoke to Krypto three or four hours after the OP started this thread. At that time, they told me I was their second caller of the day, and that the issue had been reported to them for the first time a week previously; they had been unalbe to replicate it when it was originally brought to their attention, and so took no action. At the time I spoke to them, they were STILL unable to replicate, and asked me to take them through it step-by-step.

In my view, the week it took them to hit on a course of action should have been the week before the OP started this thread - they simply hadn't taken the time to try this in a serious way; it's really not so difficult that they should have been unable to replicate. By the time this thread was started - even if thye didn't hear about this before this month - they ought to have had their new replacement policy underway.

That said, with the exception that I think people with EV Discs ought to be getting an equivalent lock rather than the Molly, I'm pleased with Krypto's solution. I just wish they'd hurry up and DO it already!

-chris

I'm not pleased with their reaction. I have an evolution 2000 that was bought more than 2 years ago. It's useless now. As far as I can tell they would give me a coupon to buy another lock from them, if I had the receipt from when I bought the lock. I don't have the receipt and I don't like the coupon or rebate offer anyway. I think it sucks. If I have to buy another lock it will not be a Kryptonite. Fool me once,shame on you. Fool me twice, shame on me.

Does this work with the old U-locks also?

Well, I've learned more about locks and their associated shortcomings today than I thought I ever would. My New York Fahgettaboudit seems impervious to the bic hack, and I've put the chain in an inner tube which makes it a lot easier to handle as another poster advised. Good tip! My 1990 Kryptonite-4 U Lock was retired today due to my messing up an attempt to open it with a biro pen (it didn't open). Pieces of plastic and one snapped key later, it no longer opens at all. I wouldn't have used it again anyway as I don't trust it. I've written 'Bic-Proof' on my Fahgettaboudit lock... seriously though, I worry that even though my lock is safe someone may try jamming something in there just because it's a Kryptonite. I'll be double-locking as soon as I can find a good quality second lock. I've read about Abus, Medeco and some others today which I'll be looking out for.
Also found this great forum, which I intend to check out!

May my Cannondale be safe outside work next week :)

I just e-mailed Master Lock

It has recently come to my attention that your barrel type locks share the same vulnerabilities to BiC pens as the similar Kryptonite locks. I own two pairs of Street Cuffs as well as a Contracter Grade Mini U-Lock all of which can be opened in similar fashion to the Kryptonites either with the pen barrel or with the pen cap.


Movie #1: http://video.bikeforums.net/1.mov - 524KB
Movie #2: http://video.bikeforums.net/2.mov - 954KB
Movie #3: http://video.bikeforums.net/3.mov - 251KB
Movie #4: http://video.bikeforums.net/4.wmv - 3,268KB
Movie #5: http://video.bikeforums.net/5.mpg - 711KB
Movie #6: http://video.bikeforums.net/6.wmv - 605KB

I would like to information on what steps your company is taking to rectify this situation, and what options you'll be offering to your customers with the compromised locks.

I'll keep you posted with any response I recieve from them (in up to 2 business days :rolleyes: ).

This is the list of BICed locks complied from bikeforums.net and SHIFT2bikes.org. If in doubt, consider the lock unreliable. Some of the data is the lock type, some are key codes, one is the lock cylinder type. If a brand name isn't mentioned it is probably a Kryptonite. If you have another lock that you have or haven't been able to BIC (or SHARPIEed: see the SOMA lock below) email me and I'll update the list. I'll keep posting daily updates until I stop getting new data. My general advice is that ALL barrel-key locks should only be used to keep honest people honest, if you have something valuable get a serious lock and chain from a locksmith.

Good (or no one has been seccussful with this one...YET)

F#### keycode
cobralink lock
Kryptonite-4


Bad

YSE#### keycode (series keys 5130 and 5140)
KK ##### keycode
Kryptonite Evolution 2000 (full size)
kryptonite Evolution 2000 mini
Trek Kryptonite
Master U lock
EV disc lock
Yellow EV2000 disc key series KK####.
Kryptonite CDC, Key number is 5XXX, early 90's
"Schwinn"-labeled U-lock
NBA#### keycode (only 1 person was successful in opening this lock, @5 others couldn't)
Kryptonite 2000
Kryptonite Mini Evo 2000
YSE Mini
NY EV Disc lock
Evo 2000 Mini LS
Kryptonite "MegaDefender"
KryptoLok Plus
Kryptolok by Kryptonite key NBA 5122
SOMA ( http://www.somafab.com/antijack.html ) an SF company. Opened with a Sharpie Ultra Fine Point Permanent Marker.
"ACE II" on lock clynder face (picked by one person and it was difficult)
MASTER brand street cuff


I use a Riggers Chain and American #700 lock>>
G102 Riggers Chain: triple alloy rigging chain
Weissfeld (manufacturer)
Rigging Products fax 503-287-1130 (distributor in Portland)
Allied Security International (503) 281-1177 (where I bought my chain and American #700 lock)

Good (or no one has been seccussful with this one...YET)

cobralink lock



might want to put this one on the bad list:


originally from the ventoscooters yahoo group:
From: "Paul" <onefastwienerdog@y...>
Date: Sun Sep 19, 2004 1:41 am
Subject: Re: attn kryptonite & other cylinder type lock owners!


I have a 2 huge locks that are over 1 1/4" dia. with the cylinder
type lock (a Cobra links clone) and the damn pen will open it, now
I'm bumming because a stupid pen can unlock these monster locks,
Time to shop for a new lock, I have two Kryptonite self coiling
cable locks but I think that they would be easy to cut, yes/no ? The
cable is about 1/2" Dia. and use a normal flat key, I guess they
will have to work for now when I'm out and about,
Paul aka Sporty

I am glad that this issue came out with the speed that it did. The fact is, the thieves and possibly Krypto already knew about this flaw. If Krypto would have been notified without the press knowing, they would have spent months in board meetings discussing it. And then what? Would they have secretly notified every Krypto owner, while attempting to keep potential thieves in the dark?

Thanks to the concern of our BF friends, now everyone knows and we are able to take steps to protect our bikes.

Hello,
I tried, and tried to open my older style Krypto U-lock with a Bic pen and it didn't work. It appears that the diameter of the lock cylinder is bigger than on the standard Bic pen so the pen can't "get in." I haven't tried to cut and modify the pen yet, but I'll let you know later.

Hello,
I tried, and tried to open my older style Krypto U-lock with a Bic pen and it didn't work. It appears that the diameter of the lock cylinder is bigger than on the standard Bic pen so the pen can't "get in." I haven't tried to cut and modify the pen yet, but I'll let you know later.Use the cap.

Use the cap.
I believe I have the same lock, or at least one similar to the poster you are replying to. I have a Kryptolok that is about 5 or 6 years old and the diameter of the locking mechanism is slightly larger than the pen barrel. I tried the cap -- after cutting off the piece of plastic which clips on to the pocket and trimming off some excess plastic. And I couldnt get it to work. That doest mean much though. I'm still rather paranoid and I'm considering a new lock. Can anyone point me to a discussion on replacement locks or chime in on a preferred lock?

I just went out 5 minutes ago to the hardware store and bought myself a $7 brass padlock to use in addition to the NY Disc Lock that came with my NY Chain. At least now a thief will have to know about this pen trick, and also have at least a cutting tool. Makes me feel a little better.
http://www.chinrose.com/images/brasslongshackle.jpg
I can pick that lock with a paperclip in a few seconds, god forbid I have bobby pins which only speed up the process :eek:

I gave a kryptonite model # 810216 which I had bought at the home depot, however I cannot find any info as to if this lock is vulnerable or not. I have tried picking it with a few different types of pens with no success. Can anyone confirm that this type of lock is vulnerable.

There is a picture of the lock and chain at the bottom of this page.

http://www.kwiklocks.com/kryptonite/security_chains.html

Thanks

as i was browsing threw the posts again today i saw how one person had bought a Multilock padlock and said that those keys are impossible to duplicate you are completely wrong. i myself and some of my co workers are used to making multi lock keys so much we can look at your key and tell by the key. of course its illeagle but it can happen multilock key codes consist of 5 lettercodes and 5 numbercodes letters for the outside cut and the number for the inside cut. dont get me wrong mutilocks are great but any1 who has worked in a hardware store can tell if there used to it.

(for new yorkers) byclicle habitat is a rip off even though some people who work their are cool they still rip you off if you walk 3 blocks u can get a american lock for 20 bucks at mott hardware

My Mul-T-Lock has 7 numbercode letters. Maybe you have a cheaper lock or a different series? Also, the pressure points for the different ridges on the key are pretty precise. I suppose if someone wants to drag my entire bike in, still connected to the padlock and locks to some crooked locksmith and convince the simpleton that they "misplaced" the key, and the locksmith replicates the key for them, then I guess at that point, I would say you might as well keep it. Going through all that drama just to get at a bike means there's N0THING I can do to keep you from my bike. If you want it and you're willing to go through all that to get it, then you might as well just take it.

Besides that, I'd rather the security issue be me being stupid enough to lose the key than for someone to jimmy the lock with a bic pen anyday. Mul-t-Lock is awesome... sure, there are going to be small risks, but it would be ridiculous to downplay the security of a lock just because some jerks in a hardware store are a bunch of sneaks and will duplicate a key.

Also consider that if you lose the key, what's the likelihood that they'll be able to match the key to your padlock? I'd have to be stupid enough to leave the key in the padlock and walk away. And in that case, there would be no need to replicate the key. They could just turn it and unlock my bike and walk away, right?

The best insurance I have for my bike is INSURANCE. I called my insurance company several weeks ago during an attack of insecurities and made sure that they included my bike as part of the insurance I purchased. It is. But for me to go to my insurance and claim the loss of the bike, I'm sure I would have to show that I at least attempted to secure my bike. If I am using a kryptonite pen lock and it was stolen by someone with a bic pen, I'm sure they would kind of hesitate before I got the bike covered by them. But if I show them I'm making a good faith effort to lock up my bike, I'm sure the claim will be easier for them to pay out.

Koffee

Hey, I'm new to this discussion but when I heard the piece on NPR I froze. I immediately got online and searched my apartment for Bic's. I have a 2yr. old Krypto I bought @Home Despot and I was unable to get all the pins to fall into place. It seems possible (and likely) to defeat the mechanism- I'm going to wait until Wed. Krypto announcement before I decide future replacement. Word to the wise: Be real careful in trying the Bic. I got 2 pins down and it jammed. Needless to say, this renders the lock useless. I was fortunate to get it back into the "lock" position so it would again accept the key.

That being said, if I asked this forum, a month ago, what lock should I buy? How many of you would respond by saying Kryptonite?
Me. Probably most of us. (Of course, I wasn't a member 1 month ago, but let's ignore that ;-)

How many readers of this forum are using a computer that has/had an OS venerability which prompted you to say “I am never using this OS again?” I expect the most of you are still using the OS with the most security holes reported.
Debian and OS X. MS failed to address their vulnerabilities. I'll never use that other OS again. Many people who actually _care_ about computer security have also converted. The comparison to bike locks here is not very good, since there's a lot of things that "bind" you to use one OS or another. Still, most people who use Windows just aren't really that concerned about security (if they were, they'd start by turning off macros) - they're home users. Sure, they're still affected, but they worry about other things in life. Similarly, not everyone buying a bike lock is making a serious investment in bike security. Those who do, to date, have bought Kryptonite. That also explains why they are bearing the brunt of the criticism. As far as my compromised Kryptonite lock, I'll wait and see how they respond. If the response is like Microsoft's, I may never use their locks again.

While I thank you for finding this major issue, the next time I wish you would be a little more careful on how you release it. ...
In computer security the general “approved” practice, when a flaw is discovered, is to notify the manufacturer first and let them address the issue quietly to resolve the problem. This is done to help prevent hackers from using what you discovered. After a certain time if the problem is not resolved to your satisfaction, then you are free to go public.
I don't think he was the first to discover this exploit, and as the bikebiz articles and brokenrobot's recent post make clear, this wasn't the first that Kryptonite had (or should have) heard about it either.

As a result people are finding that when they return to the bike there is a BIC jammed in the lock, or worse the bike is gone.
Don't shoot the messenger here. Ultimately, the "result" is not his, but the lock companies'. Eventually, this sort of thing had to reach the public, and I will (safely) assume that you would have been hard pressed to inform as many people as quickly as has been done in the last week. (How many Apple zealots still don't know that their powerbook batteries have been recalled?) I doubt Kryptonite would have gotten the word out any more quickly that this forum managed to.

I have always trusted Kryptonite to be a very good deterrent of theft. Once they resolve this major flaw I will purchase one a product from them again (assuming it meets my needs as a deterrent.).
I have trusted them as well; however, they've got some work to do before I'll be buying another lock from them (which I may).

Sadly, you won't find my Klein outdoors unattended either. Luckily, my boss lets me take it indoors. If only every commuter could be so lucky.

just a heads up to us construction workers who use the yellow Kryptonite "flex security" mini ulocks for locking the gates and the job boxes up. i just opened up all the mini ulocks at the jobsite. the manager was dumbfounded, absolutely stunned. we just removed all the ulocks and replaced them with grade 80 chain 3/8" links and big ABUS DISKUS locks.

also note: older coin op washing machine change boxes can also be opened, with a slightly larger pen body.

There's this one type of key that you see on some filing cabinets; no teeth, but there are two channels running both sides (4 total) that key the tumblers. Does anyone know what these are called and how well they work?

Just a "modern" version of the wafer lock - not very secure, but then how tight do filing cabinets have to be? By the time you get to one, you've breached how many other locks?

found a new video that hasnt been posted here http://ractor.org/video/lock.mov

Debian and OS X. MS failed to address their vulnerabilities

OS X is no more secure than XP. The difference is that 95%+ of computer users use Windows. Hackers are not ginna spend their time hacking OS X because they can do far more damage for the same amount of work targeting Windows machines.

Why do you think Apple has so many security updates? If their OS was so secure then why do they have a security updates almost every month? With the advent of hardware firewalls on the motherboards, never opening emails from people you don't know and some anti spyware software there is no need to worry to death about security threats.

But when a person can take a simple freakin' Bic pen and open a lock that has been tauted as the world's most unbreakable lock with little effort; then yes, there is conscern on my part.

Try picking one of these locks =

http://www.medeco.com/products/products_detail_section_i.php?category_ID=26&section_ID=4

I heard this about the u-locks but hoped the ev disc lock for my $89 chain would be safe. picked it in a minute.

I actually haven't picked my cheap 15 buck krypto lock.

anyone know if the Bell locks are any different?

Try picking one of these locks =

http://www.medeco.com/products/products_detail_section_i.php?category_ID=26&section_ID=4

For the medeco, my choice for lock pick would have to be this:

Anyone know how much those hardcore med co's retail for?