Funfact, safe makers: It's not libel if it's true.
this post was submitted on 09 Aug 2025
184 points (100.0% liked)
Cybersecurity
8025 readers
70 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
founded 2 years ago
MODERATORS
You don't need to be a hacker to find backdoors. You just have to turn it around
"Just pop the battery and you'll find a JTAG port where you can kindly ask for the manufacturer's master key" is fucking wild
Oh but you need a password to do that. Unfortunately that password was something like 12345
If I've learnt anything from the Lock Picking Lawyer : the fancier the supposed safety feature the easier it is to circumvent.
Every time he looks at a Web 3.0 piece of junk, it gets opened even faster than any of the physical locks. It's kinda terrifying, honestly.
Like, a magnet in the right spot and you're good to go, is what I'm saying.
Gotta love the EFF. Just threw a bunch of cash to them.
If you're in the market for an electronic safe, here's a list of brands to skip:
Beyond Liberty Safe, Securam ProLogic locks are used by a wide variety of safe manufacturers including Fort Knox, High Noble, FireKing, Tracker, ProSteel, Rhino Metals, Sun Welding, Corporate Safe Specialists, and pharmacy safe companies Cennox and NarcSafe, according to Omo and Rowley’s research. The locks can also be found on safes used by CVS for storing narcotics and by multiple US restaurant chains for storing cash.
Mechanical safes only, no electricity needed, no hacking possible...just like the computers we used to use to control nukes. Which could literally only do the one thing they were designed to do and nothing else, they couldn't be hacked
they couldn’t be hacked
That sentence is a sibling to "What could possibly go wrong?"
I've worked in a heavy industry space where the "computers" were just slightly complicated circuit boards working together. No OS, no networking, nothing but circuit logic running hilariously important machines. The cabinets were locked in a small area deep in the facility that was manned 100% of the time, and were rarely accessed, so it would be a big event for anyone to interact with them. There were no windows for "someone with a clipboard" to just be waived in to mess with them.
There was no remote access, and no social engineering possible. Anyone who could work on them was well known by everyone who would be in the room. An insider threat was basically the only kind possible, but the only "hacked" output would just be a failed "off" state, which wouls be replaced.
There really are "unhackable" computerized machines out there, but only because calling them "computerized" is a stretch.
An insider threat was basically the only kind possible, but the only “hacked” output would just be a failed “off” state, which wouls be replaced.
Exactly, the computers that used to control our nukes were so old and so simple that they literally can't do anything but what they were designed to do, they require physically inserting old floppy disks and manually entering codes to access, no network access, no ability to multitask, so malware can't run in parallel with the other process...singular for the word "process" because those old computers can't multitask
now they're using modern computers that just recently got hacked with a sharepoint vulnerability...by the way, a whitelisting application that indiscriminately blocks everything that hasn't already been allowed to run would've blocked the processes of that exploit and prevented anything from happening...I actually use something like that on my windows PCs
All those prehistoric old farts in our government thought that would be an "upgrade" and then they probably just used norton to secure it because they're too stupid to research anything that might be better
If you think software devs are any better...
The more complex our systems become, the more it becomes someone else's problem. The shit I hear coming out of some of my younger colleagues is just embarrassing sometimes. And they just don't care. They couldn't be arsed doing a quick search for a solution, trying to understand things from the other side's perspective, nothing.
And then they wonder if AI gonna replace them? If you ain't using your brain, what are you there for?
I'll give you that, but I blame the public schools for conditioning kids into not using their brains
All those prehistoric old farts in our government thought that would be an “upgrade”
Even younger politicians can't be expected to have a clue about this kind of security. And younger tech people might not remember how it used to be done. You need some prehistoric tech farts to tell the prehistoric political farts what's what.
Just rows and rows of 7400 series ttl logic chips
Well, before I can read how to break into safes, I have to break into the website that says it won't show me the article without a subscription. That should keep those safes...er... safe.
Firefox reader mode did it for me. Just block js on the page somehow.
Archived link in body
Ha ha ha! Nope! Following that link, I have to click a captcha to prove I'm not a robot.
The layers of security theater are stacking higher and higher. What's next? They send me through TSA to make sure I'm not carrying a tube of toothpaste that is too big?!
Sounds like someone is trying to get randomly selected for a cavity search.
Sir, I'ma have to search inside ya asshole.
No cavities, they're a robot as evidenced by their inability to answer the captcha.
What?! How about the JTAG port?
The specialized equipment the safe maker says is needed is a Python script, lol.
Phew, how fortunate that people who try to crack safes never think to use readily available equipment. That would be a real challenge for those poor manufacturers.
but a safe that doesn't have anything digital inside of it wouldn't run a python script
I'm talking about what's used to discover the keys based on what the safe displays on the screen. The safe maker is implying you need esoteric equipment to crack their safes but really all you need is the already cracked algorithm. You don't have to get the safe to run anything.