Can IT confirm? - eviltoast
  • douz0a0bouz@midwest.social
    link
    fedilink
    English
    arrow-up
    70
    arrow-down
    9
    ·
    1 year ago

    I know some software engineers like that. Some of it is knowing that the companies that make iot devices don’t give a crap about security. Some of it is plain ol paranoia. Mechanical door locks can be picked does that mean you invest in guard dogs? Crime is a thing but so is misanthropy. I think we should take reasonable precautions but believe that there are more good ppl than bad.

    • Bonehead@kbin.social
      link
      fedilink
      arrow-up
      81
      arrow-down
      3
      ·
      1 year ago

      Mechanical door locks can be picked, but it must be done at the lock in plain view rather than at a distance sitting in a car while you do the majority of the work and then casually walking up and opening the door. Locks are more of an inconvenience than a deterrent, so it should be made as inconvenient as possible. Connecting them to the internet is the exact opposite of that.

      • variants_of_concern@lemmy.one
        link
        fedilink
        English
        arrow-up
        32
        arrow-down
        3
        ·
        1 year ago

        But more realistically someone robbing your house is going to ring your doorbell to see if someone is home, then just walk around checking for unlocked windows.

        • Bonehead@kbin.social
          link
          fedilink
          arrow-up
          27
          arrow-down
          1
          ·
          1 year ago

          True, but again it’s about making it as inconvenient as possible. Manually locking windows and making sure they are locked is effective. In some places they put security bars on the windows. Tall fences can also create obstacles as well.

          You won’t stop everyone that wants to break in, but you can create enough trouble to keep out most people. Making it convenient for yourself by connecting everything to the internet just makes it convenient for everyone else too.

          • tburkhol@lemmy.world
            link
            fedilink
            arrow-up
            14
            ·
            1 year ago

            You can’t ever stop someone who really wants to get into your home. The best you can do is make your home look too tedious to bother with.

            Or make your neighbor’s home more attractive. Try keeping the neighbor’s house key, neatly labelled & with alarm code, under your own doormat. Just in case.

          • BottleOfAlkahest@lemmy.world
            link
            fedilink
            arrow-up
            5
            ·
            1 year ago

            Tall fences are usually privacy fences and they can make it really easy for a thief to spend a ton of time unseen in your backyard.

              • merc@sh.itjust.works
                link
                fedilink
                arrow-up
                2
                ·
                1 year ago

                Is the fence going to have a gate, and is that gate going to be locked? If so, you better put a fence around it to be safe.

        • NaibofTabr@infosec.pub
          link
          fedilink
          English
          arrow-up
          17
          ·
          1 year ago

          Bear theory.

          My house doesn’t need to be impenetrable, it just needs to be more of a hassle to get into than yours.

          • FireTower@lemmy.world
            link
            fedilink
            arrow-up
            9
            ·
            1 year ago

            Not even that. It just needs to look like more of a hassle.

            They really just let anyone buy those signs that say you have security cameras or an angry dog.

            • variants_of_concern@lemmy.one
              link
              fedilink
              English
              arrow-up
              6
              ·
              1 year ago

              Someone mentioned to me that those angry dog signs are a liability because if someone gets bit they can say you knew you had angry dog, so it’s best just to have a sign that says dog and doesn’t mention it’s mood

              • FireTower@lemmy.world
                link
                fedilink
                arrow-up
                2
                ·
                edit-2
                1 year ago

                Might dependsl on your jurisdiction. But I wouldn’t be worried they’d probably need to prove you had a duty of care to them which you acted outside of which resulted in injuries that could have been avoided by you acting with a reasonable level of care.

                Also if you did have a duty of care to them and knowingly had a dangerous dog not warning someone of known dangers (the dog) might constitute a break of your duty of care.

                Tldr: It depends, you get what you pay for get your advice from actual local lawyers not random people on the street or the internet (like me).

      • CosmicTurtle@lemmy.world
        link
        fedilink
        English
        arrow-up
        14
        ·
        1 year ago

        I think CGP Grey has a video about this concept. It’s not so much that a mechanic lock is better or more secure.

        It’s more that it takes one person $x seconds to break into one lock.

        That’s very different than allowing a million people the opportunity to break your digital lock millions of times.

        • merc@sh.itjust.works
          link
          fedilink
          arrow-up
          7
          arrow-down
          1
          ·
          1 year ago

          It’s a different threat model.

          An average house lock is pretty easy to pick. An average picker of locks could get through in minutes. Someone who trained for years could get through in a few seconds if they’re lucky. Someone using a pick gun, willing to risk damaging the lock, can often get through in seconds. But, each individual lock is different, so you never know how long it will take to get through. Taking any more than 10 seconds to get through a door looks suspicious, so it’s very risky to try to pick a lock if you’re not willing to take a chance at looking suspicious, even if you’re a master lock picker.

          With electronic locks, if there’s an exploit for that lock and the person going up to the lock has access to it, they could get through instantly and not look at all suspicious. If there’s no exploit, the person is out of luck. The person trying to break in also doesn’t have to have any expertise. They just need access to the exploits. Also, because people are constantly trying to find exploits, there’s almost guaranteed to be a time when your lock is vulnerable. Making it worse, with an electronic lock, someone can inspect the lock one time, and then just wait for a vulnerability for that particular lock to be available.

      • PlasmaDistortion@lemm.ee
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        1 year ago

        And my smart lock alerts me when someone unlocks it. Sure it could be hacked, but it is more likely that someone will just kick the door open.

        • oatscoop@midwest.social
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          1
          ·
          1 year ago

          Picking locks takes skill, kicking down a door is higher risk of alerting someone or getting caught. Those both deter a lot of would-be criminals.

          Whereas a hack creates a situation where criminals are going to target those devices – it’s “low risk”. Any opportunistic asshole with 2 brain cells can download the hack and go around trying doors until it works.

    • Linssiili@sopuli.xyz
      link
      fedilink
      arrow-up
      17
      arrow-down
      1
      ·
      edit-2
      1 year ago

      In a meeting with a (business) customer regarding security precautions, my coworker had a great suggestion: we buy a mountain in Switcherland Switzerland, build a bunker there for the servers and hire a private army for protection. The customer liked the idea…

    • general_kitten@sopuli.xyz
      link
      fedilink
      arrow-up
      12
      arrow-down
      5
      ·
      1 year ago

      actually good mechanical door locks can only be picked by a handful of people in the world with special tools most of whom are locksmiths

      • bort@feddit.de
        link
        fedilink
        arrow-up
        22
        ·
        edit-2
        1 year ago

        the word “picked” does a lot of heavy lifting here.

        Most professional thieves won’t care about damaging your lock. It’s called “breaking” and entering for a reason.

          • AlexWIWA@lemmy.ml
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Yeah but how many people looking for a smash and grab are going to bring tools to cut through a wall instead of just going next door or through the window?

      • douz0a0bouz@midwest.social
        link
        fedilink
        English
        arrow-up
        8
        arrow-down
        3
        ·
        1 year ago

        And a properly secured network can’t be compromised by some amateur thief sitting in their car. Point was that foolproof security is a fantasy.

        • bladerunnerspider@lemmy.world
          link
          fedilink
          arrow-up
          12
          ·
          1 year ago

          I think the real point is that mechanical locks don’t track when you leave and enter your home like electronic ones do. Not whether they are better or worse than mechanical.

          • almar_quigley@lemmy.world
            link
            fedilink
            arrow-up
            6
            arrow-down
            1
            ·
            1 year ago

            A “hacker” breaking into your house is a fantasy. If some one wants in they are….breaking….into your house. Ie breaking your door or window. Mechanical or not doesn’t make a difference. It’s all security theater. However you can know the status of internet connected locks at least.

      • fishos@lemmy.world
        link
        fedilink
        arrow-up
        5
        arrow-down
        2
        ·
        1 year ago

        And those locks cost hundreds a piece. A “there is a security system here” sign would do more useful work. And a locksmith will tell you that picking is what you try AFTER you just try bypassing the lock entirely. Aka shim the door or break a window. Exactly what a burglar will do if they really wanted in. You do know that your garage door can be disabled with a coathanger threaded inside and grabbing the release hook, right? Or a jack wedged under with a crowbar, right? Or your decorative gnome in the front yard thrown through a window? Locks are a deterrent.

    • Wooki@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      1 year ago

      It’s not just poor security that’s easily hackable, it’s mainly the unreliability and frustration of having to continue to work when you get home to fix your dam light switch because it doesn’t work because it got out of sync when the microwave is turned on. No thanks.

    • AlexWIWA@lemmy.ml
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Locks can be picked, but good locks require picking skills far beyond what the average break and entry will have. They can be drilled, but that’s loud and increases the odds of being caught.

      A software vulnerability can be triggered silently and will look like you’re an expected guest.

      They’ll likely just smash the window in the back yard though so it’s a moot point