<p>Here is the full article if you can't access the link:</p>
<p>
[quote]
Posted on Tue, Aug. 31, 2004
Laptop locks easily picked</p>
<p>Leading models offer little security</p>
<p>BY JULIO OJEDA-ZAPATA</p>
<p>Pioneer Press</p>
<p>Marc Tobias played laptop thief one recent evening, showing how easily several leading anti-theft devices can be defeated using simple materials such as a ballpoint-pen barrel, thin piece of plastic or cardboard tube.</p>
<p>Such news is sure to set off alarm bells at corporations and on college campuses at a time when portable computer sales have outpaced those of desktop versions and when laptop security is a hot issue. This has made locks sold by companies like Kensington and Targus commonplace.</p>
<p>But according to Tobias, a Sioux Falls, S.D., attorney and lock expert, some of the leading lock models have design flaws that make them absurdly easy to pick.</p>
<p>The devices' vulnerabilities vary, but Tobias demonstrated how they often can be exploited in short order. A Pioneer Press reporter replicated two of Tobias' procedures using Kensington and Targus locks the newspaper purchased independently.</p>
<p>Tobias' bottom line: While laptop locks costing less than $50 aren't intended to be burglar-proof, the ease with which leading models can be defeated contradicts makers' claims that the locks offer a reasonable deterrent.</p>
<p>"Kensington notebook security locks, like many other categories of lock
are meant to be strong deterrents to thieves (both casual and professional)," the firm said Tuesday in a written statement. "Kensington stands behind our locks as a deterrent to notebook theft."</p>
<p>Tobias' revelations, documented on his Web site <a href="http://www.security.org%5B/url%5D">www.security.org</a>, come as Targus and other firms are marketing laptop locks to college students returning to campuses this month.</p>
<p>In an Aug. 17 press release, Targus said of its Defcon CL combination lock: "Theft is no stranger to college campuses, and a cable lock is a wise investment for any notebook-toting student."</p>
<p>But the Defcon CL is simple to crack using a thin piece of paper or plastic to probe the device's four thumbwheels and glean its combination. After seeing Tobias demonstrate this with his Defcon, a reporter cracked a separately purchased Defcon in minutes.</p>
<p>Targus did not respond in detail to interview requests on Tuesday.</p>
<p>But one laptop-security expert said he will stop touting the Targus lock after learning of Tobias' findings.</p>
<p>Gregory Evans, author of "Laptop Security Short and Simple" and a laptop-security instructor at several Los Angeles-area colleges, said he planned to revise his book and e-mail tens of thousands of his readers and students about the Targus lock.</p>
<p>A Kensington key-based lock also has proven simple to compromise using a ballpoint-pen tube or cardboard tube that simulate the small keys' rounded shape. A reporter was able to free a laptop from its restraint in seconds.</p>
<p>Tobias, author of "Locks, Safes and Security: An International Police Reference," is a lock-picking authority. But he credits Matt Fiddler, a Connecticut security consultant, with discovering the Kensington key-lock vulnerability and bringing it to his attention at a security conference earlier this summer.</p>
<p>Fiddler, an amateur lock pick, said locked-down laptops in a large office caught his attention during a recent security sweep. Rummaging in a desk drawer for anything tubular, he found the right kind of ballpoint pen.</p>
<p>"I popped a lock in a few seconds," he said. "It was just kind of the 'wow' factor. I tried another and another and another."</p>
<p>Fiddler's discovery has profound implications for portable users because Kensington locks are widely used. Top laptop purveyors such as Apple Computer, Dell, Gateway and Hewlett-Packard sell them on their Web sites. Tobias has been contacted by companies that have deployed thousands or tens of thousands of the cables and are now worried they wasted their money.</p>
<p>Laptop thefts constitute about 48 percent of all computer thefts, followed by desktops at 26.7 percent and handheld computing devices at 13.3 percent, according to a computer-theft survey conducted last year by Brigadoon Software, a computer-security firm.</p>
<p>Laptops protected by a particular Kensington lock are covered by a theft-replacement warranty, but the firm's fine print says this would involve a lock broken or opened by "forceful" means. Kensington did not say Tuesday if that language would be modified.</p>
<p>A Master Lock product Tobias tested uses Kensington's key-lock mechanism, he said.</p>
<p>Tobias this week is releasing information about two other devices he recently tested, a Kensington three-thumbwheel combination lock and a Compucage product consisting of a cage-like enclosure for bolting a laptop to a desk surface.</p>
<p>He said the Kensington combination lock can be compromised using tactile pressure and visual observation. Defeating the Compucage enclosures is more straightforward: All a thief needs is a shim to open a locking bar, Tobias said.</p>
<p>Canada-based Compucage said Tuesday it is looking into Tobias' findings.</p>
<p>Tobias has tested other laptop locks. He says a PC Guardian combination lock appears to be well designed. "It's a nice piece of work."</p>
<p>Some laptop users said Tobias' findings confirm what they already suspected: Laptop cable locks alone don't represent ironclad security.</p>
<p>Andy Lax, a San Francisco public-relations consultant, said he'll probably keep using such cable locks as a "casual deterrent" but places more stock in the sturdy locks on his office door and cabinets.</p>
<p>"I'm a bit disappointed" with the cable-lock makers, said Lax, who uses the Targus combination lock, after learning of the warnings. But, he added, what do you expect for $35?</p>
<hr>
<p>Reach Julio Ojeda-Zapata at <a href="mailto:jojeda@pioneerpress.com">jojeda@pioneerpress.com</a> or 651-228-5467.
[/quote]
</p>