@d4b81373 Back in like 2015-2016, my employer was running a public event at Defcon. We had most of my collection of locks there (a couple hundred). People were learning how to use a paperclip (iirc) to open handcuffs that were double-locked.
At some point, a random attendee had it tight on their wrist, double-locked, and snapped off the paperclip inside. They tried to open them with a key, no luck, it just jammed things worse. They tried to shim/etc., still no luck since double-locked.
Thankfully, my friend Brandon was able to work out the piece of paperclip with another tool (a lockpick or something, I don't remember what), and got the key to work. But it took like 10-15 minutes, as people higher and higher on the Google org chart were coming to see how things were going.
It was incredibly stressful!
These days, when I see handcuffs at an event with the public, I strongly warn people off. If you know the risk, sure. But I sure wouldn't want to send a random person to the hospital..
(I don't remember what type of cuffs they were, they're still in a box downstairs, but the downstairs is firmly under the spiders' control right now)
In case anybody needs to hear this: PLEASE don't bring or provide handcuffs to lockpicking events. We once had somebody break a shim inside the mechanism during an event, which jammed it shut so even the key wouldn't work. We fortunately got it sorted, but it took way too long.
You really don't want to be sending somebody to the hospital during your event!
#lockpicking #locksport
IMO, ../ was a mistake. It causes too many bugs. Once you enter a folder, you shouldn't be allowed to go back. Oh, you went to the wrong folder? It's your home now. Deal.
#infosec #vuln #pathtraversal
Oddbean new post about login | logout
Notes by Ron Bowes | export