- Foiling a chain lock with a rubber band
- Security updates for Foxit, Quicktime/iTunes
- Real dangers of PDF executable trickery
- Removing the RSA 1204 v3 certificate from Firefox
- Silent updater for PDF, critical patch coming from Adobe next week
- Serious Java flaw enables web based attack
- Widespread attack on WordPress blogs
The technique described in the article to which Bruce Schneier links, reads like what the lay person thinks of for movie scenario attacks on locks. Like bumping, it seems considerably easier than the wiggly finessing required by traditional lock picks and really does seem to deliver on cinematic notions of ease.
What I find most instructive is how this technique has continued to advance, adapting to discrete challenges presented by more difficult locks. This reminds me of the back and force story around high security locks told by Deviant Ollam at Shmoocon a few years back. The lesson is the same, anyway, that defenders cannot sit still. Attackers are always looking to reduce the cost of their attacks, magnifying the severity of risk over time.