Michael Hill’s ‘invisible’ houses get go-ahead

Michael Hills New Underground House

Michael Hills' New Underground House

Jewellery magnate Michael Hill is to get his underground houses.

We all love Michael Hill…. Do you remember the Moose Costume?  I have done security locksmith work for Michael hill, but still have not seen the moose.. Good to see underground houses still need locks and keys.

In a decision released yesterday, independent commissioners granted Hill resource consent to build 17 subterranean dwellings on and around his Arrowtown golf course.

The approval flies in the face of a recommendation by Queenstown Lakes District Council planners that the application be declined.

“We are satisfied that none of the identified possible adverse effects of the proposal has any significance … there are significant positive effects,” commissioners John Matthews and Andrew Henderson said.

Application documents show the houses are to have floor areas ranging from 367 to 700 square metres.

Each dwelling would take one of seven designs, some of which include lap pools, wine cellars, libraries, outdoor fireplaces and/or courtyards.

More than half of the dwellings would be built below a ridge southwest of the golf course. A handful would be nestled between fairways.

Mr Hill last week told The Southland Times he was looking forward to building the “world-beating” homes.

He said the design shied away from the resort-style courses that were popular in the United States.

“The Americans put a big colonial clubhouse at the back of the 18th and fill the fairways with homes.

“For me, that spoils everything. We want it to be like a Scottish course, where you see nothing. These homes will be invisible.”

Tight conditions have been imposed by both Mr Hill and the commissioners on the way occupants can use the outdoor space on the properties.

“Very stringent controls are also proposed on the use of each house site, to the extent that apart from placing outdoor furniture on a limited-sized area around each house, virtually nothing else can occur,” the commissioners say in their report.

“Use of the house lots for the normal trappings of domesticity such as trampolines, spa pools and so forth, will be prohibited.”

A spokesperson for The Hills course said further comment would not be made until the period in which appeals could be lodged had lapsed.

The ethics of lock picking and telling

In 2004, a video circulated on the Internet showing how a standard Bic pen could be used to open the U-shaped Kryptonite bike lock. The company recalled the locks, replaced newer purchases, and changed the design for new locks. Problem solved, right?

Not exactly. Despite the fact that the problem had been revealed 12 years earlier in a British bike magazine, Kryptonite had continued to sell the locks unchanged. Angry customers filed a class action lawsuit that was settled in 2005, with Kryptonite offering to replace all affected locks or provide vouchers, and compensate people whose bicycles were stolen as a result of the lock being picked.

“If you don’t make the problems public, the companies don’t fix them and the consumers buy shoddy stuff,” said Bruce Schneier, chief security technology officer at BT.

Bruce Schneier is chief security technology officer at BT.

(Credit: Schneier.com)

There’s been plenty written about breaking into the virtual locks that safeguard sensitive data on the Web. But the picking of real-world physical locks is becoming an increasingly popular pastime for some. Enthusiasts have formed sporting clubs and hold regular competitions. Security researchers write books about how locks can be broken into and show how it’s done on blogs and videos and at security conferences.

Naturally, lock manufacturers aren’t happy. They argue that publicizing the vulnerabilities causes people to panic unnecessarily and puts the public at risk by giving criminals information they can use to break door locks, safes, and other secured assets.

But, just like third-party disclosure of vulnerabilities in software forces manufacturers to acknowledge security holes and patch them quickly, lock manufacturers will find they can’t escape the scrutiny and will have to be held accountable for their products, experts say.

“The concept of responsible disclosure is well and good for new locks that haven’t hit the market yet. But that doesn’t help you when the lock is already embedded in millions of facilities. They’re not going to fix them,” said Marc Weber Tobias, a lawyer who has written a book about breaking into high-security Medeco locks called Open in Thirty Seconds and issued the original security alert on all tubular locks that included the Kryptonite locks.

Tobias will be presenting a session at the Defcon hacker conference in Las Vegas next week on how to break the key control of Medeco M3 locks by making fake keys.

Marc Weber Tobias

Marc Weber Tobias is co-author of ‘Open in Thirty Seconds.’

(Credit: Matt Fiddler)

“How does it help the consumer not to tell them that there is a vulnerability?” he said. “Medeco customers have a right to know whether their locks can be compromised.”

The issue highlights the conflicting world views of two very different groups: hackers who like a good challenge and enjoy taking things apart, and traditional hardware manufacturers who don’t want anyone but certified locksmiths testing their systems.

As the lock manufacturers’ and locksmith trade groups see it, most non-locksmiths picking locks are trying to reduce security, not improve it.

Web sites selling lock picking tools are breaking U.S. federal law, said Tim McMullen, legislative manager for the Associated Locksmiths of America.

Ralph Vasami, executive director of the Builders Hardware Manufacturers Association, said: “We believe that lock picking, obviously, is an illicit activity, even if it’s a sport. We frown on all of that, even if it’s for fun.”

The industry doesn’t need outsiders pointing out flaws with products because there is an established system in place for creating new standards for manufacturers to follow, he said.

Ralph Vasami

Ralph Vasami is executive director of the Builders Hardware Manufacturers Association.

(Credit: BHMA)

“As new technologies have become available that is what spurred product innovation and that spurs development of new standards,” Vasami said. “I think we’re a pretty nimble and flexible organization.”

However, the standards are voluntary, and new security vulnerabilities may not fit in with established procedures. For instance, Tobias said that when he informed the standards group last year that a deadbolt could be broken into with a screwdriver, he was told that the method he was using was not defined in any standard. “The standards aren’t protecting people,” he said.

Unlike with software, where patches and fixes can be downloaded quickly, locks have to be physically replaced when they are found to be vulnerable to picking. This infrastructure issue puts more of a responsibility on vulnerability researchers to not publicize the problems to the public, said Clyde Roberson, technical director of Medeco Security Locks.

“Our responsibility is to make changes when we see a change in the state of the art,” he said. “Everybody has some responsibility to not disclose things that can hurt people and that people don’t have power over changing.”

Asked how a company would know when its locks are vulnerable if it weren’t for independent researchers announcing problems, Roberson said companies should rely on independent testing agencies like Underwriters Laboratories.

“Is it a known vulnerability if people don’t know about it?” he then asked, rhetorically. “I’m not sure you need to worry about it unless people are out there demonstrating it and showing how to do it.”

Keeping a security problem secret
But that notion of “security through obscurity” wrongly assumes that keeping a security problem secret will protect the people relying on the security system.

“The assumption is that the criminals don’t know about it,” BT’s Schneier said. “Criminals know how to pick locks…The secrecy just hides the truth from the consumer.”

“The goal is to make security better. As soon as it’s not responsible to do research, the bad guys win,” Schneier said.

“(The) lock picking (industry) doesn’t get this because they’re basically still a guild–a secret knowledge kind of field, whereas computer security is always built on open knowledge,” he added. “There have been insecurities discovered by computer people-turned-locksmiths that have existed for hundreds of years.”

Lock manufacturers aren’t the only hardware makers confronting this issue. Voting machine manufacturer Sequoia threatened a security researcher who was planning to analyze a machine.

And more recently, Philips Semiconductor spinoff NXP sued to prevent a Dutch university from publishing information on security flaws in its Mifare Classic wireless smart card chip used in transit and building access systems around the world. A judge ruled earlier this month that blocking publication would violate the researchers’ rights to freedom of expression and hinder vital research.

“The bottom line is the public needs to know,” Tobias said. “Let them make their security assessments based on how secure they are told the locks are.”

Misrepresenting hardware as more secure than it actually is poses a liability problem for the manufacturer and for companies using the security system to protect their customers’ assets.

Siemens is having to change 300,000 cards that use the Mifare Classic chip as a result of the discovered security shortfalls, Schneier said.

Locksmith Scam

Locked out? Don’t fall for this locksmith scam

BBB urges consumers to protect themselves from ‘nationwide swindle’

By Herb Weisbaum
msnbc.com contributor
updated 2:32 a.m. ET July 13, 2007

Most locksmiths are honest. A few are not. According to a new warning from the Better Business Bureau, these untrustworthy locksmiths are “ripping off consumers” across the country. The BBB says this “nationwide locksmith swindle” has already resulted in more than a thousand complaints.

“We know that there are thousands more people across the country who have been victims and don’t even know it,” says Alison Preszler with the Council of Better Business Bureaus.

The BBB blames most of the problem on two companies: Dependable Locksmith (New York) and Basad Inc. (Englewood, Colo.). These two firms also operate in other major cities across the country using dozens of generic aliases, such as AAA Locksmith, A-1 Locksmith and 24 Hour Locksmith – names that are also widely used by reputable companies.

The BBB says unhappy customers complain that Dependable and Basad significantly overcharge, charge for unnecessary services, and use intimidation tactics. In some cases, the final bill is four times as much as the quoted price.

“They have made taking advantage of people who are locked out of their house or car part of their business model,” Preszler says.

In Oak Creek, Wis., Carol Pintar was locked out her car on a cold night in December. She looked in the Yellow Pages and found a locksmith in nearby South Milwaukee. They told her the price would be $35.

The locksmith arrived in an unmarked vehicle, rather than a commercial van. That’s usually the case with these dishonest operations. Pintar said he demanded payment upfront – another warning sign. But the price wasn’t $35 as quoted. It was $95.

“I did give him the money, but I really felt funny about the whole situation,” she says. “I just knew it was some kind of scam, so I called the Better Business Bureau.”

The BBB’s Alison Preszler told me, “Many victims have come to us and said they knew they were being taken advantage of, but felt helpless to argue.”

Show me the money
Noelle, who lives in Cleveland, Ohio felt that way. She asked me not to use her last name because she has already been harassed by the company. Last August, after returning to a friend’s house from a rock concert, Noelle realized she had locked her keys in the car. It was 2 a.m.

Noelle looked in the phone book and found “24-Hour Locksmith.” She called and was told the charge would be $40. When the locksmith arrived – in an unmarked vehicle – he told Noelle he’d have to break the door to get it open. “He said he’d have to use a crow bar or break the window,” she told me.

But there was a better option. For another $60, he could use a Slim Jim and pop the door open with no damage. Noelle agreed to the new fee of $100.

.Once the door was open, Noelle was told the bill was $250

“And I was like, excuse me! How do I owe you $250?”

The guy told her there were fees and service charges. And because she was going to pay by check, there was a check-processing fee. He volunteered to drive her to an ATM to get cash, but Noelle didn’t like that idea.

“He would not give me my keys back until I gave him a check for $250. I was very upset because I realized I was being taken advantage of,” she told me. But she needed to get into her car, so she paid.

A few days later, Noelle decided to visit the company, to complain in person. She found several locations listed in the phone book, but they all were bogus addresses.

A common trick
Each of these companies uses a slick trick to appear as if they’re a local locksmith. They place ads in phone directories and on the Internet using fake local addresses and phone numbers that ring at a call center in another part of the country. For instance, dial one of the Dependable Lock companies and your call will be routed to New York.

“Consumers think they’re calling a reputable locksmith and they’re quoted a price that seems very reasonable,” says Claire Rosenzweig, President and CEO of the BBB of Metropolitan New York. “Then these people show up and charge more than you expected.”

For the record: I called both companies and could not find anyone who would talk to me about the BBB’s allegations. The attorney for Dependable Locks returned my call, but would only talk off the record. His only on-the-record comment? No comment.

The bottom line
The Better Business Bureau suggests finding a good locksmith before you need one. That’s a good idea, but most people don’t do that.

So, how do you protect yourself? Be careful. Don’t pick a company at random based on an ad in the phone book. If you’re stuck in a situation where you need help right away, try to find a familiar name.

If you can get to a computer, you can check the company online 24/7 on the BBB’s Web site. If not, call a friend and see if they know of a good local company.

If you’re a member of AAA, you might want to use their locksmith service.

Be suspicious of anyone who shows up in an unmarked vehicle. Never pay before the work is done. Whenever possible, use a credit card. It has built in fraud protection. Finally, if you’re not comfortable with the person who shows up, don’t use them.

If you do get burned, let someone know about it. File complaints with the Better Business Bureau and your state’s consumer protection or Attorney General’s office.

Cutting some unusual keys

Cutting keys that are out of the ordinary…

Operating a small locksmith shop in Brisbane, Australia is never dull.  Often we get calls to cut some pretty strange keys.  Well I shouldnt say strange, just out of the ordinary.

Carpenters Rim Locks are one we dont see too often now days.  They are the ones with that look like an old jailers key.  The locks are a solid rectangular shape and are screwed to the inside of the door with the keyhole going right though.  These keys are made from cast iron or brass.  They have to be cut by hand and can take some time to do properly.   We use specially cut down files to get into the intricate corners.  1 key can take a couple of hours to create.

Newer keys are sometimes cut using a CNC milling machine.  We have specially adapted software to cut keys of different types.  A new key we have never seen can be programmed in to the milling machine computer to be able to cut a key quickly and accurately.  See an Audi key being cut here.  Most keys can be cut using the same method.  A Rotary table is used to cut keys that require angle cuts.  This is only really useful for keys that are not able to be cut on other machinery.  Companies such as Silca make great key cutting machines for a wide range of keys.