If you use a cylinder type key to lock your bike up be carefull. It is possible to pick the locks using a BIC pen in a few seconds.
Here is the details
Note this is not just a Kryptonite issue. It is a flaw in the lock design. That design is used in many different enviorments.
Here is my posting to bikeforums.net. I decided to post it here, to help avoid the /. effect (website unable to handle the traffic).
Some of it wont make sense unless you go to bikefourms.net and read the thread, however you will be able to understand the problem.
I also corrected a few grammer mistakes (but not all I am sure) in my posting.
Registered to post this, I am not affiliated with Kryptonite in any way.
Let’s all take a step back and look at the situation.
1. There is a major security issue with most (cant say all) locks that use the same design as the ones Kryptonite uses.
2. It is not just a Kryptonite issue. This problem could also impact vending machines, video games, other bike locks, and ANY product that uses the same design that is used by Kryptonite locks.
3. Any lock is able to be picked. It is unacceptable that a lock can be opened with a BIC. That is a major design flaw and needs to be corrected ASAP.
That being said, if I asked this forum, a month ago, what lock should I buy? How many of you would respond by saying Kryptonite?
How many readers of this forum are using a computer that has/had an OS venerability which prompted you to say “I am never using this OS again?” I expect the most of you are still using the OS with the most security holes reported.
While I thank you for finding this major issue, the next time I wish you would be a little more careful on how you release it. Your finding is causing a stir worldwide, however most people think it is just a Kryptonite issue and not a design flaw of the type of lock used by many companies in many different applications. As a result people are finding that when they return to the bike there is a BIC jammed in the lock, or worse the bike is gone.
In computer security the general “approved” practice, when a flaw is discovered, is to notify the manufacturer first and let them address the issue quietly to resolve the problem. This is done to help prevent hackers from using what you discovered. After a certain time if the problem is not resolved to your satisfaction, then you are free to go public.
I have always trusted Kryptonite to be a very good deterrent of theft. Once they resolve this major flaw I will purchase a product from them again (assuming it meets my needs as a deterrent.)