lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu Jun  1 06:56:24 2006
From: joshuaperrymon at gmail.com (Josh L. Perrymon)
Subject: RFID used at Olympics in Germany

Yeah.. I suppose their would be limitations on the amount of data that would
be on the chip..

Maybe the will just use an ID number that refrences the user info in the
DB....

Has anyone successfully performed SQL injections usinf RFID tags? I looked
at a few papers but know it's not widespread.
I'm thinking about getting an IPAQ and an RFID reader/writer to play around
w/ this stuff.

JP
packetfocus.blogspot.com
www.packetfocus.com





On 6/1/06, Jim Popovitch <jimpop@...oo.com> wrote:
>
> Josh L. Perrymon wrote:
> > So everyone is going to have this RFID embedded ticket with name,
> > address, passport or driver license number?
>
> From the article:
>    "an embedded RFID chip containing identification information
>     that will be checked against a database"
>
> To me that doesn't imply that the chip will contain the items in your
> list.  It could be a checksum of the data in the DB, and security
> officials just validate, against the DB, the full name on a physical
> passport and the checksum on the RFID.
>
> Now, the security of the DB could be a whole other thread of discussion.
> ;-)
>
> -Jim P.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060601/9062ee60/attachment.html

Powered by blists - more mailing lists