lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu Jun 1 06:56:24 2006 From: joshuaperrymon at gmail.com (Josh L. Perrymon) Subject: RFID used at Olympics in Germany Yeah.. I suppose their would be limitations on the amount of data that would be on the chip.. Maybe the will just use an ID number that refrences the user info in the DB.... Has anyone successfully performed SQL injections usinf RFID tags? I looked at a few papers but know it's not widespread. I'm thinking about getting an IPAQ and an RFID reader/writer to play around w/ this stuff. JP packetfocus.blogspot.com www.packetfocus.com On 6/1/06, Jim Popovitch <jimpop@...oo.com> wrote: > > Josh L. Perrymon wrote: > > So everyone is going to have this RFID embedded ticket with name, > > address, passport or driver license number? > > From the article: > "an embedded RFID chip containing identification information > that will be checked against a database" > > To me that doesn't imply that the chip will contain the items in your > list. It could be a checksum of the data in the DB, and security > officials just validate, against the DB, the full name on a physical > passport and the checksum on the RFID. > > Now, the security of the DB could be a whole other thread of discussion. > ;-) > > -Jim P. > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060601/9062ee60/attachment.html
Powered by blists - more mailing lists