lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed Jun 28 01:56:24 2006 From: gem at rellim.com (Gary E. Miller) Subject: Sniffing RFID ID's ( Physical Security ) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yo Josh! On Wed, 28 Jun 2006, Josh L. Perrymon wrote: > From a pen-testing perspective: What do you guys think that large companies > would say about this risk? Is this valid enough to cause change in an > organization. Or is this like most everything else we see.. reactive only. > Will it take a major breaking or loss before A fortune 500 company would > pull out their insecure RFID system? Just like any other software vulnerability. First, no one will believe it is possible. So you demonstrate that you can hack the system. Two, the vendor and management will claim that either you used inside information not available to an attacker, or that criminals are too dumb to duplicate what you did. So you put your concerns in a memo as an "I Told You So". Three, while everyone is in denial there will be mysterious and unexplained disappeances. Everyone if baffled. Four, some high profile site will publicly succumb to this attack. Everyone involved will proclaim they had no idea such a thing was possible, your memo has been shredded. RGDS GARY - --------------------------------------------------------------------------- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 gem@...lim.com Tel:+1(541)382-8588 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEodOp8KZibdeR3qURArsqAJ9rxNstl9Kos2+uMiADFjSjuiTIegCfcWGo 1piwhFVM1+/1KVInC9ETl0Y= =rCdl -----END PGP SIGNATURE-----
Powered by blists - more mailing lists