[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <7d85153f0605312256ua4067b1hce310ad21b4d7734@mail.gmail.com>
Date: Thu Jun 1 06:56:24 2006
From: joshuaperrymon at gmail.com (Josh L. Perrymon)
Subject: RFID used at Olympics in Germany
Yeah.. I suppose their would be limitations on the amount of data that would
be on the chip..
Maybe the will just use an ID number that refrences the user info in the
DB....
Has anyone successfully performed SQL injections usinf RFID tags? I looked
at a few papers but know it's not widespread.
I'm thinking about getting an IPAQ and an RFID reader/writer to play around
w/ this stuff.
JP
packetfocus.blogspot.com
www.packetfocus.com
On 6/1/06, Jim Popovitch <jimpop@...oo.com> wrote:
>
> Josh L. Perrymon wrote:
> > So everyone is going to have this RFID embedded ticket with name,
> > address, passport or driver license number?
>
> From the article:
> "an embedded RFID chip containing identification information
> that will be checked against a database"
>
> To me that doesn't imply that the chip will contain the items in your
> list. It could be a checksum of the data in the DB, and security
> officials just validate, against the DB, the full name on a physical
> passport and the checksum on the RFID.
>
> Now, the security of the DB could be a whole other thread of discussion.
> ;-)
>
> -Jim P.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060601/9062ee60/attachment.html
Powered by blists - more mailing lists