| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu Jun 1 14:39:11 2006 From: adam.laurie at thebunker.net (Adam Laurie) Subject: RFID used at Olympics in Germany Josh L. Perrymon wrote: > Yeah.. I suppose their would be limitations on the amount of data that > would be on the chip.. > > Maybe the will just use an ID number that refrences the user info in the > DB.... > > Has anyone successfully performed SQL injections usinf RFID tags? I > looked at a few papers but know it's not widespread. > I'm thinking about getting an IPAQ and an RFID reader/writer to play > around w/ this stuff. It's certainly do-able if the target RFID reading system isn't doing the proper checks... for playing, I can recommend the ACG reader - should work fine in a Compaq as it's a CF card: http://www.acg.de/synformation/servlet/PageServlet/corporate/RFIDProducts/Start?show=RFID_Basics and if you've got python, you can drive it with RFIDIOt: http://rfidiot.org/ BTW, if anyone's got access to these tickets I'd love to have a look at one... cheers, Adam -- Adam Laurie Tel: +44 (0) 1304 814800 The Bunker Secure Hosting Ltd. Fax: +44 (0) 1304 814899 Ash Radar Station http://www.thebunker.net Marshborough Road Sandwich mailto:adam@...bunker.net Kent CT13 0PL UNITED KINGDOM PGP key on keyservers
Powered by blists - more mailing lists