lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <447EAE71.1090002@thebunker.net>
Date: Thu Jun  1 14:39:11 2006
From: adam.laurie at thebunker.net (Adam Laurie)
Subject: RFID used at Olympics in Germany

Josh L. Perrymon wrote:
> Yeah.. I suppose their would be limitations on the amount of data that 
> would be on the chip..
> 
> Maybe the will just use an ID number that refrences the user info in the 
> DB....
> 
> Has anyone successfully performed SQL injections usinf RFID tags? I 
> looked at a few papers but know it's not widespread.
> I'm thinking about getting an IPAQ and an RFID reader/writer to play 
> around w/ this stuff.

It's certainly do-able if the target RFID reading system isn't doing the 
proper checks...  for playing, I can recommend the ACG reader - should 
work fine in a Compaq as it's a CF card:
 
http://www.acg.de/synformation/servlet/PageServlet/corporate/RFIDProducts/Start?show=RFID_Basics

and if you've got python, you can drive it with RFIDIOt:

   http://rfidiot.org/

BTW, if anyone's got access to these tickets I'd love to have a look at 
one...

cheers,
Adam
-- 
Adam Laurie                         Tel: +44 (0) 1304 814800
The Bunker Secure Hosting Ltd.      Fax: +44 (0) 1304 814899
Ash Radar Station                   http://www.thebunker.net
Marshborough Road
Sandwich                            mailto:adam@...bunker.net
Kent
CT13 0PL
UNITED KINGDOM                      PGP key on keyservers

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ