lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.64.0606271744520.6281@catbert.rellim.com>
Date: Wed Jun 28 01:56:24 2006
From: gem at rellim.com (Gary E. Miller)
Subject: Sniffing RFID ID's ( Physical Security )

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yo Josh!

On Wed, 28 Jun 2006, Josh L. Perrymon wrote:

> From a pen-testing perspective: What do you guys think that large companies
> would say about this risk? Is this valid enough to cause change in an
> organization. Or is this like most everything else we see.. reactive only.
> Will it take a major breaking or loss before A fortune 500 company would
> pull out their insecure RFID system?

Just like any other software vulnerability.

First, no one will believe it is possible.  So you demonstrate that you
can hack the system.

Two, the vendor and management will claim that either you used inside
information not available to an attacker, or that criminals are too
dumb to duplicate what you did.  So you put your concerns in a memo as
an "I Told You So".

Three, while everyone is in denial there will be mysterious and
unexplained disappeances.  Everyone if baffled.

Four, some high profile site will publicly succumb to this attack.
Everyone involved will proclaim they had no idea such a thing was
possible, your memo has been shredded.

RGDS
GARY
- ---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
	gem@...lim.com  Tel:+1(541)382-8588

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEodOp8KZibdeR3qURArsqAJ9rxNstl9Kos2+uMiADFjSjuiTIegCfcWGo
1piwhFVM1+/1KVInC9ETl0Y=
=rCdl
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ