Full Disclosure mailing list archives
Re: Sniffing RFID ID's ( Physical Security )
From: "Gary E. Miller" <gem () rellim com>
Date: Tue, 27 Jun 2006 17:56:07 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yo Josh! On Wed, 28 Jun 2006, Josh L. Perrymon wrote:
From a pen-testing perspective: What do you guys think that large companies would say about this risk? Is this valid enough to cause change in an organization. Or is this like most everything else we see.. reactive only. Will it take a major breaking or loss before A fortune 500 company would pull out their insecure RFID system?
Just like any other software vulnerability. First, no one will believe it is possible. So you demonstrate that you can hack the system. Two, the vendor and management will claim that either you used inside information not available to an attacker, or that criminals are too dumb to duplicate what you did. So you put your concerns in a memo as an "I Told You So". Three, while everyone is in denial there will be mysterious and unexplained disappeances. Everyone if baffled. Four, some high profile site will publicly succumb to this attack. Everyone involved will proclaim they had no idea such a thing was possible, your memo has been shredded. RGDS GARY - --------------------------------------------------------------------------- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 gem () rellim com Tel:+1(541)382-8588 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEodOp8KZibdeR3qURArsqAJ9rxNstl9Kos2+uMiADFjSjuiTIegCfcWGo 1piwhFVM1+/1KVInC9ETl0Y= =rCdl -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Sniffing RFID ID's ( Physical Security ), (continued)
- Re: Sniffing RFID ID's ( Physical Security ) mikeiscool (Jun 26)
- Re: Sniffing RFID ID's ( Physical Security ) Josh L. Perrymon (Jun 26)
- Re: Sniffing RFID ID's ( Physical Security ) Andre Gagne (Jun 27)
- Re: Sniffing RFID ID's ( Physical Security ) Hugo Fortier (Jun 27)
- Re: Sniffing RFID ID's ( Physical Security ) Josh L. Perrymon (Jun 27)
- Re: Sniffing RFID ID's ( Physical Security ) Meder Kydyraliev (Jun 27)
- Re: Sniffing RFID ID's ( Physical Security ) Gary E. Miller (Jun 27)
- Re: Sniffing RFID ID's ( Physical Security ) Josh L. Perrymon (Jun 27)
- Re: Sniffing RFID ID's ( Physical Security ) Gary E. Miller (Jun 27)