Re: RFID World Still Reacting Strongly To Virus Research

[Lionel Ferette <lionel.ferette () belnet be>]

In the wise words of Richard M. Smith, on Saturday 18 March 2006 14:47:
[SNIP]
> "With respect to the students involved, the paper as presented is rather
> weak," said Kevin Ashton, ThingMagic Inc. vice president, and co-founder of
> the Massachusetts Institute of Technology (MIT) Auto-ID Center. "The 'real'
> virus, they claim to demonstrate in the paper, is not a virus, just a
> self-replicating piece of SQL
'just a self-replicating piece of SQL'... This is a nice short definition for 
a virus written in SQL, in my book.

That said, I fail to be really impressed by this 'virus'. The only practical 
conclusion I can come to is 'RFID content is data coming from outside the 
system, and must thus be checked / filtered accordingly'. Wait... Aren't you 
doing that, already? Isn't there anything like a checksum that would make the 
system drop the data as erroneous? If not, the RFID industry has many more 
problems to face than this kind of virus...

Lionel

-- 
"To understand how progress failed to make our lives easier,
please press 3"

Lionel Ferette
BELNET CERT Coordinator

Tel: +32 2 7903385                  http://cert.belnet.be/
Fax: +32 2 7903375                  PGP Key Id: 0x5662FD4B

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.