Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

fulldisclosure logo Full Disclosure mailing list archives

Re: RFID used at Olympics in Germany
From: "Josh L. Perrymon" <joshuaperrymon () gmail com>
Date: Thu, 1 Jun 2006 15:56:15 +1000
Yeah.. I suppose their would be limitations on the amount of data that would
be on the chip..

Maybe the will just use an ID number that refrences the user info in the
DB....

Has anyone successfully performed SQL injections usinf RFID tags? I looked
at a few papers but know it's not widespread.
I'm thinking about getting an IPAQ and an RFID reader/writer to play around
w/ this stuff.

JP
packetfocus.blogspot.com
www.packetfocus.com





On 6/1/06, Jim Popovitch <jimpop () yahoo com> wrote:


Josh L. Perrymon wrote:
> So everyone is going to have this RFID embedded ticket with name,
> address, passport or driver license number?

From the article:
   "an embedded RFID chip containing identification information
    that will be checked against a database"

To me that doesn't imply that the chip will contain the items in your
list.  It could be a checksum of the data in the DB, and security
officials just validate, against the DB, the full name on a physical
passport and the checksum on the RFID.

Now, the security of the DB could be a whole other thread of discussion.
;-)

-Jim P.




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]