http://groups.google.com/group/hackingRFID
I have started a private google group for discussing hacking RFID if
anyone is interested.
JP
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and
to be shared with the community... but how the community views that knowledge is highly debatable.. and that's OT on this thread !!
On 8/3/06, mikeiscool
[EMAIL PROTECTED] wrote:
On 8/3/06, Josh L. Perrymon [EMAIL PROTECTED]
wrote: http://groups.google.com/group/hackingRFID I have started
This email gateway is blocking email messages spoofed from my RH3 box...! error snippetThe error message:X-NAI-Spam-Level: **
X-NAI-Spam-Score: 2.3
X-NAI-Spam-Report: 2 Rules triggered * 1.8 -- MIME_MISSING_BOUNDARY --
RAW: MIME section missing boundary * 0.5 -- MIME_BASE64_LATIN -- RAW:
Latin
Posted inline:On 7/19/06, Josh L. Perrymon
[EMAIL PROTECTED] wrote: This email gateway is blocking email messages spoofed from my RH3 box... ! error snippet The error message: X-NAI-Spam-Level: **
X-NAI-Spam-Score: 2.3X-NAI-Spam-Report: 2 Rules triggered *1.8 -- MIME_MISSING_BOUNDARY -- RAW:MIME
Anyone worked with management at Analex and have contact infomation?
JP
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Ok,
I'm having a discussion with a buddy about secure cookies. I'm looking
at a Java application that used several cookies after logging in;
SessionID
CookieIDtype
FailMSGID
so on...
Obviously the application is using some code that performs additional
sessions on top of the standard
-Original Message-From: Ajay Pal Singh Atwal [mailto:
[EMAIL PROTECTED]]Sent: Friday, 30 June 2006 2:46 PMTo: full-disclosure@lists.grok.org.ukSubject: Re: [Full-disclosure] Are consumers being misled by phishing?
Here is one phishing site for paypal
I have read more since the initial post in regards to RFID hacking.session replay would probably be the best approach if you wanted to clone the contents of an RFID Proximity Card, Access Card, so on.. Basically anything that uses static data on the card for identification. I have been informed
http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015690.htmlAnyone heard anything else on the Sanctum INC patent for pentesting???
WTF?A friend told me about this one and Watchfire patents on application scanners..JPPacketfocus.com
___
then companies may want to look at their current installation.
JPPacketfocus.comOn 6/27/06, Brate Sanders [EMAIL PROTECTED]
wrote:
- Original Message
From: Josh L. Perrymon [EMAIL PROTECTED]To:
full-disclosure@lists.grok.org.uk; [EMAIL PROTECTED]Sent: Tuesday, 27 June, 2006 9:41:23 AM
Subject: [Full
I was contacted by Eweek recently about previous posts about RFID and how it is being used at the World Cup and Olympics. This got me thinking a little more about some previous ideas I have had. I think the real risk is in RFID access cards.
World Cup and Olympics are / will be using embedded RFID
My post was based more on *existing* RFID implementations used for physical security access cards. I know that non-contact cards such as RFID Credit Cards use encryption so on... But are still vulnerable to non-authorized transactions.. I'm mean.. there is no green button you push to authorize the
like to try this on my next on-site hack.JPPacketFocus.comOn 6/27/06, mikeiscool
[EMAIL PROTECTED] wrote:On 6/27/06, Josh L. Perrymon
[EMAIL PROTECTED] wrote: My post was based more on *existing* RFID implementations used for physical security access cards. I know that non-contact cards
I am not impressed with the PassMark solution. It would be trivial to setup a script of rotating images that are used by the passmark widget.. then feed them back to the user and have a script post stating the image that was on the screen when the user clicked submit..
Also feeding in any 2nd
I'm working on implementing rootkitting/ trojans/ Browser exploits into my Phishing attacks...
I have noticed how easy it is to get users to give up credentials but sometimes
this only provides access to OWA
for example...( if that is the only resource available )
The network I'm looking at
http://www.csoonline.com.au/index.php?id=1926576695eid=-302
So every ticket used at the olympics has an embedded RFID and is scanned as users enter the stadium ( over 64 events ).
snip---Organizers have asked everyone requesting tickets to provide a wealth
of personal data, including name,
thinking about getting an IPAQ and an RFID reader/writer to play around w/ this stuff.JPpacketfocus.blogspot.comwww.packetfocus.com
On 6/1/06, Jim Popovitch [EMAIL PROTECTED] wrote:
Josh L. Perrymon wrote: So everyone is going to have this RFID embedded ticket with name, address, passport or driver
17 matches
Mail list logo