[MLUG] Practical Attack on the MIFARE Classic.

Bob Bevins bob at virteck.com
Tue Dec 2 17:12:27 EST 2008 

Hi nick,

My house kidnapped me.

and yes, it didn't come out the way I wanted it to. I didn't mean technology 
caused this , I meant the people developing and using the technology caused 
it.

Man its been a while. Have you guys been here all the while?




----- Original Message ----- 
From: "Nicholas Accad" <nicholas at accad.org>
To: "Montreal Linux Users Group" <mlug at listserv.mlug.ca>
Sent: Tuesday, December 02, 2008 5:03 PM
Subject: Re: [MLUG] Practical Attack on the MIFARE Classic.


> First off, WHERE THE HELL HAVE YOU BEEN BOB? and how's the house :)
>
> Second, I know that's not what you meant, or I hope so anyway.
>
> Technology did not create any security holes, it's how and where
> people decided to use a certain technology where/when it is not
> suitable that created the holes.
>
> -nick
>
>
> On Tue, Dec 2, 2008 at 4:23 PM, Bob Bevins <bob at virteck.com> wrote:
>> I wouldn't say Worst case scenario would be  read-only access to some
>> potentially personal data. How about access to large corporations 
>> buildings
>> and server rooms with lots of data.
>>
>> Many companies are using the mifare technology  on smartcards for card
>> access, which unlocks doors when presented at the readers. If they can 
>> clone
>> the cards then they would have access to companies premises. furthermore,
>> many companies are using the cards to turn off the alarm systems. So not
>> only would they have access to unlock the doors, it would also turn off 
>> the
>> alarm system which would allow them to make themselves at home, well 
>> untill
>> someone decided to go to work.
>>
>> Its scary some of the security holes that technology is providing!
>>
>> Bob
>>
>> Hello again MLUG, wow, its been a while!
>>
>>
>> ----- Original Message -----
>> From: "Andy Pintar" <andy at hapoteh.net>
>> To: <mlug at listserv.mlug.ca>
>> Sent: Tuesday, December 02, 2008 3:53 PM
>> Subject: [MLUG] Practical Attack on the MIFARE Classic.
>>
>>
>>> Hi;
>>> Just wondering what the status is of the MIFARE/Opus attack.  After
>>> reading the paper it seemed clear to me that this 'practical attack' 
>>> isn't
>>> all that practical and isn't really an attack.  Worst case scenario (the
>>> way I understood it) is read-only access to some potentially personal
>>> data.  If the recommendations at the end were followed at all then it
>>> seems that the card is still quite secure.
>>>
>>> Although I'm not an expert in this field, I found this paper was (in my
>>> opinion) poorly written and unclear.  So, I may have missed a point or 
>>> two
>>> with regards to reading or writing.  Any updates on whether the CBC was
>>> able to walk through the turnstiles?  I'm guessing that this wouldn't be
>>> possible using only the information provided in this paper.
>>>
>>> -Andy.
>>> _______________________________________________
>>> mlug mailing list
>>> mlug at listserv.mlug.ca
>>> https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
>>>
>>
>> _______________________________________________
>> mlug mailing list
>> mlug at listserv.mlug.ca
>> https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
>>
> _______________________________________________
> mlug mailing list
> mlug at listserv.mlug.ca
> https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
>

More information about the mlug mailing list