[MLUG] Practical Attack on the MIFARE Classic.

Nicholas Accad nicholas at accad.org
Tue Dec 2 17:17:27 EST 2008 

On Tue, Dec 2, 2008 at 5:12 PM, Bob Bevins <bob at virteck.com> wrote:
> Hi nick,
>
> My house kidnapped me.
>

Figures, you made that thing a little bit too intelligent. Decided it
won't take any of your refuse, eh?

> and yes, it didn't come out the way I wanted it to. I didn't mean technology
> caused this , I meant the people developing and using the technology caused
> it.
>
> Man its been a while. Have you guys been here all the while?
>
>

No, we switched over to OSX while you were gone :P

>
>
> ----- Original Message -----
> From: "Nicholas Accad" <nicholas at accad.org>
> To: "Montreal Linux Users Group" <mlug at listserv.mlug.ca>
> Sent: Tuesday, December 02, 2008 5:03 PM
> Subject: Re: [MLUG] Practical Attack on the MIFARE Classic.
>
>
>> First off, WHERE THE HELL HAVE YOU BEEN BOB? and how's the house :)
>>
>> Second, I know that's not what you meant, or I hope so anyway.
>>
>> Technology did not create any security holes, it's how and where
>> people decided to use a certain technology where/when it is not
>> suitable that created the holes.
>>
>> -nick
>>
>>
>> On Tue, Dec 2, 2008 at 4:23 PM, Bob Bevins <bob at virteck.com> wrote:
>>> I wouldn't say Worst case scenario would be  read-only access to some
>>> potentially personal data. How about access to large corporations
>>> buildings
>>> and server rooms with lots of data.
>>>
>>> Many companies are using the mifare technology  on smartcards for card
>>> access, which unlocks doors when presented at the readers. If they can
>>> clone
>>> the cards then they would have access to companies premises. furthermore,
>>> many companies are using the cards to turn off the alarm systems. So not
>>> only would they have access to unlock the doors, it would also turn off
>>> the
>>> alarm system which would allow them to make themselves at home, well
>>> untill
>>> someone decided to go to work.
>>>
>>> Its scary some of the security holes that technology is providing!
>>>
>>> Bob
>>>
>>> Hello again MLUG, wow, its been a while!
>>>
>>>
>>> ----- Original Message -----
>>> From: "Andy Pintar" <andy at hapoteh.net>
>>> To: <mlug at listserv.mlug.ca>
>>> Sent: Tuesday, December 02, 2008 3:53 PM
>>> Subject: [MLUG] Practical Attack on the MIFARE Classic.
>>>
>>>
>>>> Hi;
>>>> Just wondering what the status is of the MIFARE/Opus attack.  After
>>>> reading the paper it seemed clear to me that this 'practical attack'
>>>> isn't
>>>> all that practical and isn't really an attack.  Worst case scenario (the
>>>> way I understood it) is read-only access to some potentially personal
>>>> data.  If the recommendations at the end were followed at all then it
>>>> seems that the card is still quite secure.
>>>>
>>>> Although I'm not an expert in this field, I found this paper was (in my
>>>> opinion) poorly written and unclear.  So, I may have missed a point or
>>>> two
>>>> with regards to reading or writing.  Any updates on whether the CBC was
>>>> able to walk through the turnstiles?  I'm guessing that this wouldn't be
>>>> possible using only the information provided in this paper.
>>>>
>>>> -Andy.
>>>> _______________________________________________
>>>> mlug mailing list
>>>> mlug at listserv.mlug.ca
>>>> https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
>>>>
>>>
>>> _______________________________________________
>>> mlug mailing list
>>> mlug at listserv.mlug.ca
>>> https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
>>>
>> _______________________________________________
>> mlug mailing list
>> mlug at listserv.mlug.ca
>> https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
>>
>
> _______________________________________________
> mlug mailing list
> mlug at listserv.mlug.ca
> https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
>

More information about the mlug mailing list