Re: Collocation Access

[Warren Kumari <warren () kumari net>]

On Oct 23, 2006, at 10:57 AM, Roland Perry wrote:

> In article <20061023103731.W56322 () iama hypergeek net>, John A.  
> Kilpatrick <john () hypergeek net> writes
> > > The fellow I chatted with at AT&T said they are not allowed to
> > > hand over their badge because it would compromise their security.
> >
> > My tech said the same thing.  That keycard could grant central  
> > office access
>
> On its own? No keycode or anything. What if he lost it?
>
> > so he couldn't surrender it.
>
> But presumably it would need to be stolen. Wouldn't the tech notice  
> that happening... Or is there some way the colo security guy can  
> clone it undetected?

These are trivial to clone -- all you need is a reader hooked up to a  
PC and you can read the number off the card. You can then buy a batch  
of cards that cover the serial numbers that you are interested in  
(no, I don't really understand WHY you can buy numbered ranges, but  
you can...)

The other alternative is something like:  http://cq.cx/proxmark3.pl
This device will read and clone a large number of proximity cards --  
you don't even need real access to the card, all you need to do is  
brush up against the cardholder with the antenna cincealed in your  
pocket....

> --
> Roland Perry

--
If the bad guys have copies of your MD5 passwords, then you have way  
bigger problems than the bad guys having copies of your MD5 passwords.
-- Richard A Steenbergen