nanog mailing list archives

Re: Default Passwords for World Wide Packets/Lightning Edge Equipment

From: Steven Bellovin <smb () cs columbia edu>
Date: Wed, 13 Jan 2010 14:26:25 -0500


On Jan 13, 2010, at 1:45 PM, Barry Shein wrote:


There seem to be a lot of misconceptions about RFID tags. I'm hardly
an expert but I do know this much:

RFID tags are generic, you don't put data into them unique to your
application.

Part of the original (or at least early) context for this thread was recovery of default passwords.  If the password is 
F(ser#), it's only learnable if you know both F() and ser#.  The vendor knows F() -- who knows ser#?  If it's in an 
RFID tag, or is DBlookup(tag#,vendor_db), being able to read this admittedly-arbitrary number may indeed be a threat.


                --Steve Bellovin, http://www.cs.columbia.edu/~smb

Current thread:

Re: Default Passwords for World Wide Packets/Lightning Edge Equipment, (continued)
- - - Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Barry Shein (Jan 13)
    - Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Matt Simmons (Jan 13)
    - Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Valdis . Kletnieks (Jan 13)
    - Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Lyndon Nerenberg (VE6BBM/VE7TFX) (Jan 13)
    - Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Barry Shein (Jan 13)
    - Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Lyndon Nerenberg (VE6BBM/VE7TFX) (Jan 13)
    - RFID in datacenter (was Re: Default Passwords for World Wide Packets/Lightning Edge Equipment) George Imburgia (Jan 13)
    - Re: RFID in datacenter (was Re: Default Passwords for World Wide Packets/Lightning Edge Equipment) Brett Frankenberger (Jan 13)
    - RE: RFID in datacenter (was Re: Default Passwords for World WidePackets/Lightning Edge Equipment) Brandon M. Lapointe (Jan 13)
    - Re: RFID in datacenter (was Re: Default Passwords for World Wide Packets/Lightning Edge Equipment) Stefan (Jan 13)
    - Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Steven Bellovin (Jan 13)
    - RE: Default Passwords for World Wide Packets/Lightning Edge Equipment Nathan Eisenberg (Jan 13)
    - Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Steven Bellovin (Jan 13)
    - Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Graeme Fowler (Jan 13)
    - RE: Default Passwords for World Wide Packets/Lightning Edge Equipment Nathan Eisenberg (Jan 13)
    - Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Valdis . Kletnieks (Jan 13)
    - Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Joel Jaeggli (Jan 13)
    - Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Valdis . Kletnieks (Jan 13)
    - Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Jon Lewis (Jan 13)
    - RE: Default Passwords for World Wide Packets/Lightning Edge Equipment Nathan Eisenberg (Jan 13)
    - Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Barry Shein (Jan 13)

(Thread continues...)