nanog mailing list archives
Re: Default Passwords for World Wide Packets/Lightning Edge Equipment
From: Joel Jaeggli <joelja () bogus com>
Date: Wed, 13 Jan 2010 11:49:36 -0800
Steven Bellovin wrote:
On Jan 13, 2010, at 1:45 PM, Barry Shein wrote:There seem to be a lot of misconceptions about RFID tags. I'm hardly an expert but I do know this much: RFID tags are generic, you don't put data into them unique to your application.
Not true, the simplest rfid tags are energized and play back whatever string is embedded, passive tags, however, plenty of device that fall under the moniker rfid are at a minimum field programmable. Moreover when you get beyond passive tags, the devices can be found with full on java stacks, challenge response system, fips certified crypto engines, flash for stored value etc.
Part of the original (or at least early) context for this thread was recovery of default passwords. If the password
is F(ser#), it's only learnable if you know both F() and ser#. The vendor knows F() -- who knows ser#? If it's in
an RFID tag, or is DBlookup(tag#,vendor_db), being able to read this admittedly-arbitrary number may indeed be a
threat.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
Current thread:
- RFID in datacenter (was Re: Default Passwords for World Wide Packets/Lightning Edge Equipment), (continued)
- RFID in datacenter (was Re: Default Passwords for World Wide Packets/Lightning Edge Equipment) George Imburgia (Jan 13)
- Re: RFID in datacenter (was Re: Default Passwords for World Wide Packets/Lightning Edge Equipment) Brett Frankenberger (Jan 13)
- RE: RFID in datacenter (was Re: Default Passwords for World WidePackets/Lightning Edge Equipment) Brandon M. Lapointe (Jan 13)
- Re: RFID in datacenter (was Re: Default Passwords for World Wide Packets/Lightning Edge Equipment) Stefan (Jan 13)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Steven Bellovin (Jan 13)
- RE: Default Passwords for World Wide Packets/Lightning Edge Equipment Nathan Eisenberg (Jan 13)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Steven Bellovin (Jan 13)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Graeme Fowler (Jan 13)
- RE: Default Passwords for World Wide Packets/Lightning Edge Equipment Nathan Eisenberg (Jan 13)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Valdis . Kletnieks (Jan 13)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Joel Jaeggli (Jan 13)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Valdis . Kletnieks (Jan 13)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Jon Lewis (Jan 13)
- RE: Default Passwords for World Wide Packets/Lightning Edge Equipment Nathan Eisenberg (Jan 13)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Barry Shein (Jan 13)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Matthew Palmer (Jan 13)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment gordon b slater (Jan 12)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Steven Bellovin (Jan 06)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Joel Esler (Jan 06)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Mark Foster (Jan 06)
- Re: Default Passwords for World Wide Packets/Lightning Edge Equipment Matthew Palmer (Jan 06)