Re:Security implications?
on
NXP RFID Cracked
·
· Score: 3, Interesting
It's actually written into the Mifare standard that the range of card reads is below a certain value (~100mm from memory). Obviously the design of the reader itself is mostly responsible for the read range, however this does mean that there are no long range readers in circulation ATM, unlike the old 128KHz cards. This type of card does require active comms with the reader (has a 2 way authentication mechanism) and will be much harder for engineers to produce long range readers as the card itself was never designed for it.
For the record, this particular standard has been regarded as out of date, and not too secure, for some time now within the physical electronic security industry. It has also been wrongly applied in most cases where the cards serial number is used as a credential, instead of storing access control data in your own application area with your own crypto keys, though this is mostly redundant now in the wake of this news...
It's actually easier to do in konq than firefox, put the user agent string in ~/.kde/share/config/kio_httprc against bbc.co.uk and it asks you what to do with the file when you click play. I'm off to download a weeks worth of In The Night Garden....
But if you delete the file, then for example cat/dev/urandom >/mnt/sdd/largefile on the drive, it will keep 'catting' until the drive is full. Lather, rinse, repeat...
If they're just going to provide step by step instructions to do everything anyway, why not just make the system easier to install/use in the first place?
You have clearly missed the point, it's not made to be 'difficult', that is just the way it is. Plenty of people find the annoying idiosyncrasies of Gentoo worth the effort, their reasoning for this is their own and probably unique. If you gain no benefit use something else, if it's too hard for you use something else.
The only prerequisite for being able to install Gentoo instead of any other distro is the ability to read IMHO, and the 8 or so hours I spent 4 years ago installing my 1st system was well worth it as it's the same install I post from now.
You can rake any pin lock, even the DSP and magnetic ones, the motion is just not 'raking' anymore. $100 will get you a nice set of jigglers, tailored to the make, model and year of car you wish to steal, and if they work on the barely used door lock, they will make short work of the ignition barrel.
Of course with Gentoo you have to always wait a bit after every release since every new release has big bugs.
Have you ever installed Gentoo for yourself?
A new release is just the same as any up to date Gentoo system, only you use a different install CD; a place to start from.
If there are bugs in the tree when the snapshot is made then they will exist in the install, as they would in a badly managed up to date system
As for Gentoo being for "Do-it-yourself'ers", no, it never was and still isn't, it's for those who know what degree of control is useful to them, and can't be arsed to do the underlaying for themselves, or be arsed to do the same inane shit every six months when a new 'release' comes out.
For the record a stage 1 to stage 2 install is about 2 steps that you have very little control over, and that can be emulated from stage 3 by anyone who is worth their salt, I can guarantee that my stage 3 is identical to your stage 1, and I didn't spend hours watching '-DHAVE_CONFIG' scrolling up the screen either...
To be honest, it just makes the jobs of CCTV control room operators easier, the technology isn't that new either, we just have the ability to put the thinking part of the system inside the camera now, instead of inside the DVR. For the average Joe on the street it won't make much difference in this case, unless you get shot, then the paramedics may turn up a bit sooner.
It's the behavioral recognition systems that have the good features, they can tell the difference between someone pacing up and down talking on a cell phone and some one acting 'shifty', then track them from camera to camera around the system. Even with a 50% false positive rate on a system like that you are giving your 'Security Officers' a good head start on containing or even preventing any possible trouble.
From an invasion of privacy point of view these technologies are better, as there is less blanket coverage needed for any one area, and recording quality can be linked to a number of factors, meaning while the system is tracking that fella with the odd looking suitcase you're free to scratch your ass without it appearing on Ebaums World next week.
Despite the leaps and bounds in IP security over the last decade or so, the physical security industry is mostly unwilling to adopt IP technology for standalone systems, such as domestic intruder alarms, mainly because of perceived 'security' issues. The irony is that the current security protocols would get IP/IT security professionals giggling like school girls and saying things like 'Awww, how quaint'.
Slashdot Mirror
It's actually written into the Mifare standard that the range of card reads is below a certain value (~100mm from memory).
Obviously the design of the reader itself is mostly responsible for the read range, however this does mean that there are no long range readers in circulation ATM, unlike the old 128KHz cards.
This type of card does require active comms with the reader (has a 2 way authentication mechanism) and will be much harder for engineers to produce long range readers as the card itself was never designed for it.
For the record, this particular standard has been regarded as out of date, and not too secure, for some time now within the physical electronic security industry. It has also been wrongly applied in most cases where the cards serial number is used as a credential, instead of storing access control data in your own application area with your own crypto keys, though this is mostly redundant now in the wake of this news...
Come on mods, that *is* funny, racist, but funny.
It's actually easier to do in konq than firefox, put the user agent string in ~/.kde/share/config/kio_httprc against bbc.co.uk and it asks you what to do with the file when you click play.
I'm off to download a weeks worth of In The Night Garden....
I thought it still was...
Can someone explain how parent is a troll?
The graph is quite interesting.
Not really, you have verification the job was done.
But if you delete the file, then for example cat /dev/urandom > /mnt/sdd/largefile on the drive, it will keep 'catting' until the drive is full.
Lather, rinse, repeat...
Hmm... http://www.ictshirts.com/t-shirt/82/ford-fuct.htm
You have clearly missed the point, it's not made to be 'difficult', that is just the way it is.
Plenty of people find the annoying idiosyncrasies of Gentoo worth the effort, their reasoning for this is their own and probably unique. If you gain no benefit use something else, if it's too hard for you use something else.
The only prerequisite for being able to install Gentoo instead of any other distro is the ability to read IMHO, and the 8 or so hours I spent 4 years ago installing my 1st system was well worth it as it's the same install I post from now.
They own the IP too, all the Gentoo specific configs have their copyright notice in them.
I believe they control the bank account too.
If you ran those rare earth magnets across the platters a few times, how much data would survive?
You should have used sarcasm tags, you may not have got modded down then.
Putting Satan above the **AA's is a bit harsh, can he sue for libel?
You can rake any pin lock, even the DSP and magnetic ones, the motion is just not 'raking' anymore. $100 will get you a nice set of jigglers, tailored to the make, model and year of car you wish to steal, and if they work on the barely used door lock, they will make short work of the ignition barrel.
They say its the reason the iPhone is gonna be so good
...in ten years.
Easily...
X2, my 2004 install is up to date, and has been ported then edited to suit 2 other up to date machines.
Of course with Gentoo you have to always wait a bit after every release since every new release has big bugs.
Have you ever installed Gentoo for yourself?
A new release is just the same as any up to date Gentoo system, only you use a different install CD; a place to start from.
If there are bugs in the tree when the snapshot is made then they will exist in the install, as they would in a badly managed up to date system
As for Gentoo being for "Do-it-yourself'ers", no, it never was and still isn't, it's for those who know what degree of control is useful to them, and can't be arsed to do the underlaying for themselves, or be arsed to do the same inane shit every six months when a new 'release' comes out.
For the record a stage 1 to stage 2 install is about 2 steps that you have very little control over, and that can be emulated from stage 3 by anyone who is worth their salt, I can guarantee that my stage 3 is identical to your stage 1, and I didn't spend hours watching '-DHAVE_CONFIG' scrolling up the screen either...
They weren't resting, they were signing on. 6 days; the job must have been a terrible one, they were clearly all cowboys and got fired.
To be honest, it just makes the jobs of CCTV control room operators easier, the technology isn't that new either, we just have the ability to put the thinking part of the system inside the camera now, instead of inside the DVR.
For the average Joe on the street it won't make much difference in this case, unless you get shot, then the paramedics may turn up a bit sooner.
It's the behavioral recognition systems that have the good features, they can tell the difference between someone pacing up and down talking on a cell phone and some one acting 'shifty', then track them from camera to camera around the system. Even with a 50% false positive rate on a system like that you are giving your 'Security Officers' a good head start on containing or even preventing any possible trouble.
From an invasion of privacy point of view these technologies are better, as there is less blanket coverage needed for any one area, and recording quality can be linked to a number of factors, meaning while the system is tracking that fella with the odd looking suitcase you're free to scratch your ass without it appearing on Ebaums World next week.
Despite the leaps and bounds in IP security over the last decade or so, the physical security industry is mostly unwilling to adopt IP technology for standalone systems, such as domestic intruder alarms, mainly because of perceived 'security' issues.
The irony is that the current security protocols would get IP/IT security professionals giggling like school girls and saying things like 'Awww, how quaint'.
We're all friends, aren't we?
Is there someone to offer a sensible opinion as to whether or not there is any chance of a black US president in 2008?