Clement, Nathalie, and Alain the Portals administrators wishes you a warm welcome.
Great supplements to help you reach your certification goals
New release of RFIDiOt Posted by cdupuis on Monday, 17 November 2008 @ 16:43:16 EST (33 reads) TopicRFID
Herewith a new release of RFIDIOt, which is very much a work in progress, but has some goodies that make it worth releasing now...
From CHANGES:
v0.u - November 2008 add testlahf.sh script for testing LAHF units fix -R reader type override in RFIDIOtconfig.py add RFIDIOtconfig.py checking for global overrides in one of the following locations (in search order):
options should be specified on the first line as if typed on the command line, e.g.
-s 9600 -l /dev/ttyUSB0
command line options will take precedence over this file.
add -n (No Init) command to RFIDIOtconfig.py - allow modules to run without hardware add display of checksum-corrected MRZ to mrpkey.py add jcop_mifare_access.cap - mifare access applet for JCOP add jcop_mifare_access.gpsh and target in Makefile for installation of jcop_mifare_access.cap add jcopmifare.py test program for JCOP mifare emulation add display of biometric features on FACE in mrpkey.py
The main event being implementation of mifare emulation on JCOP cards.
Installing the applet (see Makefile) and then running jcopmifare.py will allow you to READ/WRITE data in the mifare sectors.
I've also added display of biometric features in the passport app if present (and, yes, I realise there's a bug in the radio buttons - I'll get to it at some point, but they were calling my flight... :)
Finally, I'm pleased to be able to supply the IAIK HF DemoTag at a special discounted price to RFIDIOt researchers. This device can emulate ISO 15693, ISO 18000-3, NFC and ISO 14443A 13.56MHz tags, and is particularly useful for testing cloning vulnerabilities. Full details here:
The purpose of this paper is to outline the security measures being taken by vendors to prevent such attacks in their home routing products, what those security measures accomplish, and where they fall short.
We will use existing network tools to examine common vulnerabilities in a range of popular devices and demonstrate weaknesses in the security of those devices; additionally, we will examine common trends in security measures that have been duplicated across vendors, and examine how those trends help and hinder the security of their devices. In particular, we will examine the following home routers, which are some of the latest offerings from their respective vendors at the time of this writing:
Read the papers listed at the bottom of this message.
CONCLUSION
Router manufacturers are increasing the security of their devices, however, home router security still has a long road ahead of it. In the documents listed below you will find a table listing each of the devices and their associated, reasonably exploitable, vulnerabilities mentioned in this paper; these types of vulnerabilities must be considered by all vendors, and should be investigated by any consumer before purchasing a router.
ADDITIONAL INFORMATION
The information has been provided by dev@sourcesec.com> SourceSec DevTeam.
Beware of Testking, Actualtests, and the like Posted by cdupuis on Friday, 07 November 2008 @ 15:56:26 EST (116 reads) TopicTraining
Anonymous writes "
Good day to all,
Over the past year I have been receiving many emails from people who unfortunately were attracted by very catchy publicity and promises of pass guaranteed and they decided to buy some of the online study guides such as preparation tests and other items that garantees you will pass for sure.
I have spent a bit of money with a few friends and we bought copies of those tools ourselves.
I was completely amazed to see the practice test from actualtests.com and testking.com had the EXACT SAME questions and choices presented as the real exams. Word for word except one thing, they attempted to answer the questions themselves and they are recommending the wrong answers to the people who buys their products. Some of the recommended answers are plain hilarious at best. If you follow their recommendations you will fail for sure.
If you have done your homework and you have prepared yourself properly for your upcoming exam you will see that the value of these so called real exam test questions is extremely limited, you should be able to pick those mistakes from a mile away.
Once again I strongly recommend that you do the ethical and correct thing: Prepare properly and pass the exam on your own. Avoid those unethical website and save yourself some money and ambarrassment later on when you get to your first job interview and they realize you are only a paper person with no skills or practical knowledge.
Video from DEFCON 16! Posted by cdupuis on Tuesday, 04 November 2008 @ 20:02:55 EST (256 reads) TopicIn the News
Anonymous writes "
Tool from HTTPS Hijacking talk
We've decided to do an early release of a few of the news-making presentations from DEFCON 16 in video format! The following links are in two formats, the h.264 version is an iPod compatible version of the presenter's slides with audio of the speech, and the full .mov is quicktime with dual video of the speaker and the slides. Enjoy, and keep your eye out for all the videos and audio from DEFCON 16 to be released in the next couple months!
Turkish hacker arrested by FBI made video giving tips for installing ATM skimmer Posted by cdupuis on Thursday, 30 October 2008 @ 12:52:40 EDT (192 reads) TopicIn the News
As reported by Paul Fisher in SC Magazine, October 2008
A Turkish hacker known as “Chao” and arrested as part of the FBI operation against underground forum DarkMarket produced his own training videos, researchers revealed this week at the RSA Europe conference in London.
RSA Consumer Solutions Head of New Technologies Uri Rivner said the hacker was behind the manufacture of hundreds of ATM skimming devices made from readily available parts, including switches from IKEA, and sold online.
But it the video that set Chao apart and which surprised the authorities when they saw it. Surprisingly well made and even funny, it is full of tips for criminals on the best way to use a skimming device. Among the tips spoken in broken English on the video are:
Don't install a skimmer in the morning, because people are more vigilant; don't install skimmers in towns with fewer than 15,000 people, because people in those towns would notice changes to their local ATMs; avoid areas with small shops open 24 hours a day and don't set up in areas where a lot of illegal immigrants live.
Uninformed is pleased to announce the release of its 10th volume Posted by cdupuis on Tuesday, 28 October 2008 @ 01:00:00 EDT (194 reads) TopicIn the News
Uninformed is pleased to announce the release of its 10th volume which is composed of 4 articles: Engineering in Reverse
- Can you find me now? Unlocking the Verizon Wireless xv6800 (HTC Titan) GPS, Author: Skywing
- Using dual-mappings to evade automated unpackers Author: skape
Exploitation Technology
- Analyzing local privilege escalations in win32k Author: mxatone
- Exploiting Tomorrow's Internet Today: Penetration testing with IPv6 Author: H D Moore
Uninformed is a non-commercial technical outlet for research in areas pertaining to security technologies, reverse engineering, and lowlevel programming. The journal is published roughly three times a year and welcomes creative submissions from anyone who is interested in sharing knowledge.
Russian security company Elcomsoft just posted a press release detailing a new method to crack WPA and WPA2 keys:
With the latest version of Elcomsoft Distributed Password Recovery, it is now possible to crack WPA and WPA2 protection on Wi-Fi networks up to 100 times quicker with the use of massively parallel computational power of the newest NVIDIA chips. Elcomsoft Distributed Password Recovery only needs a few packets intercepted in order to perform the attack.
The 100-fold increase in speed is achieved with two GeForct GTX280’s per workstation; for €599 you can build a network of 20 workstations dedicated to “recovering” your “lost” WPA keys. This means that a WPA or WPA2 key could be cracked in days or weeks instead of years.
This has prompted security firm GSS to advise their clients to add an additional layer of protection to their Wifi networks:
“This breakthrough in brute force decryption of Wi-Fi signals by Elcomsoft confirms our observations that firms can no longer rely on standards-based security to protect their data,” said GSS managing director David Hobson. “As a result, we now advise clients using Wi-Fi in their offices to move on up to a VPN encryption system as well.”
But the question remains how long it will take until the next generation of GPU’s or custom-designed chips will break VPN encryption as well. 3DES DES encryption can already be broken quite easily with custom-built machines, and while AES appears to be better on paper, there is no guarantee that there isn’t some hidden flaw in the algorithm. GSS agrees:
Hobson added that the development could spur a step back from wireless to wired network connection in sensitive installation, such as financial services organisations, particularly concerned about data privacy.
Update: This will, of course, mainly affect simple ascii keys. And it will only work against static keys; anyone using more complicated authentication schemes will not be at risk for now. But since that takes a couple of extra minutes when installing, smaller businesses or departments often skip setting this up.
FREE Sample Penetration Testing Report Template Posted by cdupuis on Sunday, 26 October 2008 @ 22:45:51 EDT (291 reads) TopicCEH
The following have been developed and used by many of those on the Westminster University courses. They have been offered to the general IT community as open source documents for free download and use.
Microsoft pen testers AKA ethical hackers, Billy Rios and John Walton, headline an impressive list of presentations by security researchers, practitioners and executives on Oct 31 & Nov 1, 2008 for the fall edition of ChicagoCon. For only $100 including food and swag, it's a steal. And without an exhibit hall full of sales pitches, you're free to learn from the pros, network with peers and advance your career.
Ethical Hacking Conference Friday Oct 31 - Saturday Nov 2
In a plush auditorium, ChicagoCon features hourly presentations similar to what you would find at Black Hat starting on Friday afternoon at 2:00 PM and continue throughout the entire day on Saturday. We will also have breakout sessions in adjoining classrooms on Saturday for more extensive treatment of certain topics. For only $100, you get an entire day and a half of cutting-edge security talks, book giveaways, free magazines, Pizza Party on Friday, lunch on Saturday, attendee bag with t-shirts and much more.
The Ethical Hacking Conference will have as it's opening keynote presentation, Billy Rios and John Walton, members of Microsoft's own pen testing team AKA Blue Hats:
Mischievous Eyes and Malicious Mindsets
The browser is our window to your secrets... and we've got mischievous eyes. As organizations push to increase the "richness" of online user experiences, they are also unwittingly increasing attack surface for organizations and their users. Join two of the best looking security researchers in the world as we dissect the current state of client side and web application security. We'll dive into the gory details and demonstrate the impact of client side vulnerabilities, blended threats, and targeted attacks. We'll cover everything from benign application vulnerabilities that gave college hopefuls a sneak peak on their admissions status, all the way to vulnerabilities used to steal your data and compromise your machine.
Other speakers during this conference dedicated to the legitimate profession of hacking include:
Karsten Abata (Halock Security Labs) on "Nailing the Insider"
Michael A. Davis (CEO of Savid Technologies) sheds light on the new focus of organized crime in "Modernization of Malware Factories"
Donald C. Donzal (Founder of ChicagoCon) brings you "DIY Career in Ethical Hacking"
Michael Gregg (Author, Superior Solutions, Inc.) on "Malware - The Continuing Evolving Threat"
Daniel V. Hoffman (SMobile Systems) enlightens with "Smartphones Aren't Currently Being Exploited - And the Titantic is Unsinkable"
Ryan Linn (SAS) helps you get the most from your security investment with "Pen Testing ROI"
Brian Wilson (Cisco) offer up his mastery of network security in "Layer 2 Tai Sigung"
The wildly popular Metasploit hacking tool for the first time is now officially open source, open-license technology that can be incorporated into commercial tools.
The free research and penetration testing tool historically has had restricted, non-commercial licensing so that it could only be used by researchers or in-house penetration testers -- not repackaged, redistributed, or sold. But in the new version 3.2 -- due later this month in its final version -- Metasploit project lead HD Moore and his team have transformed Metasploit into an official open source project, complete with a BSD 3-Clause license arrangement that allows others to sell, rename, or “fork” the code in another direction.
"Changing the license to be as open as possible -- BSD 3-clause is nearly public domain -- would not only be fair to the new developers, but allow us to expand beyond the original goal as an exploit platform and become the basis for wide variety of new projects," says Moore. "It's entirely likely that we will see new projects targeted at individual sectors and applications, which we hope will filter some improvements back to the core project. By opening the license to the entire Metasploit codebase, we have let the proverbial cats out of the bag -- it's now just a matter of counting kittens."
Sr. Security Consultant - British Telecom Posted by cdupuis on Thursday, 16 October 2008 @ 19:58:58 EDT (402 reads) TopicJobs
Anonymous writes "
Sr.Security Consultant
Location: New England (MA, NH, RI)
Job Code: 476
Description
BT is one of Europe's leading providers of communications services, with over 21 million corporate and residential customers in the UK alone. Principal activities include local, national and international telecommunications services, higher-value broadband and Internet products and services, as well as IT solutions.
BT Global Services is BT’s business communications division, providing a complete range of integrated communications and IT services to customers world-wide. Specialization is flexible and innovative services to fulfill customers' end-to-end communication needs with maximum clarity and control. Focus is on multi-site organizations in Europe, US and Asia Pacific with substantial European operations.
Division: BT Professional Services
Location: MA, NH, RI
Travel: 25%-50%
Position:
Senior Security Consultant
Job Description:
This professional will serve as a leader in the security consulting organization at BT INS. BT INS is currently working with a number of organizations across vertical markets, and is seeking individuals with experience in the information security space. Specifically, a Senior Security Consultant will be responsible for leading teams of consultants in performing BT INS core security services, including risk assessments, security audits, network vulnerability assessments, as well as security program services such as identity management, security remediation, and patch management initiatives. A Senior Security Consultant is also responsible for mentoring and developing the talents of other members of the security team, as well as assisting in pre-sales activities.
Job Requirements:
Experience in information technology strategy planning, information security program and administration, security architecture design and technology assessment. Advanced written and verbal communication skills Excellent leadership and teaming skills. Demonstrated integrity within a professional environment Experience with security program audits and assessments. Ability to perform network security vulnerability assessments Expertise in associating security requirements and initiatives with business drivers to ensure successful implementations is desired. 5+ years experience in a computer security related field. 3+ years experience with UNIX, Windows or Linux operating systems. 3+ years experience with Firewall and Filtering technology. 3+ years experience in the wireless carrier or telecommunications industry. Senior level experience with highly complex networks. Multiple years experience in and around wireless communications Strong experience in performance analysis. In-depth experience with change management. Hands-on experience with Firewall log analysis and incident handling. Well versed in perimeter security actuators and concepts. Firewall analysis background. In-depth understanding of internetworking. Certification in and/or hands-on experience on firewall products such as Bricks and Nokia/Check Point. Knowledge of security systems and mechanisms, able to interpret data and identify potential security issues. Highly motivated with the ability to work independently IT professional with numerous years experience in security, systems integration, enterprise, operations, infrastructure, and development aspects of the IT and professional services industries.
Education and Certifications:
Bachelors Degree in Information Technology/Computer Science or 5 years IT experience CISSP, SANS GIAC, CISA certifications a significant plus
Benefits and Training
BT PS is an employee-oriented company that offers a collaborative environment for consultants to work in. Each consultant has their own professional development plan and access to our comprehensive knowledge management systems that contains over 17 years worth of intellectual property, solutions and proven techniques for delivering the most complex technical solutions.
BT PS has a proven and successful Engagement Methodology. BT PS offers training, both internally and externally to our consultants through Webinars, training classes, seminars, boot camps, online training, and assistance in gaining certifications.
Above & beyond your base salary, bonus plan; a full suite of medical, dental, vision, 401K, flex spending account; short/long term disability & life insurance; vacation and personal days.
BT PS pays for all travel expenses (airfare, lodging, meals, etc). Travel is a requirement for this position. BT PS pays for monthly cell phone usage and provides all consultants and staff with a laptop and accompanying equipment.
Existing authorization to work in the United States is required.
Relocation support for this position is not currently available.
Description BT is one of Europe's leading providers of communications services, with over 21 million corporate and residential customers in the UK alone. Principal activities include local, national and international telecommunications services, higher-value broadband and Internet products and services, as well as IT solutions.
BT Global Services is BT’s business communications division, providing a complete range of integrated communications and IT services to customers world-wide. Specialization is flexible and innovative services to fulfill customers' end-to-end communication needs with maximum clarity and control. Focus is on multi-site organizations in Europe, US and Asia Pacific with substantial European operations.
Division: Managed Security Solutions Group
Location: Anywhere in the US, preferably Mid-West or West Coast of the US
Travel: Variable (domestic)
Telecommuting / Work from home opportunity / Virtual office
Position: Ethical Hacker / Penetration Tester
Job Description:
The Ethical Hacker / Penetration Tester will be working individually and in teams. This individual will be performing network and web application ethical hacking assessments on multi-protocol enterprise network and application systems.
Duties may include: · Requirements analysis and design · Scoping of testing activity · Vulnerability assessment · Tools/script testing · Troubleshooting · Physical security audits, logical security audits, logical protocol and traffic audits · Training of client staff Engagement Management · Understanding of best-practice methodologies Business Development · Opportunity Identification · Ability to articulate components of the BT security consulting offering as well as of the BT associated services Specific Technical Skills · Desktop/Network Operating Systems: Windows, HP-UX, Linux, Solaris, AIX, etc. · Specific proxying tools such as Paros, Burp, Spike, Achilles "fault injection" · Commercial tools like Watchfire's AppScan, SPI Dynamics' WebInspect, Kavado's Scando, Cenzic's Hailstorm, Application Security Inc.'s AppDetective, freeware tools like Whisker and Nikto; Web Servers like Apache, IIS mention of WebServices like XML, SOAP mention of web products like Siteminder, Entrust getaccess, RSA Cleartrust · Security Scanners: Nessus, nmap, Retina, Appscan · Web application architecture · Management Systems · Physical/Data Link Layer
Job Requirements:
Consulting Skills
· Independence: self-directed · Teamwork · Client Satisfaction: Takes responsibility for ultimate client project satisfaction · Company Representation
Technical Skills
· Strong web application penetration testing experience is a requirement · Solid network penetration testing experience is a plus · Security background (penetration testing, C++, XML, and PERL programming knowledge) · Technical knowledge in network security products, cryptographic suites, firewalls a plus · Knowledge of computer forensics, network exploitation, ethical hacking, penetration testing and tool development · Experience in bypassing firewalls, evading intrusion detection are a nice-to-have · UNIX and Windows administration · Experience in application level attacks · Knowledge of the software development lifecycle in a large enterprise environment
Education and Certifications:
Bachelors Degree in Information Technology/Computer Science or 5 years IT experience Any of the following certifications: CISSP, GIAC, CEH certifications
Benefits and Training
BT is an employee-oriented company that offers a collaborative environment for consultants to work in. BT offers training, both internally and externally to our consultants through Webinars, training classes, seminars, boot camps, online training, and assistance in gaining certifications. Above & beyond your base salary are a full suite of medical, dental, vision, 401K, flex spending account; short/long term disability & life insurance; vacation and personal days.
Existing authorization to work in the United States is required.
hakin9 article for free! hakin9 latest article - Exploitation and Defense of Flash Applications - now available to download for absolutely free. The very useful article which discusses the specific Flash attack vectors. The paper describes important Flash security auditing tips as well as the proper development and configuration techniques.
Eliminating network security threats and achieving compliance doesn't need to be complicated, time consuming, or expensive.
As a network security professional, understanding how to prevent attacks and eliminate network weaknesses that leave your business exposed is critical. Vulnerability Management for Dummies arms you with the information needed to implement a successful security risk management program for your company.
In Vulnerability Management for Dummies, you'll get a: * Complete understanding of the risks posed by cyber criminals and the latest vulnerability trends * Step-by-step procedures for establishing policies, tracking inventory, scanning systems, identifying and fixing vulnerabilities, and verifying compliance * Breakdown of the different vulnerability management options available * 10 Best-Practice keys to establish a successful vulnerability management program
See How The Makers Of The M-16 Rifle Protect Their Mobile Workers
Most companies still face a common IT challenge: managing their employee laptops. Employees frequently travel for work and take along their laptops that contain sensitive business data. As more and more employees rely on laptops as their main workplace computer, volumes of information that previously remained within the confines of the office are now increasingly put at risk as they travel the world.
Read the special edition case study to find out how FN-Manufacturing:
* Protects their laptops from attack, loss, and theft * Protects their intellectual property from theft and misuse * Manages and controls network access and user behavior * Benefits from a single, lightweight endpoint security agent
Control who uses your content, what they can do with it, and how long they can use it for. Stop use and misuse of your documents, ebooks, training courses and web based content. Prevent copying, saving, sharing, modifying, print screen and screen grabbing. Prevent or control the number of prints and views. Expire or instantly revoke access.
LockLizard http://www.locklizard.com is a DRM (digital rights management) company that specializes in document security and copy protection for pdf, flash, ebooks, software and web based content (elearning courses, web portals, etc.).
We protect information with US Government strength encryption and DRM controls to ensure complete protection against copyright piracy. We provide copyright protection without the use of passwords to ensure maximum security and usability, and to protect information, documents and web content from unauthorized use and misuse no matter where it resides.
LockLizard digital rights management products are aimed at both publishers and companies that share or sell PDF or web based content where a higher degree of security and control is required - beyond simple password protection. Simply, securely, and cost effectively distribute, and manage, your digital content. Protect documents inside and outside your organization, and instantly revoke access to your secure information at any stage.
Control your intellectual property (IPR) securely regardless of where it resides, reduce publishing costs, ensure regulatory compliance with business processes (e.g. SOX), enforce document retention policies, establish new revenue generation techniques: these are just some of the business benefits of implementing LockLizard digital rights management solutions.
Use our DRM software to protect your intellectual property - stop copying, prevent printing, disable print screen, expire content, and instantly revoke access to information. Download a FREE 15 day trial from: www.locklizard.com
High School Programming League
Sphere Research Labs and Hakin9 are thrilled to announce a new major international contest. The contest is open to participants from all around the world, and is primarily meant for high school students worldwide. Schools are encouraged to register to become eligible for prizes - 20 schools from 6 countries have already done so, and registration is under way for another 30 schools. Prizes - portable computers for the winners, and lots gadgets every month - are co-financed by the contest sponsors, contest organizers, and participating schools.
The contest will consist of seven successive rounds, each approximately 5 weeks in length. The first problem set opened on September 20 and will last till October 25.
The official contest website (www.hs.spoj.pl) has been open since September 17, 2008. In the first week nearly 2000 participants created a contest account (accepting contest regulations), while more than 500 have already started solving problems. These include top rated high students, such as IOI Cairo gold medallists Maciek Klimek and Jaroslaw Blasiok, and also some ex-pros participating just-for-fun, for example Reid Barton.
Get the latest hakin9 edition - Kernel Hacking. Root Cause Analysis And Anti-forensics for Memory - and read about:
* VoIPER - VoIP Exploit Research Toolkit * Web Application Hacking - Attack and Defense of Flash Applications * Registry Analysis - Find Windows Registry Flaws * Mobile Devices Security - Locking Down Your Phone from Intrude Abuse * Rich Internet Applications - Auditing, Attacking, and Breaking Implementations
International Security Workshop & Conference 27.10.2008- 29.10.2008 Hotel Airport Ok?cie, Warsaw, Poland
Your IT Life - Security or Disaster? - the choice is yours..... Come to Warsaw, meet hackers - the good ones!! 3 days, over a dozen hours of workshops, best-known speakers..
Take care of all IT risks in your company! Join us and feel safe!
As always we assure international speakers: Daniel Mende, Enno Rey, Angelo Rosiello, Rolf Rolles, Sebastien Doucet, Michael Kemp
Most lectures will be conducted in BYOL (Bring Your Own Laptop) mode, aimed at participants who have brought their own computers and therefore will actively participate in sessions.
More information: http://www.itunderground.org/ SPECIAL DISCOUNTS FOR: Groups Students Participants from previous editions Hakin9 and Linux+ subscribers
New videos and Web Links related to RFID lack of security were added Posted by cdupuis on Tuesday, 07 October 2008 @ 14:09:22 EDT (264 reads) TopicRFID
Today I have uploaded some videos and added web links related to the subject of RFID.
Take a look and learn about the lack of security within the RFID technology.
D-Day for RFID-based transit card systems Posted by cdupuis on Tuesday, 07 October 2008 @ 09:48:17 EDT (281 reads) TopicRFID
Want to ride the subway for free without having to jump the turnstiles? Well, as of Monday, you'll be able to do that by making a fake transit card.
A scientific paper detailing the security flaws in the Mifare Classic wireless smart card chip used in transit systems around the world is being published by the Radboud University Nijmegen. And a researcher at Humboldt University in Berlin has published a full implementation of the algorithm (PDF).
"Combining these two pieces of information, attacks can now be implemented by anyone," RFID researcher Karsten Nohl told CNET News. "All it takes is a $100 (card) reader and a little software."
Armed with the information in the papers, someone could steal the secret key from a Mifare Classic-based transit card and create a clone of it. As seen in a demonstration, data was collected wirelessly by merely brushing a card reader past someone carrying a card. The data was then used to create a fresh transit card that permitted free access to the London subway.
Subway systems in Amsterdam, Boston, Bangkok and Delhi, among other cities, are also susceptible, as are building access control systems in Europe.
"That's just the tip of the iceberg," said 3ric Johanson, a Seattle-based security consultant. "It's my estimation that approximately 3.5 billion cards have been issued using the Mifare Classic protocol, all subject to financial fraud. There are at least 60 or so major citywide RFID implementations that rely on Mifare Classic."
Nohl, who worked with others to break the Mifare crypto last year and received a Ph.D. in computer security from the University of Virginia, suspects that "hobby hackers who ride the metro everyday and are curious about this technology" will be the first to exploit the vulnerability, "more for fun than profit."
For the less technologically savvy among us, there could soon be mass produced devices that make it easy to forge Mifare Classic cards, Johanson said.
Johanson, an expert in RFID technology, said he has reached out to transit systems to offer help improving their security, but received mixed responses.
There are options for transit authorities who don't want to replace their entire systems. For instance, they can use intrusion detection-type systems that register when a particular card has had a change in value or been cloned, according to Johanson. "I'm highly dubious about a lot of these claims because it's hard to do it right," he said of such measures.
NXP, the company that developed the Mifare Classic chip, could not be reached for comment Monday. The company sued to block publication of the Dutch University paper but a judge ruled in July that the paper could be published.
The Massachusetts Bay Transit Authority (MBTA) took legal action in August to prevent three MIT students from presenting their research on how to "hack" the Boston subway system at the Defcon hacker confab in Las Vegas. A judge later lifted the gag order in that case. Representatives from the MBTA could not be reached for comment.
Security systems like the Mifare Classic that are not peer reviewed are not as trustworthy as systems that can be openly analyzed by researchers looking for flaws, Johanson and Nohl said.
"Developing your own proprietary security mechanisms and not getting public scrutiny on it does not work," Nohl said
Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.
Study Group in Mumbai - India
