Forgot your password?

+ - Long Range RFID Hacking Tool to be Released at Black Hat->

Submitted by msm1267
msm1267 (2804139) writes "Next week at the Black Hat Briefings in Las Vegas, a security researcher will release a modified RFID reader that can capture data from 125KHz low frequency RFID badges from up to three feet away. Previous RFID hacking tools must be within centimeters of a victim to work properly; this tool would allow an attacker or pen-tester to store the device inside a backpack and it would silently grab card data from anyone walking close enough to it.The researcher said the tool will be the difference between a practical and impractical attack, and that he's had 100 percent success rates in testing the device. Schematics and code will be released at Black Hat as well."
Link to Original Source

Comment: Re:I am willing to go along ... (Score 1) 111

by bhima (#43820607) Attached to: European Commission Launches $12 Billion Chip Support Campaign

I suspect that if the results of this effort were released with an appropriate hybrid Open-Source license, as well as providing both the Open-Source contributors & corporate funders /contributors with some sort of tax break, that more European people and firms would see more benefits, than if the results were locked up in some sort of Airbus-esque version of Intel. Comparing the business strategy that Intel pursued with Itanium to ARM's, I become more certain in this line of thinking.

Or to put it another way, an entity which was more like ARM than Intel or AMD but which did not have a foundational priority to maximize shareholder returns (i.e. not a Gesellschaft mit beschränkter Haftung (GmbH)) but instead with the priority to remain non-profit by folding all profits back into development efforts. And which produced and sold IP in similar ways as ARM but with hybrid licensing schemes, Open Source & non commercial projects could have access to certain parts of the IP, while commercial & proprietary projects would be required to buy a license or somehow contribute in kind. If the tax breaks for contributions were designed skilfully enough, then corporations inside the EU and paying taxes to the EU could, in a sense, spend less on R&D than it would cost to develop a new chip, by working on this EU wide collaboration and receive a commercial licence of similar value in return. The EU could protect cases of a 3rd party mass producing these chips as a commercial enterprise without a commercial license, with existing IP, contractual, and tax laws. So all corporations with EU subsidiaries would be obliged to follow these licenses, if they wished to use the chips and all chips or devices with chips would require the correct licensing to be sold in the EU.

In this way, any company could produce, or have a 3rd party produce, chips based on this IP and include them in their commercial offerings all over the world. However, EU companies who vigorously participated in the development could have advantages when it comes to providing chips to the EU market, while at the time encouraging lower costs for EU consumers by allowing for non-commercial licenses.

Naturally, this leaves open the possibility of a foreign group making unlicensed chips & devices for markets outside the EU. Essentially, this is a similar problem which ARM faces, but I am not familiar with any large examples of this kind of abuse... but I live in the EU, so it's possible that in various places around the world there are such things... but I guess, if they do exist, they've never become a big enough problem to make the news. Presumably this is due to the limitations that ARM places on their licensing in regards to 3rd party Fabs.

Comment: MarketFailure means other barriers must be removed (Score 1) 601

by bhima (#41137439) Attached to: Would You Pay an Internet Broadband Tax?

If we are going to acknowledge that the market has failed to provide Americans with internet service roughly similar to what other people have at similar costs and begin spending public funds on communication infrastructure (again) it's essential that we take steps to make sure that this does not once again become a mechanism to transfer public funds to corporations. This means not only removing all barriers to municipalities and other small communities from forming competitive last mile public ISP's but we also should get some sort of clawback program to go after the corporations which benifited so much from the last round of public funds and *did not deliver as promised*.


Finding Fault With Anti-Fracking Science Claims 505

Posted by timothy
from the grain-of-salt-reads-like-an-editorial dept.
A widely carried Associated Press article (here, as run by the Wall Street Journal) reports that some of the convincingly scientific-sounding claims of opponents of fracking don't seem to hold up to scrutiny. That's not to say that all is peaches: the article notes, for instance, that much of the naturally radioactive deep water called flowback forced up along with fracking-extracted gas "was once being discharged into municipal sewage treatment plants and then rivers in Pennsylvania," leading to concern about pollution of public water supplies. Public scrutiny and regulation mean that's no longer true. But specific claims about cancer rates, and broader ones about air pollution or other ills, are not as objective as they might appear to be, according to Duke professor Avner Vengosh and others. An excerpt: "One expert said there's an actual psychological process at work that sometimes blinds people to science, on the fracking debate and many others. 'You can literally put facts in front of people, and they will just ignore them,' said Mark Lubell, the director of the Center for Environmental Policy and Behavior at the University of California, Davis. Lubell said the situation, which happens on both sides of a debate, is called 'motivated reasoning.' Rational people insist on believing things that aren't true, in part because of feedback from other people who share their views, he said."

Comment: Variable Combustion Chamber Geometry (Score 1) 721

by bhima (#40043101) Attached to: Diesel-Like Engine Could Boost Fuel Economy By 50%

Reminds me of the variable combustion chamber geometry engines that were a fad back in the early '90s. With electronic control it is possible to run a gasoline engine mostly on single event pre-detonation (which used to be called "pinking") which allowing things to get completely out of control and creating the damaging pre-detonation commonly called "knocking".

Comment: user names (Score 1) 339

by bhima (#38549620) Attached to: Ask Slashdot: Changing Passwords For the New Year?

Besides complex passwords don't forget about usernames. I used to use just one username for all my online accounts but then I read some research paper outlining how much information an advertiser or attacker could gather from just comparing the same username across different websites. So now besides changing my passwords I also, where practical and possible, delete old accounts and create new ones with random usernames from a collection of username generators I've found.

Comment: I've been there (Score 2) 312

by bhima (#38263452) Attached to: Institutional Memory and Reverse Smuggling

For my entire adult life I worked in the medical diagnostic device industry and somewhere in the late late 80's and electronic documentation & email really started to take over. Then following a series of lawsuits the corporate SOP began to change. We went from loose organization in directories to using versioning tools for documents. And we went from what was essentially unlimited email storage to smaller and smaller... eventually ending up in 2005 with mandated culling policies. (mostly as a proactive defensive legal strategy).

By my nature, I am digital packrat. I still have all the email I have ever received or sent, in curated archives. I still have all the documents I have created. I still have all the code I have ever written. I still have all the design docs I have ever created. And I still have the knowledge management system I created to curate all of that data.

So, my nature and corporate policy really began to conflict more and more strongly. For about 12 years I used my own hardware for backups with my management looking the other way. Eventually I was told the backup strategy had to go and to take all my stuff home. That was replaced by corporate supplied laptop which I routinely took home to backup.

I took early retirement in 2009 and in late 2010 was asked back to resolve a thorny problem with some of the in-house equipment I had a hand designing. The current site manager, who I have a lot of disagreements with but is a nice guy, assessed the parts of my personal archive that I brought in with me as "The largest and most frightening example of industrial espionage he had ever seen"... and wanted to buy it from me so he could destroy it.

Comment: Re:I'm here (Score 1) 103

by bhima (#37905696) Attached to: Open Hardware Journal

I'm still disappointed Technocrat is no longer. It wasn't perfect and I completely understand your reasons for shutting it down. Still, it's disappointing.

I'm glad you've started to do something more public, I'm looking forward to see more of this. Open Source Software has really proven the importance of the existence of things with an alternative to the most restrictive copyrights. In fact that success has enabled me to successfully argue that the firm I worked for should abandon those restrictive copyrights for certain projects where we released source code to our customers for free. Open Source Hardware is the obvious next step, yet despite these obvious advantages I don't have the impression that the idea has really generated the kind of critical mass that we need for the wider adoption needed to be self sustaining. Hopefully this journal can be the positive influence we all need.

Also, I think the idea of publishing a journal instead of blogging, tweeting, or just using your facebook page is very smart and sets the whole enterprise up on a great direction.

You are in a maze of little twisting passages, all alike.