warren at kumari.net
Mon Oct 23 18:34:11 UTC 2006
On Oct 23, 2006, at 10:57 AM, Roland Perry wrote:
> In article <20061023103731.W56322 at iama.hypergeek.net>, John A.
> Kilpatrick <john at hypergeek.net> writes
>>> The fellow I chatted with at AT&T said they are not allowed to
>>> hand over their badge because it would compromise their security.
>> My tech said the same thing. That keycard could grant central
>> office access
> On its own? No keycode or anything. What if he lost it?
>> so he couldn't surrender it.
> But presumably it would need to be stolen. Wouldn't the tech notice
> that happening... Or is there some way the colo security guy can
> clone it undetected?
These are trivial to clone -- all you need is a reader hooked up to a
PC and you can read the number off the card. You can then buy a batch
of cards that cover the serial numbers that you are interested in
(no, I don't really understand WHY you can buy numbered ranges, but
The other alternative is something like: http://cq.cx/proxmark3.pl
This device will read and clone a large number of proximity cards --
you don't even need real access to the card, all you need to do is
brush up against the cardholder with the antenna cincealed in your
> Roland Perry
If the bad guys have copies of your MD5 passwords, then you have way
bigger problems than the bad guys having copies of your MD5 passwords.
-- Richard A Steenbergen
More information about the NANOG