From Security Weekly WikiJump to navigationJump to search
, 17:46, 4 September 2008
[http://www.theregister.co.uk/2008/09/03/mythbusters_gagged/ Mythbusters Prevented From Running RFID Hacking Show] - [PaulDotCom] - Conflicting stories abound, it appears that CC companies do not want RFID shortcomings to be public knowledge. I don't think that talking about RFID hacking and vulnerabilities is a crime, so look for some things coming soon. [http://feeds.feedburner.com/~r/elwoodnet/~3/382326799/48559370 Information must be free] - [Larry] Along the lines of the MIT charlie card hackers, one group being told to be quiet about a weakness or vulnerability is bad, because that just opens the door for others to start talking about it. The Mythbusters wanted to talk about the huge insecurities in RFID, and contactless payment systems based on rfid on the show. when they set up a call with the manufacturers to get specs, the lawyers got involved and it appears that Discovery got pressured into not running the story. However, researchers have been saying that this stuff is bad for a long time. Remember the story about reading paypass data with a modified reader? It just didn't make it to prime time TV.
[http://www.schneier.com/blog/archives/2008/09/security_roi_1.html Security ROI] - [Larry] - There is just too much to talk about here in a few short lines. Does RIO for security work? is the RIO more of a soft cost (IE preventing a breach, remediating, cleanup and legal/community view issues) Let's discuss.