From Security Weekly WikiJump to navigationJump to search
= Stories Of Interest =
[http://seclists.org/fulldisclosure/2008/Sep/0580.html Faking passports the THC way] - [
PauldotCom] - Talk about identity theft! Why do governments not learn that RFID is not secure? Its wireless all over again, transmitting in the clear and using poor encryption. The defense here, get an RF shielding wallet and/or case to keep your RF enabled stuff in. Like, your credit card... [Larry] - vonJeek modified RFIDiot to clone e-passports to a 72 K smart card with incorrect information. It works because the sanity checking is apparently broken because it is based on a self signed cert that is never appropriately validated.
[http://go.theregister.com/feed/www.theregister.co.uk/2008/09/30/mi6_camera_sold_ebay/ Don't forget to wipe...] - [Larry] - More reasons why we are giving away DBAN. Be careful wen you decommission equipment and send them to e-Bay or a reseller. In this example a camera owned by MI6 was bought on e-Bay, and the camera still contained pictures if missiles, authentication info and photos of classified Al-Queda documentation. On a related note [http://www.hackinthebox.org/index.php?name=News&file=article&sid=28443 this one] is even scarier - buy a hardware VPN endpoint on e-Bay, connect it up, and it automatically connects up to the internal network of Kirklees Council in Yorkshire. This makes bypassing the crunchy outside of your network trivial for an attacker. Set all equipment back to factory defaults!