On Oct 23, 2006, at 10:57 AM, Roland Perry wrote:
In article <[EMAIL PROTECTED]>, John A.
Kilpatrick <[EMAIL PROTECTED]> writes
The fellow I chatted with at AT&T said they are not allowed to
hand over their badge because it would compromise their security.
My tech said the same thing. That keycard could grant central
office access
On its own? No keycode or anything. What if he lost it?
so he couldn't surrender it.
But presumably it would need to be stolen. Wouldn't the tech notice
that happening... Or is there some way the colo security guy can
clone it undetected?
These are trivial to clone -- all you need is a reader hooked up to a
PC and you can read the number off the card. You can then buy a batch
of cards that cover the serial numbers that you are interested in
(no, I don't really understand WHY you can buy numbered ranges, but
you can...)
The other alternative is something like: http://cq.cx/proxmark3.pl
This device will read and clone a large number of proximity cards --
you don't even need real access to the card, all you need to do is
brush up against the cardholder with the antenna cincealed in your
pocket....
--
Roland Perry
--
If the bad guys have copies of your MD5 passwords, then you have way
bigger problems than the bad guys having copies of your MD5 passwords.
-- Richard A Steenbergen
