• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

Hardware Vulnerable to Google RFID Keycard Door Hack Still in Use by Other Companies

cageymaru

Fully [H]
2FA
Joined
Apr 10, 2003
Messages
22,867
Google security researcher David Tomaschik discovered an exploit that allowed him access to any RFID keycard enabled door on the Google campus. By analyzing the seemingly random lock and unlock codes that his door sent through the Google network, he was able to discover the encryption key hiding the commands that were being sent. This allowed him to take full control of any RFID door on the campus in complete stealth as no record of his actions were recorded. Other corporations use the same Software House devices and the only known fix is a firmware upgrade that requires a hardware upgrade also.

But problems likely remain for others using the vulnerable Software House tech. Tomaschik said Software House had come up with solutions to fix the problem, though to switch to TLS, it'd require a change of hardware at the customer site. That's because the Software House systems didn't have enough memory to cope with the installation of new firmware, Tomaschik said. A spokesperson for Software House owner Johnson Controls said: "This issue was addressed with our customers." They didn't respond to a question on the need to replace physical devices.
 
so.. a networked device that is not capable of firmware upgrades??

REALLY??
 
giphy.gif
 
That industry is more slipshod that you believe, considering that most companies depend on physical security of their assets as their first, an primary, line of defense. I know, I've worked in it. In my opinion, sending this type of data over the normal IP network is foolish. I told a previous employer this, but I was assured that it was perfectly "safe". After I showed how easy it was to snoop the (unencrypted) transactions via wireshark, they just basically told me to shut up and sit down. But that was the least of their problems, they had plenty of other security holes which I couldn't patch fast enough. Too bad they let me get away before I got them all.
 
Back
Top