RFID: The Hacker’s Dream Key

This post is going to briefly discuss RFID (Radio Frequency IDentification) technology and some concerns with it being used in keys. It will start with a quick description of the functional components of RFID, move on to some examples of it being used in keys, continue with a little bit of cryptography talk, and end with saying RFID keys are probably a bad idea.Continue reading

Inventory Management

The SANS Institute lists the top 20 critical security controls at http://www.sans.org/critical-security-controls/. In this post I will concern myself with their number 1 item: inventory of authorized and unauthorized devices. According to SANS, controlling the inventory of authorized and unauthorized devices on a network seeks to “actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.” This article outlines several ways of implementing such control which I will briefly recount.Continue reading

Hacking Back

I’ve had a Roku for about two years now and just finally got around to hooking it up. There are a lot more channels than I was expecting, and some pretty good ones at that; one that I found and have been watching recently is the DerbyCon channel. DerbyCon is a hacker convention in Derby, Kentucky, and they have videos of all the speakers from 2011 and 2012. John Strand is the speaker I’m parroting. In his talk he spoke of “hacking back” as a way of interfering with webcrawlers and directory-scanning bots that I thought was neat.Continue reading