[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Default Passwords for World Wide Packets/Lightning Edge Equipment
- Subject: Default Passwords for World Wide Packets/Lightning Edge Equipment
- From: smb at cs.columbia.edu (Steven Bellovin)
- Date: Wed, 13 Jan 2010 14:26:25 -0500
- In-reply-to: <[email protected]>
- References: <9504.1263405986@localhost> <[email protected]> <[email protected]>
On Jan 13, 2010, at 1:45 PM, Barry Shein wrote:
>
> There seem to be a lot of misconceptions about RFID tags. I'm hardly
> an expert but I do know this much:
>
> RFID tags are generic, you don't put data into them unique to your
> application.
>
Part of the original (or at least early) context for this thread was recovery of default passwords. If the password is F(ser#), it's only learnable if you know both F() and ser#. The vendor knows F() -- who knows ser#? If it's in an RFID tag, or is DBlookup(tag#,vendor_db), being able to read this admittedly-arbitrary number may indeed be a threat.
--Steve Bellovin, http://www.cs.columbia.edu/~smb