Roger Grimes on Why You Do Not Need to Worry About RFID Blocking Wallets
-
@scottalanmiller said:
@Dashrender said:
A good breakdown can be read here http://www.techrepublic.com/blog/it-security/chip-and-pin-the-technology-is-no-longer-secure/
Only problem there is that they don't explain how a card is cloned if it doesn't leave your hand, as it would not in a chip and pin transaction.
The only flaw I know of with chip and pin is banks that decide not to actually use chip and pin technology but only use the card itself and ignore the pin. If actual chip and pin is used, none of those attacks work. But the banks are not actually using it, of course the system doesn't work.
I think it's less about a cloned card, and more about a stolen one.
Chip and Pin does not save you from stolen cards - the overlay that simply sends the OK signal to the card removes the pin from matter'ing.
-
@johnhooks said:
@scottalanmiller said:
@johnhooks said:
If I recall correctly, US is chip and signature, not chip and pin so its almost useless.
Yup, but they sell it as "chip and pin" to trick people. My dad got one and was all excited they I asked how he was using it in all of those places without chip and pin readers and he was like I just sign.... oh no it's a scam!!
And I think gas stations have like a 3 year window to get compliant. They were one of the biggest issues.
I hadn't heard that anyone was exempt - but assuming that's true, As you said, without a PIN you're not really any more secure, and even with a PIN, your stolen card isn't secure either.
-
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
But RFID? yeah your passport is the only thing I can think of that most people have with one in it.
Yeah, I hate that one. It makes American children identifiable when abroad from a distance. You don't need to be able to read the RFID, only see it. It becomes a tracking device (over very short distance.) But the scariest thing is that if a family is all carrying their RFID passports as they are told to do, someone in a crowded marketplace or other public area can use them to identify foreign children and, more scarily, identify when they have become isolated or are out of line of site with their accompanying adults.
You would have your minor children carry their own passports? Regardless of what 'they' say I probably would never do that. Give them a paper copy fine, but the actual passport.. nah.
They tell them to do so. It's often recommended.
-
Hmm... Roger seems to have a trend of recommendations against protecting yourself. In the case of the RFID wallet, he makes total sense. I've never even though of buying an RFID blocking device.
But someone on SW thinks that firewalls are useless because of this nonsensical piece of crap article: http://www.infoworld.com/article/2616931/firewall-software/why-you-don-t-need-a-firewall.html
-
Easily one of the creepier RFID things I've seen
-
-
Another RFID issue that I've seen is schools forcing children to wear RFID tags. It sounds great that during the school day the school knows what room they are in. That's fine. The problem is that when kids walk home creepers can stalk them without being visible to the kids themselves. A potential abductor can lurk behind a fend, use a simple scanner to tell when the children have separated from a group, identify their exact location and abduct them knowing that the school has ensured that he (or she) has identified a child within a certain age bracket, their location and the potential location of friends who would miss them shortly.
Talk about someone working hard to put kids at severe risk!
-
Did you just make that? Jesus and Chippy!
-
@scottalanmiller said:
The problem is that when kids walk home creepers can stalk them without being visible to the kids themselves.
The range of RFID is really short (centimetres). Essentially you'd see the kids long long long long long before you got an RFID blip.
-
@MattSpeller said:
@scottalanmiller said:
The problem is that when kids walk home creepers can stalk them without being visible to the kids themselves.
The range of RFID is really short (centimetres). Essentially you'd see the kids long long long long long before you got an RFID blip.
Battery powered ones have a range of about 300 feet.
-
@scottalanmiller said:
@Dashrender said:
But RFID? yeah your passport is the only thing I can think of that most people have with one in it.
Yeah, I hate that one. It makes American children identifiable when abroad from a distance. You don't need to be able to read the RFID, only see it. It becomes a tracking device (over very short distance.) But the scariest thing is that if a family is all carrying their RFID passports as they are told to do, someone in a crowded marketplace or other public area can use them to identify foreign children and, more scarily, identify when they have become isolated or are out of line of site with their accompanying adults.
As someone who lives in a tourist centered city, I PROMISE you that we know you're tourists from a block away. Sometimes more.
Edit for obligatory joke: Why do they bother to call it tourist season? You're not allowed to shoot them.
-
@johnhooks Doesn't EZPass (or any of the toll system) basically use the same tech with power-less devices and powered readers?
-
@coliver said:
@johnhooks Doesn't EZPass (or any of the toll system) basically use the same tech with power-less devices and powered readers?
I believe so.
-
A lot of stores use them to track inventory on the floor also.
-
@johnhooks said:
A lot of stores use them to track inventory on the floor also.
I've seen that at Best Buy and the B&N on RIT's campus had those on most of the books. I think one of the professors (or maybe B&N) were trying to do an instant tally/checkout implementation.
-
when we were in Africa we actually all carried copies of our passport and Visa's. Were told when we were in the capital city to keep our passports tucked away in blocking covers so that they couldn't be tracked easily. We were white, easy enough to spot as it was, and prime targets so don't give them any extra information.
-
@MattSpeller said:
@scottalanmiller said:
The problem is that when kids walk home creepers can stalk them without being visible to the kids themselves.
The range of RFID is really short (centimetres). Essentially you'd see the kids long long long long long before you got an RFID blip.
Oh now, it is very long. Even in the 1990s the VNC team at Cambridge could be tracked anywhere in the building with them. I know the ones in our car go like a hundred feet or more. I know that grocery stores have them that go ten feet or more.
-
@coliver said:
@johnhooks Doesn't EZPass (or any of the toll system) basically use the same tech with power-less devices and powered readers?
Yes, and they get some huge distance. And that's the distance at which you can READ it reliably. You can IDENTIFY one from many times that distance.
-
@coliver said:
@johnhooks said:
A lot of stores use them to track inventory on the floor also.
I've seen that at Best Buy and the B&N on RIT's campus had those on most of the books. I think one of the professors (or maybe B&N) were trying to do an instant tally/checkout implementation.
German grocery stores have been doing that for over a decade. NTG was looking at stuff like that in the early 2000s to replace our medical bar coding systems.
-
Alright if they've got "active" (battery powered) stuff and they call it RFID that's a lot different than passive (chip only).
Passive / chip only stuff is at best a meter or two (with a huge antenna like grocery store exits) - typically less than 10cm for stuff like bank cards, passports, etc.
Note: I don't think it's "RFID" anymore if you put a battery on it. Then it's just a bloody radio lol. And fair play I suppose, "Radio Frequency IDentification" but really the whole thing was supposed to be a passive reflector that lit up a specific frequency when pulsed by an antenna.