Mythbusters and RFID

[Puke]

It's a conference featuring Adam Savage in which he briefly explains what major credit card companies said when Mythbusters wanted to test RFID chip vulnerabilities. Very interesting.

http://blog.wired.com/sterling/2008/08/arphid-watch-my.html

[KBCraig]

 

Wow. Just wow.

[AntonLee]

I love how candid he is, this was very interesting.

[error]

I was there.

[John Edward Mercier]

Why would anyone think that companies that use RFID to transmit individualized digital signal would not be upset that someone would show the world how to 'hack' the security?

The losses they could suffer would be outrageous.

[Pat McCotter]

Maybe they should fix the problem. Security through obscurity is not secure.

[error]

Why would anyone think that companies that use RFID to transmit individualized digital signal would not be upset that someone would show the world how to 'hack' the security?

The losses they could suffer would be outrageous.

Why would they build an insecure system which would expose them to outrageous losses?

[Lloyd Danforth]

Wizard Of Oz?

[Puke]

I was there.

I bet that was cool. I've seen some videos of their live shows. Looks very entertaining.

Why would anyone think that companies that use RFID to transmit individualized digital signal would not be upset that someone would show the world how to 'hack' the security?
The losses they could suffer would be outrageous.

It's not the upset part, it's the threatening to pull sponsorship if Discovery aired the show that's somewhat surprising.
It's just like the MIT students that had gag orders or some such served to them b/c they found vulnerabilities in the DHS network or something like that.

It shows how cavalier these corporations are with your finance info. Rather than fix the problem they threaten people to not talk about.

[John Edward Mercier]

The first line of security is always obscurity... and no level of security is unbreachable.
You can't 'hack' what you don't know about... and anything can be 'hacked'.

[K. Darien Freeheart]

The first line of security is always obscurity

I dispute this claim. In a very vague sense, sure. Obscurity in the sense that "what is unknown can't be taken advantage of" but the phrase "security by obscurity" as used within the hacker community historically means "by not making the security device/target available for assessment".

Open source software's biggest strength on the security side is that anybody can have access to the code to find potential weaknesses. As those weaknesses are detected by people who depend on the security, it is improved upon.

[John Edward Mercier]

This is why the differences between 'public/private' and 'common/collective' comes into play.
Public common does not need securing...

[D Stewart]

Why would they build an insecure system which would expose them to outrageous losses?

Cheaper?  Easier?  Quicker?  Too lazy to do anything better?

Whatever, I'm not really trying to answer your question... I just thought it was a good opportunity to throw out this link... http://www.youtube.com/watch?v=CS9ptA3Ya9E, which made me LOL.

[David]

My respect for him beyond my liking the show has just gone up a few, many, notches.    
Ayn Rand once lamented that corporations would not take on the gov't.  But organizations that have a lot to lose usually do not want to lose them, and Adam Savage in an indirect way pointed that out.  It will take one of those '3000' folks in the hacker audiance to take on RFID. 

[dalebert]

Adam's a libertarian.