Not if you change the default password like any sane admin does... -----Original Message----- From: Steven Bellovin [mailto:smb@cs.columbia.edu] Sent: Wednesday, January 13, 2010 11:26 AM To: Barry Shein Cc: nanog@nanog.org; nonobvious@gmail.com Subject: Re: Default Passwords for World Wide Packets/Lightning Edge Equipment On Jan 13, 2010, at 1:45 PM, Barry Shein wrote:
There seem to be a lot of misconceptions about RFID tags. I'm hardly an expert but I do know this much:
RFID tags are generic, you don't put data into them unique to your application.
Part of the original (or at least early) context for this thread was recovery of default passwords. If the password is F(ser#), it's only learnable if you know both F() and ser#. The vendor knows F() -- who knows ser#? If it's in an RFID tag, or is DBlookup(tag#,vendor_db), being able to read this admittedly-arbitrary number may indeed be a threat. --Steve Bellovin, http://www.cs.columbia.edu/~smb