On Oct 23, 2006, at 10:57 AM, Roland Perry wrote:
In article <20061023103731.W56322@iama.hypergeek.net>, John A. Kilpatrick <john@hypergeek.net> writes
The fellow I chatted with at AT&T said they are not allowed to hand over their badge because it would compromise their security.
My tech said the same thing. That keycard could grant central office access
On its own? No keycode or anything. What if he lost it?
so he couldn't surrender it.
But presumably it would need to be stolen. Wouldn't the tech notice that happening... Or is there some way the colo security guy can clone it undetected?
These are trivial to clone -- all you need is a reader hooked up to a PC and you can read the number off the card. You can then buy a batch of cards that cover the serial numbers that you are interested in (no, I don't really understand WHY you can buy numbered ranges, but you can...) The other alternative is something like: http://cq.cx/proxmark3.pl This device will read and clone a large number of proximity cards -- you don't even need real access to the card, all you need to do is brush up against the cardholder with the antenna cincealed in your pocket....
-- Roland Perry
-- If the bad guys have copies of your MD5 passwords, then you have way bigger problems than the bad guys having copies of your MD5 passwords. -- Richard A Steenbergen