Jump to content

digininja

Global Moderators
  • Posts

    4,004
  • Joined

  • Last visited

  • Days Won

    210

Posts posted by digininja

  1. Depends if you are looking at high or low frequency. The high frequency are the MIFARE style with encryption and stuff like that, the low frequency are the basic ones such as the ones used in stock control that only hand over a number.

    It isn't a good idea to use the low frequency in badge systems but they often are because they are a lot cheaper.

  2. Again, from memory, the number printed on the card is the number it sends over. The assumption is security through obscurity, an attacker would have to see a number and then create a card.

    The other attack I've seen here is where a company buys a large amount of cards, much more than they need. They enter the full range into the badge system but then try to recoup some cash by selling some of the remaining cards. If you can get one of those, your number is already in the system.

  3. It has been ages since I worked on RFID but from memory, low frequency cards often just contain short serial numbers and what is printed on the card is what it sends to the reader.

    High frequency are smarter, for example MIFARE cards.

  4. That probably makes you a criminal. Hand the card over to a bank, get a refund for the purchase and hope they don't decide to come after you.

  5. You don't install Tor, it is a service you talk to add a proxy, any application that understands HTTP proxies can use it.

    If you've got deep packet inspection then I'd keep monitoring it and note what you are doing when it is detected, see if you can spot what apps are running.

    I'd also run malware detection as malware often uses Tor to hide its C&C channel endpoint.

    • Upvote 1
  6. A couple of comments on this...

    Don't disable things you aren't using, remove them. If they are disabled the files are still on disk and vulnerabilities still potentially exposed.

    Rather than setting temp directories at 777, make them owned by the web server user and keep them at 755. This prevents them from being written to by other users, for example the mysql user.

  7. You said your MD had set you this project, now it is because of a family member, all very odd.

    All the things you mention use some type of RF, they may use Wifi, they may use bespoke. Give us exact examples of what you are looking at and what you want help with.

  8. There is nothing special about the Nano in its power or internet requirements so think of it as the same as any other computing device.

    There is no way to give something constant power unless it is plugged in. Depending on the area you could try solar to keep batteries charged but a few bad weather days and that's out.

    For the internet connection, just give it its own 4G dongle, just remember that will increase battery usage.

    Unless your client is located in a fenced off or hard to access area, is there any reason for flying it in? Why not just walk past and drop it somewhere? You can then replace it whenever you know the battery level is low.

    Whatever you do, be really careful not to cause a bomb scare.

  9. Not really sure what you are after, what has car theft, drones, APs and an SDR got in common? Is this school homework?

    The HackRF is just a device that can receive and transmit RF signals at a wide range of frequencies. Read the product description on the Amazon page for more information or google HackRF to get a whole load of info.

  10. One thing I've had success with in a very crowded environment is running the WiFi card without an antenna so it can only see things really close by.

    I've been told that is a bad thing and it will burn out the card and potentially end the world (some people got really upset at me doing it) but I've never had any problems.

  11. It's all about risk assessment and working out your threats.

    If my machine gets popped while running, the database will be unlocked so password or key file won't make a difference.

    If the machine is off, then full disk encryption will be a good first layer of protection and someone grabbing it is likely to be a theif who wants it wiped and resold as quick as possible so done care about my passwords.

    Suspended, they would have to get past my login creds but would then have access to the unlocked database.

    If they steal the file from where it is shared, then a key file would be best but a strong password should be good enough to protect it.

    • Like 1
  12. I like KeePass as I get to keep the password file locally so can access it whenever I want and don't have to worry about anyone else securing their systems.

    Password or keyfile depends on where you are accessing it, if you are going at it from lots of places then you'll need to use a password or distribute the file widely around.

    • Like 1
  13. I'd agree for most people but it all depends on what he is worth to them. If he is a nuclear scientist at a conference on innovative research then they probably will care. Selling kids market stall plastic jewelry, they won't.

    Every discussion on topics like this need to start by working out threat models and risk profiles, till you have those, you can't make any sensible decisions.

  14. Don't worry about the external stuff, any box on the internet is getting hit like that all the time.

    For the internal, I assume the ISP modem is plugged directly into your firewall box with a cable and that there is nothing else connected between them, all the rest of the boxes are on the other side of your internal box.

    Are you using a different subnet for the internal network? i.e. not 10.4.4.0/24? Where are you seeing the alerts? Is it on your router or on another box? What is the router? Is it something you can trust to give good information or a cheap box that may just have bugs and be mis-representing the information?

×
×
  • Create New...