- What does Cisco have against Quebec?
- Attrition.org nails another nitwit
- Diary of a deliberately spammed housewife
- Seven cloud-computing security risks
- 20 great Windows open source projects
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Secure card maker HID is objecting to a demonstration of a hacking tool at this week's Black Hat Federal security conference in Washington, D.C. that could make it easy to clone a wide range of so-called "proximity" door access cards.
HID has sent a letter to IOActive, a security consulting firm, accusing Chris Paget, IOActive's director of research and development, of possible patent infringement over a planned presentation, "RFID for beginners," on Wednesday, a move that could lead to legal action should the talk go forward, according to Jeff Moss, founder and director of Black Hat.
IOActive will hold a press conference Tuesday at 9:00AM to discuss the issue, according to Joshua Pennell, IOActive's CEO told InfoWorld.
Paget's talk will address widespread security issues with the implementation of RFID in proximity cards that are sold by HID and other companies and that are widely used for building access. His RFID cloner was on display at the recent RSA Security Conference in San Francisco, where he demonstrated for InfoWorld how the device could be used to steal access codes from HID brand proximity cards, store them, then use the stolen codes to fool a HID card reader.
Paget's presentation at Black Hat Federal will go deeper, providing schematics and source code that attendees could use to create their own cloning device, and discussing vulnerable implementations of RFID technology in a wide variety of devices, Paget told InfoWorld at RSA earlier this month.
"Hopefully I'll be able to give people some information about RFID and get some pressure on vendors to fix these lousy RFID implementations," Paget said. "As it stands, I can walk up to someone on the street or maybe stand next to them in an elevator, grab their card ID and get into the building," he said.
So far, Black Hat organizers have not been contacted or asked to cancel Paget's presentation, but lawyers representing Black Hat, which was purchased by CMP, are ready should that happen, Moss said.
"We're prepared for the worst," Moss said.
The incident between HID and IOActive recalls a 2005 imbroglio between researcher Michael Lynn and Cisco Systems over a presentation of a flaw in Cisco's IOS at a Black Hat event in Las Vegas.
In that incident, Cisco attorneys demanded that Lynn's presentation be torn out of the printed conference proceedings and that Lynn be blocked from giving his talk. Lynn ultimately resigned his position at Internet Security Systems (ISS) and gave the talk anyway, spawning lawsuits and even an FBI investigation of him.
Rss FeedRss Feed
and there is always a but... firebug doesnt work :(- Anonymous
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Comment