[92970] in North American Network Operators' Group
Re: Collocation Access
daemon@ATHENA.MIT.EDU (Warren Kumari)
Mon Oct 23 14:52:56 2006
In-Reply-To: <qyAECT2zJQPFFAAC@perry.co.uk>
Cc: nanog@merit.edu
From: Warren Kumari <warren@kumari.net>
Date: Mon, 23 Oct 2006 11:34:11 -0700
To: Roland Perry <lists@internetpolicyagency.com>
Errors-To: owner-nanog@merit.edu
On Oct 23, 2006, at 10:57 AM, Roland Perry wrote:
>
> In article <20061023103731.W56322@iama.hypergeek.net>, John A.
> Kilpatrick <john@hypergeek.net> writes
>>> The fellow I chatted with at AT&T said they are not allowed to
>>> hand over their badge because it would compromise their security.
>>
>> My tech said the same thing. That keycard could grant central
>> office access
>
> On its own? No keycode or anything. What if he lost it?
>
>> so he couldn't surrender it.
>
> But presumably it would need to be stolen. Wouldn't the tech notice
> that happening... Or is there some way the colo security guy can
> clone it undetected?
These are trivial to clone -- all you need is a reader hooked up to a
PC and you can read the number off the card. You can then buy a batch
of cards that cover the serial numbers that you are interested in
(no, I don't really understand WHY you can buy numbered ranges, but
you can...)
The other alternative is something like: http://cq.cx/proxmark3.pl
This device will read and clone a large number of proximity cards --
you don't even need real access to the card, all you need to do is
brush up against the cardholder with the antenna cincealed in your
pocket....
> --
> Roland Perry
>
--
If the bad guys have copies of your MD5 passwords, then you have way
bigger problems than the bad guys having copies of your MD5 passwords.
-- Richard A Steenbergen
