Comments on: RFID Virus? http://www.liewcf.com/archives/2006/03/rfid-virus/ Tech, Web, How to, Reviews, Tips, Downloads, and Make Money Online Sun, 22 Nov 2009 09:55:37 +0800 http://wordpress.org/?v=2.8.5 hourly 1 By: Networks and Security » Blog Archive » The Industry Reacts to RFID Virus Researchhttp://www.liewcf.com/archives/2006/03/rfid-virus/comment-page-1/#comment-19567 Networks and Security » Blog Archive » The Industry Reacts to RFID Virus Research Tue, 21 Mar 2006 02:52:04 +0000 http://www.liewcf.com/blog/?p=2195#comment-19567 [...] Last week’s proclamation by a group of computer scientists that RFID tags represent a vehicle for the transmission of computer viruses precipitated a frenzy of headlines from both within and without the RFID industry. Executives at leading RFID companies were bombarded with calls from journalists, and industry association AIM Global was compelled to release a statement addressing the issue. Even the New York Times reported the story. Below are summarized the key takeaways of the whole episode. [...] [...] Last week’s proclamation by a group of computer scientists that RFID tags represent a vehicle for the transmission of computer viruses precipitated a frenzy of headlines from both within and without the RFID industry. Executives at leading RFID companies were bombarded with calls from journalists, and industry association AIM Global was compelled to release a statement addressing the issue. Even the New York Times reported the story. Below are summarized the key takeaways of the whole episode. [...]

]]> By: cchiuyihttp://www.liewcf.com/archives/2006/03/rfid-virus/comment-page-1/#comment-19501 cchiuyi Mon, 20 Mar 2006 04:05:49 +0000 http://www.liewcf.com/blog/?p=2195#comment-19501 i agree. because even if the application itself is secured, there are other element as well. such as operating system (below the application stack etc) third party component or alot more.but i usually use "user is evil" because i'd long ago read a research stating that about 60-80% of the damage,downtime or whaterver is caused by user itself, as in not internally faulty.in rfid case, its user s input that exploit the vulnerable loophole. i agree. because even if the application itself is secured, there are other element as well. such as operating system (below the application stack etc) third party component or alot more.

but i usually use “user is evil” because i’d long ago read a research stating that about 60-80% of the damage,downtime or whaterver is caused by user itself, as in not internally faulty.

in rfid case, its user
s input that exploit the vulnerable loophole.

]]> By: wooncherkhttp://www.liewcf.com/archives/2006/03/rfid-virus/comment-page-1/#comment-19458 wooncherk Sun, 19 Mar 2006 12:02:42 +0000 http://www.liewcf.com/blog/?p=2195#comment-19458 <code>“user input is always evil, treat it evil, validate it and you would be almost free.“ </code>this is only the idea for so-called good application... but i believe... no matter how well a program is programed... there will always be security problems... in IT world... nobody can escape from it...just my 2 cents though... “user input is always evil, treat it evil, validate it and you would be almost free.“

this is only the idea for so-called good application… but i believe… no matter how well a program is programed… there will always be security problems… in IT world… nobody can escape from it…

just my 2 cents though…

]]> By: cchiuyihttp://www.liewcf.com/archives/2006/03/rfid-virus/comment-page-1/#comment-19443 cchiuyi Sun, 19 Mar 2006 07:43:08 +0000 http://www.liewcf.com/blog/?p=2195#comment-19443 i did an rfid related project for my final year. if you read the entire article, especially the original publication form the original author, you would know that this scenario would be less likely to happen to big vendors.typical china men solution without focusing on quality and software engineering practice would probably vulnerable to it.the virus actually acts just like any computer virus. e.g. sql injection and etc works in poorly coded rfid middleware and web application.if the programmer is good enough to escape " ' " (use for sql injection) then everything would be fine.golden rule for programmer that wants automatic seciurty build into the applicaiton is "<strong>user input is always evil, treat it evil, validate it and you would be almost free.</strong>" i did an rfid related project for my final year. if you read the entire article, especially the original publication form the original author, you would know that this scenario would be less likely to happen to big vendors.

typical china men solution without focusing on quality and software engineering practice would probably vulnerable to it.

the virus actually acts just like any computer virus. e.g. sql injection and etc works in poorly coded rfid middleware and web application.

if the programmer is good enough to escape ” ‘ ” (use for sql injection) then everything would be fine.

golden rule for programmer that wants automatic seciurty build into the applicaiton is “user input is always evil, treat it evil, validate it and you would be almost free.

]]> By: wooncherkhttp://www.liewcf.com/archives/2006/03/rfid-virus/comment-page-1/#comment-19369 wooncherk Fri, 17 Mar 2006 17:00:32 +0000 http://www.liewcf.com/blog/?p=2195#comment-19369 now that RFID is getting more and more attention.... but then the researchers said that this revolutionary technology is vulnarable to viruses, which are the most disfavourable things to most of the ppl...haih~~ all the good things hav its negative side... now that RFID is getting more and more attention…. but then the researchers said that this revolutionary technology is vulnarable to viruses, which are the most disfavourable things to most of the ppl…

haih~~ all the good things hav its negative side…

]]>