Yeah.. I suppose their would be limitations on the amount of data that would be on the chip.. Maybe the will just use an ID number that refrences the user info in the DB.... Has anyone successfully performed SQL injections usinf RFID tags? I looked at a few papers but know it's not widespread. I'm thinking about getting an IPAQ and an RFID reader/writer to play around w/ this stuff. JP packetfocus.blogspot.com www.packetfocus.com On 6/1/06, Jim Popovitch <jimpop@xxxxxxxxx> wrote:
Josh L. Perrymon wrote:
> So everyone is going to have this RFID embedded ticket with name,
> address, passport or driver license number?
From the article:
"an embedded RFID chip containing identification information
that will be checked against a database"
To me that doesn't imply that the chip will contain the items in your
list. It could be a checksum of the data in the DB, and security
officials just validate, against the DB, the full name on a physical
passport and the checksum on the RFID.
Now, the security of the DB could be a whole other thread of discussion.
;-)
-Jim P.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/