http://www.cardacc.com/cards.htm To my knowledge there is no information (location, company code, etc)--at least I've never specified it in ordering the cards nor in the software when we set it up initially. It's just a number. I still don't know if you can request a range or something...might take some social engineering "yeah, company X next door has the 25000 range...can we get 26000 for simplicity?" A EE buddy of mine works at a Web based surveillance camera company who is moving into the proximity card area. When he gets his hands on that stuff we were going to take a look at how it operates at the hardware level. I think it's similar to the shoplifting alarm deals you see at wal-mart, etc. Wouldn't that be cool to have a fake plant or something that was secretly harvesting proximity card numbers? Or what if you had a little device that would sniff them from a few feet away and then mimic them? There are some ISO standards (see 14443 on http://www.iso.ch/iso/en/CatalogueListPage.CatalogueList?ICS1=35&ICS2=240&ICS3=15) but I haven't seen where the NC system complies with that or any other standard. I doubt they are smart cards, but I hope they are using some sort of cryptography in the protocol. I wouldn't be surprise if the cards just spit a number out somehow though. -Mike At 03:59 PM 1/11/2002 -0600, Magnus Ullberg wrote: >Thanks, good info. > >What I was wondering is whether i could order a card with the same number as >another card and get access to what that card has access to. >Or if there is aditional info stored on the card (location, unique company >code, etc.) to prevent that. >The cards here were bought in two different batches, one is in the 26000 >range and the other in a much lower range. I dont know if you can specify >the range when you order them, but if you can i thought that if i could get >the number of the back of a admin card i could gain access to the building. > > >-----Original Message----- >From: Mike Shaw [mailto:mshawat_private] >Sent: Friday, January 11, 2002 2:57 PM >To: Magnus Ullberg; 'pen-testat_private' >Subject: Re: WinPac 2.0 > > >Interesting that you should mention this, because I just worked with >someone who put a system like this in. > > From what I could tell, the 5 digit number on the card is the only >identifier, although I think it's pretty difficult to replicate these >cards. I've wondered about collisions, but I guess until you got upwards >of 5-10 thousand employees, the chances of a collision/birthday effect are >low. It would be interesting to see if you could request a certain number >from a distributor. > >Some further interesting info form the northern site >(http://www.nciaccessworld.com): >"The default login and password are: Log In = Admin Password = (leave >blank) no password If the default login and password are no longer in the >software please contact Northern Computers technical support so a >technician can instruct you how to send the database to Northern Computers >so we can reset it to default for you. " > and.... >"The defualt passwords for WIN-PAK are: login = SYSTEM password = startup >These passwords are case sensitive. " > >There are also manuals there if you need them. The product is based of an >access database, so I can't imagine that snagging the password would be >that difficult if it's not a default password. If the workstation is >accessible from the network, or it's physically insecure, there may be some >leverage there too. > >-Mike > >At 11:22 AM 1/11/2002 -0600, Magnus Ullberg wrote: > >Anybody have information about Win-Pac 2.0? > >It is the system used to control doors and manage proximity cards. > >Each card has a 5 digit number on it. Anybody know if that number is the > >only thing that identifies the card or if there > >is some additional info on the card. > > > >Thanks, > >Magnus Ullberg > >Network Coordinator > > > > > >--------------------------------------------------------------------------- >- > >This list is provided by the SecurityFocus Security Intelligence Alert >(SIA) > >Service. For more information on SecurityFocus' SIA service which > >automatically alerts you to the latest security vulnerabilities please see: > >https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Sat Jan 12 2002 - 11:32:59 PST