Re: *SPAM* Re: Is Your Cat Infected with a Computer Virus

From: Bruce C. Beattie (bruce@EECS.Berkeley.EDU)
Date: Fri Mar 17 2006 - 18:07:19 PST


Hi Stu,
  I think sundry interests are things like raisins....
Bruce

Stu wrote:

>I'm sorry, I thought this was the Military Vehicle Mailing List. You can
>call a cat an MV, but it is not. Your reasoning is not logical. MV's are
>not for conveying data, but for transportation. Now radio's, they are for
>data. Do you have the NSN #'s for the cat with the RFID?
>BTW, what are sundry interests? Shaving cream, soap etc.?
>
>
> "Stu" Southern, NH USA
> "Live Free Or Die; Death Is Not The Worst Of Evils"
>MVPA #14790
>1967 M151A1 Jeep 1964 M416 Trailer
>1985 M1008 CUCV Pickup
>
>
>
>-----Original Message-----
>From: Military Vehicles Mailing List [mailto:mil-veh@mil-veh.org] On Behalf
>Of Arthur Bloom
>Sent: Friday, March 17, 2006 8:22 PM
>To: Military Vehicles Mailing List
>Subject: *SPAM* Re: [MV] Is Your Cat Infected with a Computer Virus
>
>This is a forum that serves people with military vehicle and other sundry
>military interests. The article has military significance. The military uses
>
>RFID's. Since they convey info, they can be considered members of the
>smallest family of military vehicle. I found the article fascinating.
>
>APB
>
>
>----- Original Message -----
>From: "Stu" <stuinnh@mvnut.us>
>To: "Military Vehicles Mailing List" <mil-veh@mil-veh.org>
>Sent: Friday, March 17, 2006 8:13 PM
>Subject: Re: [MV] Is Your Cat Infected with a Computer Virus
>
>
>| Now that was on topic. I sure did need to know that.
>|
>| "Stu" Southern, NH USA
>| "Live Free Or Die; Death Is Not The Worst Of Evils"
>| MVPA #14790
>| 1967 M151A1 Jeep 1964 M416 Trailer
>| 1985 M1008 CUCV Pickup
>|
>|
>| -----Original Message-----
>| From: Military Vehicles Mailing List [mailto:mil-veh@mil-veh.org] On
>Behalf
>| Of J. Forster
>| Sent: Friday, March 17, 2006 5:58 PM
>| To: Military Vehicles Mailing List
>| Subject: [MV] Is Your Cat Infected with a Computer Virus
>|
>| March 15, 2006
>|
>| Coming Soon: Viruses Spread By RFID Tags
>|
>| By Gregg Keizer Courtesy of TechWeb News
>|
>| Radio frequency identification tags (RFID) can be used
>| to spread computer viruses and attack middleware
>| applications and the databases behind them, a group of
>| Netherlands-based scientists said Wednesday.
>| At an IEEE' conference on pervasive computing in Pisa,
>| Italy, Melanie Rieback, a third-year PhD student at
>| Amsterdam's Vrije Universiteit, presented a paper that
>| outlined the threat to RFID systems and laid out how
>| the small amount of memory in a tag -- in some cases
>| as little as 128 bytes -- could be used to corrupt
>| databases.
>|
>| RFID tags have been promoted as a more efficient and
>| economical way of tracking products -- from
>| manufacturers to end-users -- and have been thought to
>| be immune from such hacks.
>|
>| Not so, said Rieback, a U.S. citizen who has studied
>| in the Netherlands for the past five years. "This is a
>| real threat, and it's going to be a larger threat if
>| it's not taken care of," she said Wednesday after
>| presenting her paper "Is Your Cat Infected with a
>| Computer Virus?"
>|
>| Once a hacker has created a miniature virus -- and
>| perhaps planted a malicious tag on a product in store
>| -- the attack begins as soon as the RFID tag is
>| scanned. Attacks on middleware and the back-end
>| databases, she said, could take the form of buffer
>| overflows, code insertions, and SQL injections (a type
>| of specialized code insertion that tricks a database
>| into running SQL code).
>|
>| To combat such attacks, middleware and database
>| creators -- including big names like Oracle and SAP --
>| must harden their products to account for viral
>| infections.
>|
>| "We wanted to get the message out," she added. "Now
>| they have warning."
>|
>| Viruses could spread from tag to database, then to
>| other tags in settings where RFID chips are written
>| to, leading to scenarios where one incoming malicious
>| tag leads to a factory sending out millions of
>| infected chips to its customers.
>|
>| "There are real-world consequences here," said
>| Rieback. "Some car plants use tags on chassis to
>| identify what color the car is to be painted. If a
>| virus instructs the database to write tags that tell
>| [the machinery to] switch colors, you're talking about
>| destroying cars."
>|
>| Andrew Tanenbaum, Rieback's supervising professor at
>| Vrije Universiteit, had even more dire attacks in
>| mind.
>|
>| "In an airport that's tagging luggage [with RFID
>| chips], drug smugglers would love for their bags to
>| disappear," said Tanenbaum. "It would make it that
>| much harder for any AI used by the airport or customs
>| to spot suspicious bags."
>| Likewise, terrorists might be able to circumvent
>| RFID-based security measures -- such as those planned
>| to track shipping containers -- or evade bomb-sniffing
>| systems, such as the one set to debut this spring at
>| Las Vegas' McCarran International Airport, where tags
>| will be used to verify that bags have been checked for
>| explosives.
>|
>| Viruses on tags can cross borders with ease, said
>| Rieback. Although RFID tags use locally-determined
>| frequencies to transmit data, there are widely-used
>| international standards. A product marked in Germany
>| with a malformed tag might be able to infect systems
>| in the U.S., although the virus itself would likely be
>| middleware- or database specific.
>|
>| "But that's not a problem," said Tanenbaum. "Back-end
>| vendors are usually public knowledge. When a customer
>| signs with an RFID vendor, both usually issue press
>| releases."
>|
>| Rieback's presentation included a proof-of-concept
>| virus created by a masters-level student of the
>| university, Patrick Simpson, to demonstrate the
>| attack.
>|
>| "If we didn't [create a proof-of-concept exploit] no
>| one will believe us," Tanenbaum said. "The RFID
>| middleware makers, they'll all deny that there's a
>| problem." he continued.
>|
>| "The surprising thing about this all is how easy it
>| was to write a virus," he said. "It took Patrick just
>| four hours."
>|
>| "This is a wake-up call," concluded Tanenbaum.
>|
>| **********
>|
>| Again, thanks to JP
>|
>|
>|
>|
>|
>|
>| ===Mil-Veh is a member-supported mailing list===
>| To unsubscribe, send e-mail to <mil-veh-off@mil-veh.org>
>| To reach a human, contact <ackyle@gmail.com>
>| Visit the searchable archives at http://www.mil-veh.org/archives/
>|
>|
>|
>| ===Mil-Veh is a member-supported mailing list===
>| To unsubscribe, send e-mail to <mil-veh-off@mil-veh.org>
>| To reach a human, contact <ackyle@gmail.com>
>| Visit the searchable archives at http://www.mil-veh.org/archives/
>|
>|
>| --
>| No virus found in this incoming message.
>| Checked by AVG Free Edition.
>| Version: 7.1.385 / Virus Database: 268.2.4/282 - Release Date: 3/15/2006
>|
>|
>
>
>===Mil-Veh is a member-supported mailing list===
>To unsubscribe, send e-mail to <mil-veh-off@mil-veh.org>
>To reach a human, contact <ackyle@gmail.com>
>Visit the searchable archives at http://www.mil-veh.org/archives/
>
>
>
>===Mil-Veh is a member-supported mailing list===
>To unsubscribe, send e-mail to <mil-veh-off@mil-veh.org>
>To reach a human, contact <ackyle@gmail.com>
>Visit the searchable archives at http://www.mil-veh.org/archives/
>
>



This archive was generated by hypermail 2.1.4 : Tue Jul 18 2006 - 21:42:32 PDT