A method is provided for operating an RF transponder system to detect the presence of an RFID device in the proximal space of an RF reader unit having an excitation signal generator circuit and an RFID device detection circuit.

Here is a HID patent! By blogging this patent I am teaching you about technology that is patented by HID. By hosting this patent Google is also teaching you about technology that is patented by HID. Hey, HID, why don't you sue me?

Detection of an RFID device by an RF reader... - Google Patents

HID has claimed that teaching others about the information violates two of the company's patents, IOActive's CEO Josh Pennell told reporters in a conference call on Tuesday. On the advice of lawyers, Pennell would not describe other details about the claims.

Teaching others cannot violate a patent!

"If I say anything, HID will sue us," he said. "Large companies have lots of resources, and small companies, such as IOActive, don't."

This is not acceptable.

RFID Demo PULLED!

Secure card maker HID Corp. is objecting to a demonstration of a hacking tool at this week's Black Hat Federal security conference in Washington, D.C. that could make it easy to clone a wide range of so-called "proximity" door access cards.

HID has sent a letter to IOActive, a security consulting firm, accusing Chris Paget, IOActive's director of research and development, of possible patent infringement over a planned presentation, "RFID for beginners," on Wednesday, a move that could lead to legal action should the talk go forward, according to Jeff Moss, founder and director of Black Hat.

Intellectual Property laws are again being abused to silence security research. Patents do not cover presentations of technical information. They are a matter of public record. You can look them up online. Patents cover products. This claim is totally frivolous and the company fronting it is, I presume, betting yet again that the victim doesn't have the economic resources to defend himself. The worst part is that they have the audacity to accuse the researcher of being irresponsible. These issues are well understood. What is irresponsible is the willful malpractice of law in the pursuit of a loophole around the first amendment.

Battle brewing over RFID chip-hacking demo | InfoWorld | News | 2007-02-26 | By Paul F. Roberts

My next test case was the number "8"; no luck there either, the number didn't change at all. I then tried the number 5: success! '5' is an interesting test case, it's a "boundary value" just beyond the maximum allowed value of the field which was '4'. A classic programming mistake is to be off by 1 when coding constraints.

How to crash an in-flight entertainment system | CSO Blogs

A scheme to steal customers' credit and debit card information at a New England supermarket chain highlights a little-understood fact about credit card security: Customers still think that the credit-card companies have to eat fraudulent charges, but since the PCI DSS standards were adopted, it's actually the merchant banks and merchants who have to pay up. And, according to the blogger writing in the latter article, it's a good thing."

I don't agree with that blogger. Credit Card numbers get stolen because they can be. The only people who are in a position to rearchitect this system are the Credit Card companies, who, of course, have no economic incentive to do so, because they don't bare any of the costs associated with the fraud. This is market failure, and instead of pouring buckets of money at law enforcement in this context the government ought to fix the glitch.

Slashdot | Who Pays For Credit Card Breaches?

The picture on the left shows Hitachi's infamous mu chip, once heralded as the world's smallest RFID tag. Back in 2003, it was touted as the perfect size for embedding into currency, slipping into bullets, and even tagging humans. The siren song of this dot-sized tracker even lured the Malaysian government into buying rights to it.

These are interesting but the range on them is probably very small unless you've got a huge antenna coil in your reader or a very powerful amplifier. That reduces the threat that they could be abused.

'Weaponized' RFID

The best conference presenters have a story to tell, and this morning, Billy Hoffman -- the lead researcher at Web application security company SPI Dynamics, had a great story to tell Wednesday morning at the RSA security conference about how all your favorite new Web 2.0 applications are a boon to criminals.

27B Stroke 6 covered Billy's talk at the RSA security conference.

Billy rocks.

Wired: 27B Stroke 6- Billy Hoffman on Ajax Security at RSA

In its long evolution, Windows has grown so complicated that it is harder to secure. Well these images make the point very well. Both images are a complete map of the system calls that occur when a web server serves up a single page of html with a single picture. The same page and picture.

Which one do you think is Windows?

Why Windows is less secure than Linux | Threat Chaos | ZDNet.com

The second alternative is for Apple to license its FairPlay DRM technology to current and future competitors with the goal of achieving interoperability between different company’s players and music stores.

The most serious problem is that licensing a DRM involves disclosing some of its secrets to many people in many companies, and history tells us that inevitably these secrets will leak. The Internet has made such leaks far more damaging, since a single leak can be spread worldwide in less than a minute.

Apple has concluded that if it licenses FairPlay to others, it can no longer guarantee to protect the music it licenses from the big four music companies.

Steve Jobs speaks openly about DRM here, which is interesting, but he is obviously negotiating with European anti-trust entities in this essay. He presents a proposition that the two major European music companies license their music to him without a DRM requirement. Thats a bit "let them eat cake" I think. I'm sure he thinks the pressure that Europeans might put on those major music companies as a result of this essay will release some of the pressure on him, allowing him to find a better negotiating position.

Unfortunately, with regard to the passage I'm quoting, he's wrong. In order to have a DRM system you have to put the enforcement technology in the hands of all of your users. Those people can reverse engineer that technology, and spread their results via the Internet. DRM encoding systems can be just as blackbox as DRM enforcement systems, and you aren't handing them to as many people, so the idea that you can't tolerate the risk of those encoders being reverse engineered doesn't make any sense. You're already taking the greater risk that the decoders will be reverse engineered, and thats the fundamental crux of DRM. Furthermore, there is no reason why Apple couldn't support another companies DRM technology that already has shared encoders.

Steve Jobs - Thoughts on Music

Microsoft has joined forces with the Web 2.0 vanguard, as Bill Gates announced Tuesday in a keynote at the RSA security conference that Microsoft was going to support a distributed identity system known as OpenID.

This is interesting. OpenID has been discussed on MemeStreams before. While it would be useful for MemeStreams to serve OpenID so that our users could use their accounts to post on blogs that accept it, accepting it here is a different story. OpenID essentially allows anonymous blog commenters to maintain a persistent identity across the Internet. As we don't accept anonymous comments, adding this sort of capability presents more challenges for us than for blogs that do. We've talked about allowing anonymous comments, but this can open the door to more spam, particularly in threads that aren't fresh. It would be nice if a real identity sharing technology was layered on top of OpenID to ease account creation. There is a system that attempts to do this, but it suffers from the same scope limitations that FOAF does. Either way, I think we've got some simpler coding work that needs to be done on this site before that bubbles up to the top of our todo list.

Has anyone here messed with Cardspace?

Microsoft supports OpenID