mazodude

@herrmann1001 It's nice when it's not just a surface level article and they really try to get the details

@mazodude Cool. You can tell he went full mode and fiddled with the device

.@herrmann1001 Nice little article on the chameleon. theverge.com/23411372/chame…

@herrmann1001 It says the author is Chris person

@mazodude Look that shout out. ❤️ Who wrote that piece ?

@herrmann1001 Found that a large international cruise company had the default key on their tags that let you buy stuff on the ship. You could then change the account number that purchases were charged to. Did it all with an Android phone

Lets play "Friday story time" where you post your best RFID hacking story! The best stories I promise to mention in the next talk I do.

@svblxyz Too bad it was a terrible tutorial but you couldn't know that as the dislike button count is gone

@Netxing Maybe @_MG_

Looking for PCB designers, recommendation?

@wabzqem @fs0c131y Yep must be the compressed version. Not showing it at all

@mazodude @fs0c131y I can see it in the recording? I moved the phone about a bit too and you can see it moving… maybe Twitter is showing you super compressed one :(

This should not be anywhere near this easy to fool (I’m not vaccinated.. yet)

@herrmann1001 When I'm out and about, I don't have my proxmark with me, so I use my phone (for HF at least). Otherwise it's the proxmark

Which device do you prefer to research RFID based systems?

@quentynblog Do you think you could also do one on passport RFID blockers? There is so much disinformation around them too. To access a epassport you need 3 pieces of information from inside the passport. Not really a valid attack either

@_MG_ @Netxing

Do I know anyone who could use a USB cable that siphons data off of various card readers in real time?

Nice little hack while watching #AusCERT2020. Right click on the video in the stream and click picture in picture to watch it in a floating window while you work. @AusCERT

@herrmann1001 @doegox I should do the same. To many white blank cards

Being inspired by @doegox labelling today, I thought of Doing the same

@Scott_Helme Thank you for the explanation. Super helpful

@mazodude Generally you can do more powerful things with POST, like a money transfer form on a bank website. GET requests are meant to be idempotent and thus safe so should pose no risk with CSRF.

SameSite Lax Cookies by default is now being rolled out to 100% of Chrome users on version 80 and above from today! groups.google.com/a/chromium.org…

@doegox @herrmann1001 Ahh. Didn't realise it was the same as the link the @NotSoCivilEngr had posted. Thanks @doegox

@mazodude @herrmann1001 yes youtube.com/watch?v=ghiHXK…

The correct link: youtube.com/watch?v=6rE6ue…

@quentynblog Nothing stopping you but you 🙂

@quentynblog Like a horse feed bag?

@herrmann1001 @doegox Wait, you can run python scripts now?

This one is for you, @doegox ! #proxmark