1998-07-31 - From: dac@zurich.ibm.com (Marc Dacier)

Header Data

From: bill payne <billp@nmol.com>
To: tcmay@got.net
Message Hash: 3ba4eadc84786a10eb7b6418414097cfea4625a8c6b71b34ac7f568c1ce2bbd6
Message ID: <35C20839.43A1@nmol.com>
Reply To: N/A
UTC Datetime: 1998-07-31 18:13:25 UTC
Raw Date: Fri, 31 Jul 1998 11:13:25 -0700 (PDT)

Raw message

From: bill payne <billp@nmol.com>
Date: Fri, 31 Jul 1998 11:13:25 -0700 (PDT)
To: tcmay@got.net
Subject: From: dac@zurich.ibm.com (Marc Dacier)
Message-ID: <35C20839.43A1@nmol.com>
MIME-Version: 1.0
Content-Type: text/plain

Friday 7/31/98 11:40 AM

John Young

I am looking at http://www.jya.com/raid98.htm

Dacier asked me why NSA/Sandia was concerned about what
each bit in an executable image did when I was in his office in
Zurich in April 1997.

Spiking, of course.  A SECRET OTHER FUNCTION to a device.

http://caq.com/cryptogate  http://www.aci.net/kalliste/speccoll.htm

NSA/Sandia doesn't trust its own employees!  

On the other hand, NSA/Sandia employees don't trust NSA/Sandia either.

The REAL WORLD again.

IBM Zurich was BIG into Java.

Network World, July 20, 1998 page 6

  The incredible shrinking Java alliance

  By Chris Nerney and Andy Eddy

    A year ago there were four of them, members of a new alliance
  touting a potent new weapon designed to end Microsoft Corp.'s
  growing dominance in the computing industry.
    Now the Java Gang of Four is the Gang of Two and a Half.
    Java creator Sun Microsystems, Inc., of course, is still fully
  committed to the programming language, as is IBM. ...

Not looking good for Java future.

Java is similar to FORTH.  FORTH executes super-slow on high-level
in most machines.  About 10% of the speed of a compiled-language
program - such as Visual Basic.

Specialized Forth and Java machine can be made to run fast.
http://groucho.gsfc.nasa.gov/forth/ and http://www.ptsc.com/ 

But I am not confident Java or Forth machines are going anywhere.
May be hard to get parts in the future.  

But I'm confident about the 80C32 supply!
http://www.apcatalog.com/cgi-bin/AP?ISBN=0125475705&LOCATION=US&FORM=FORM2

Let's hope this UNFORTUNATE matter http://jya.com/whpfiles.htm gets
settled soon so that we can move on to constructive projects.

Later
bill


/\/\/\

Marc

Since I was working the OTHER SIDE of

  Recent Advances in Intrusion Detection 

for the FBI, I might be able to give a nice talk about what the US
government is REALLY UP TO on defeating intrusion detection!

I am not reading e-mail.

best
bill

Hi Matthias!


Counterfeiting Wiegand Wire Access Credentials
     
                                   Bill Payne
     
                                 October 16,1996
     
                                    Abstract
     
                  Wiegand wire access credentials are easy and
                  inexpensive to counterfeit.
     
        Access Control & Security Systems Integration magazine, October
        1996 [http://www/securitysolutions.com] published the article,
     
             Wiegand technology stands the test of time
     
             by PAUL J. BODELL, page 12
     
             Many card and reader manufacturers offer Wiegand (pronounced
             wee-gand) output.  However, only three companies in the
             world make Wiegand readers.  Sensor Engineering of Hamden
             Conn., holds the patent for Wiegand, and Sensor has licensed
             Cardkey of Simi Valley, Calif., and Doduco of Pforzheim,
             Germany, to manufacture Wiegand cards and readers. ...  A
             Wiegand output reader is not the same thing as a Wiegand
             reader,  and it is important to understand the differences.
     
                In brief, Wiegand reader use the Wiegand effect to
             translate card information around the patented Wiegand
             effect in which a segment of a specially treated wire
             generates an electronic pulse when subjected to a specific
             magnetic field.  If the pulse is generated when the wire is
             near a pick-up coil, the pulse can be detected by a circuit.
             Lining up several rows of wires and passing them by a cold
             would generate a series of pulses.  Lining up two rows of
             wires - calling on row "zero bits" and the other "one bits"
             - and passing them by two different coils would generate two
             series of pulses, or data bits.  These data bits can then be
             interpreted as binary data and used to control other
             devices.  If you seal the coils in a rugged housing with
             properly placed magnets, and LED and some simple circuitry,
             you have a Wiegand reader.  Carefully laminate the special
             wires in vinyl, and artwork, and hot-stamp a number on the
             vinyl, and you have a Wiegand card.
     
             IN THE BEGINNING
     
               Wiegand was first to introduce to the access control
             market in the late 1970s.  It was immediately successful
             because it filled the need for durable, secure card and
             reader technology.
               Embedded in the cards, Wiegand wires cannot be altered or
             duplicated. ...
     
        Bodell's Last statement is incorrect.
     
        Tasks for EASILY counterfeiting Wiegand wire cards are
     
        1    Locate the wires inside the card to read the 0s and 1s.
     
        2    Build an ACCEPTABLE copy of the card.
     
        Bodell's clear explanation of the working of a Wiegand card can
        be visualized
     
             zero row    |     |   |
     
             one row        |          |
     
             binary      0  1  0   0   1
             representation
     
        Solutions to Task 1
     
             A    X-ray the card
     
             B    MAGNI VIEW FILM,  Mylar film reads magnetic fields ...
                  Edmunds Scientific Company, catalog 16N1, page
                  205, C33,447  $11.75
     
        is placed over the top of the Wiegand card.
     
        COW MAGNET,  Cow magnetics allow farmers to trap metal in the
        stomachs of their cows.  Edmunds, page 204, C31,101 $10.75
        is placed under the card.
     
        Location of the wires is easily seen on the green film.
     
        Mark the position of the wires with a pen.
     
        Next chop the card vertically using a shear into about 80/1000s
        paper-match-sized strips.
     
        Don't worry about cutting a wire or two.
     
        Note that a 0 has the pen mark to the top.  A 1 has the pen mark
        at the bottom.
     
        Take a business card and layout the "paper match"-like strips to
        counterfeit the card number desired.
     
        Don't worry about spacing.  Wiegand output is self-clocking!
     
        Tape the "paper-match - like" strips to the business card.
     
        Only the FUNCTION of the card needs to be reproduced!
     
                                     History
     
        Breaking electronic locks was done as "work for others" at Sandia
     
        National Laboratories beginning in 1992 funded by the Federal
        Bureau of Investigation/Engineering Research Facility, Quantico,
        VA.
     
        The FBI opined that this work was SECRET/NATIONAL SECURITY
        INFORMATION.
     
        Details of the consequences of this work are covered in
     
             Fired Worker File Lawsuit Against Sandia
             Specialist Says He Balked When Lab Sought Electronic
             Picklock Software, Albuquer Journal, Sunday April 25, 1993
     
             State-sanctioned paranoia,  EE Times, January 22, 1996
     
             One man's battle,  EE Times, March 22, 1994
     
             Damn the torpedoes,  EE Times, June 6, 1994
     
             Protecting properly classified info,  EE Times, April 11,
             1994
     
             DOE to scrutinize fairness in old whistle-blower cases,
             Albuquerque Tribune, Nov 7 1995
     
             DOE boss accelerates whistle-blower protection,  Albuquerque
             Tribune, March 27, 1996
     
             DOE doesn't plan to compensate 'old' whistle-blowers with
             money, Albuquerque Tribune September 27, 199





Thread