The Big List
-
CampusWide - Wide Open. - This is the that started it all. Published in
2600 Spring 2003. Mostly background and infrastructure information, and an overview of the flaws of the system.
Georgia Tech's Office of Information Technology (OIT) ran an audit of GT's system and confirmed the exploits
described in my article do indeed work. Their are some mistakes in the article, naming some of the history of
the Campuswide system is missing some parts, and that VTSes can't be tricked into giving
you a clone of a card. I suggest starting here
-
CampusWide - Openview and Exploits (PDF) - The Slide Show for my speech
at Interz0ne II, with lots of pictures and great deatails about the 3 types of exploits (Reader to device Man-in-the-middling,
Reader to Server Man-in-the-middling, and Card based).
-
My Response - So what happens when you write an internationally published paper about an Institute's
gross neglict of student security, and include an email address at that school? Oh my
-
Timeline of Events - A nifty timeline covering my research, how Tech reacted, and conferences I spoke at.
-
Letter to Jim Pete - A nasty email to Buzzcard Center as to why they won't return my emails, and why they
covered up the results of OIT's investigation.
- Cease and Desist Letter - Sent to Interz0ne II.
- FAQ - this is my FAQ that I get asked after people read the article
- Cached Web Pages These are the old cached ATT webpages, full of Technical
details Blackboard wished weren't floating around.
-
Pictures Some fun pictures of what the wires look like from read to device, and how
poorly they are protected.
- Email
me If I did cover something and you want to know, or you think you
have some information of CampusWide you want to tell me, email me
Homepage