http://news.bbc.co.uk/1/hi/england/london/7524754.stm

The Oyster system used on London's transport network has broken down two 
weeks after another fault left 40,000 customers with corrupted cards.

The latest problem has affected pay as you go Oystercards on the Tube 
network.

Barriers are being kept open at all stations until the problem has been 
rectified, Transport for London (TfL) has confirmed.

On Jul 25, 8:16 am, "dB"  wrote:
> http://news.bbc.co.uk/1/hi/england/london/7524754.stm
>
> The Oyster system used on London's transport network has broken down two
> weeks after another fault left 40,000 customers with corrupted cards.

Oh dear, the system hardening against the MiFARE hack just isn't
working is it boys? When that exploit gets published in full in
october you're going to be well and truly screwed.

B2003

thagor2008@googlemail.com gurgled happily, sounding much like they were
saying:

>> The Oyster system used on London's transport network has broken down
>> two weeks after another fault left 40,000 customers with corrupted
>> cards.

> Oh dear, the system hardening against the MiFARE hack just isn't working
> is it boys? When that exploit gets published in full in october you're
> going to be well and truly screwed.

You really think there'll be anything in that disclosure that the black-
hats haven't _long_ known?

On Jul 25, 9:24 am, Adrian  wrote:
> thagor2...@googlemail.com gurgled happily, sounding much like they were
> saying:
>
> >> The Oyster system used on London's transport network has broken down
> >> two weeks after another fault left 40,000 customers with corrupted
> >> cards.
> > Oh dear, the system hardening against the MiFARE hack just isn't working
> > is it boys? When that exploit gets published in full in october you're
> > going to be well and truly screwed.
>
> You really think there'll be anything in that disclosure that the black-
> hats haven't _long_ known?

Quite possibly. Black hats arn't super human genuises plus if you read
the details this exploit required access to lab equipment to strip the
chip layers and look at it under (I think) electron microscopes.
Besides which , its only now that the exploit has come out and TfL are
panicking. When/if it was underground (excuse the pun) before , they'd
have been in blissful ignorance.

Heres a video of the guys explaining what they did. Its quite long but
interesting:

http://www.hackaday.com/2008/01/01/24c3-mifare-crypto1-rfid-completely-broken/

B2003

thagor2008@googlemail.com gurgled happily, sounding much like they were
saying:

> Besides which , its only now that the exploit has come out and TfL are
> panicking. When/if it was underground (excuse the pun) before , they'd
> have been in blissful ignorance.

Which is precisely why disclosure is good.

On Jul 25, 9:35 am, Adrian  wrote:
> thagor2...@googlemail.com gurgled happily, sounding much like they were
> saying:
>
> > Besides which , its only now that the exploit has come out and TfL are
> > panicking. When/if it was underground (excuse the pun) before , they'd
> > have been in blissful ignorance.
>
> Which is precisely why disclosure is good.

Indeed. Though from what I've read theres probably not all that much
that can be done against this exploit without changing the hardware.
I'll bet a fiver that they'll have to slowly migrate over to the newer
cards using 3DES for Oyster in the coming years.

B2003

wrote in message 
news:1bfddcf0-84a3-4a87-a81e-e536120d9c2e@v1g2000pra.googlegroups.com...
> On Jul 25, 9:35 am, Adrian  wrote:
>> thagor2...@googlemail.com gurgled happily, sounding much like they were
>> saying:
>>
>> > Besides which , its only now that the exploit has come out and TfL are
>> > panicking. When/if it was underground (excuse the pun) before , they'd
>> > have been in blissful ignorance.
>>
>> Which is precisely why disclosure is good.
>
> Indeed. Though from what I've read theres probably not all that much
> that can be done against this exploit without changing the hardware.
> I'll bet a fiver that they'll have to slowly migrate over to the newer
> cards using 3DES for Oyster in the coming years.
>
> B2003

Isn't it an immutable law that anything designed by people can be cracked by 
people - it's just a question of how long it takes!

MaxB

On Jul 25, 8:16 am, "dB"  wrote:
> http://news.bbc.co.uk/1/hi/england/london/7524754.stm
>
> The Oyster system used on London's transport network has broken down two
> weeks after another fault left 40,000 customers with corrupted cards.
>
> The latest problem has affected pay as you go Oystercards on the Tube
> network.
>
> Barriers are being kept open at all stations until the problem has been
> rectified, Transport for London (TfL) has confirmed.

According to http://news.bbc.co.uk/1/hi/england/london/7525894.stm

The problem existed between 6am and 10am.

Interestingly, I travelled on London Midland (Watford Junction to
London Euston) using PAYG during this time. Both the touch in and
touch out appeared to work correctly and the machine at touch out
reported the correct fare.

I didn't notice anyone having any problems at Watford Junction. And
people seemed to be touching out normally at Euston judging by the
beeps - although as that was platform 16-18 it's possible that things
weren't actually working properly for everybody.

Tim.

On 25 Jul, 16:33, "goo...@woodall.me.uk"  wrote:
> On Jul 25, 8:16 am, "dB"  wrote:
>
> >http://news.bbc.co.uk/1/hi/england/london/7524754.stm
>
> > The Oyster system used on London's transport network has broken down two
> > weeks after another fault left 40,000 customers with corrupted cards.
>
> > The latest problem has affected pay as you go Oystercards on the Tube
> > network.
>
> > Barriers are being kept open at all stations until the problem has been
> > rectified, Transport for London (TfL) has confirmed.
>
> According tohttp://news.bbc.co.uk/1/hi/england/london/7525894.stm
>
> The problem existed between 6am and 10am.
>
> Interestingly, I travelled on London Midland (Watford Junction to
> London Euston) using PAYG during this time. Both the touch in and
> touch out appeared to work correctly and the machine at touch out
> reported the correct fare.
>
> I didn't notice anyone having any problems at Watford Junction. And
> people seemed to be touching out normally at Euston judging by the
> beeps - although as that was platform 16-18 it's possible that things
> weren't actually working properly for everybody.
>
> Tim.

Today I used Cannon Street NR, where the barriers were working and I
didn't see crowds of people with travelcards on Oyster waiting to be
let through.  I am on paper at the moment, so I didn't test it with an
Oyster Travelcard.

Then I used the Underground from Bank, and found that the gates were
open and completely switched off at both ends.

Maybe they spotted the conditions for another corruption of everyone's
cards in time to switch off instead?

I haven't managed to exploit any of this yet, because I've been
covered by a travelcard both times the system was switched off.

On 25 Jul, 16:47, MIG  wrote:
> Today I used Cannon Street NR, where the barriers were working and I
> didn't see crowds of people with travelcards on Oyster waiting to be
> let through.  I am on paper at the moment, so I didn't test it with an
> Oyster Travelcard.

The problem was only affecting PAYG, which isn't available at Cannon
Street NR.

U

--
http://londonconnections.blogspot.com/
A blog about transport projects in London

On Fri, 25 Jul 2008 08:16:34 +0100, "dB"  wrote:

>http://news.bbc.co.uk/1/hi/england/london/7524754.stm
>
>The Oyster system used on London's transport network has broken down two 
>weeks after another fault left 40,000 customers with corrupted cards.
>
>The latest problem has affected pay as you go Oystercards on the Tube 
>network.
>
>Barriers are being kept open at all stations until the problem has been 
>rectified, Transport for London (TfL) has confirmed.

It was only LU that was affected - nothing else.  A notice was issued
this afternoon indicating an incorrect file had been loaded to the LU
system by Transys.  It's been corrected and the gates are working
properly now.

While everyone is enjoying the card hacking speculation I don't think
this problem is anything to do with it.
-- 
Paul C


Admits to working for London Underground!

"Mr Thant"  wrote in message 
news:2fc57d1e-f701-4d55-8a26-65024cb32250@s21g2000prm.googlegroups.com...
On 25 Jul, 16:47, MIG  wrote:
> Today I used Cannon Street NR, where the barriers were working and I
> didn't see crowds of people with travelcards on Oyster waiting to be
> let through. I am on paper at the moment, so I didn't test it with an
> Oyster Travelcard.

The problem was only affecting PAYG, which isn't available at Cannon
Street NR.

U

--
http://londonconnections.blogspot.com/
A blog about transport projects in London

Somewhat amusingly BBC South East were trying to do a slagging off report on 
the incident and both times they failed to get any sound with their picture. 
Another report was also delayed and ended suddenly. I don't know if the 
irony will have struck them - maybe there will be a report at 1030 on how 
the BBC systems failed.

MaxB

On 25 Jul, 18:45, Paul Corfield  wrote:
> While everyone is enjoying the card hacking speculation I don't think
> this problem is anything to do with it.

I'd be interested in hearing then why suddenly oyster goes down twice
in 2 weeks , the 1st time trashing 60K cards, if it was just some
"data upload error" that was being bounced around as the official
excuse. Data errors don't mess up hardware.

B2003

On 25 Jul, 20:28, thagor2...@googlemail.com wrote:
> On 25 Jul, 18:45, Paul Corfield  wrote:
>
> > While everyone is enjoying the card hacking speculation I don't think
> > this problem is anything to do with it.
>
> I'd be interested in hearing then why suddenly oyster goes down twice
> in 2 weeks , the 1st time trashing 60K cards, if it was just some
> "data upload error" that was being bounced around as the official
> excuse. Data errors don't mess up hardware.
>
> B2003

Of course they can - incorrect data downloaded to cards can easily
makethem inoperable. Both today anda couple of weeks ago are being put
down to Transys.& no hacking fix.

"Chris"  wrote in message 
news:47678041-59e7-4981-990d-7f2e8dbc3583@p25g2000hsf.googlegroups.com...
> On 25 Jul, 20:28, thagor2...@googlemail.com wrote:
>> On 25 Jul, 18:45, Paul Corfield  wrote:
>>
>> > While everyone is enjoying the card hacking speculation I don't think
>> > this problem is anything to do with it.
>>
>> I'd be interested in hearing then why suddenly oyster goes down twice
>> in 2 weeks , the 1st time trashing 60K cards, if it was just some
>> "data upload error" that was being bounced around as the official
>> excuse. Data errors don't mess up hardware.
>>
>> B2003
>
> Of course they can - incorrect data downloaded to cards can easily
> makethem inoperable.

Only if you design your systems wrongly.

Incorrect data in the validators could easily make them not accept cards, 
but it shouldn't cause cards to be trashed unless it has been specifically 
designed to do so.

> Both today anda couple of weeks ago are being put
> down to Transys.& no hacking fix.

Hm, so we are told.  It doesn't seem entirely believable.

tim

On Jul 25, 5:57 pm, Mr Thant 
wrote:
> On 25 Jul, 16:47, MIG  wrote:
>
> > Today I used Cannon Street NR, where the barriers were working and I
> > didn't see crowds of people with travelcards on Oyster waiting to be
> > let through.  I am on paper at the moment, so I didn't test it with an
> > Oyster Travelcard.
>
> The problem was only affecting PAYG, which isn't available at Cannon
> Street NR.

Well you know that and I know that ...

It's evidence for whoever can work out what the problem was.

So we know that touching an NR barrier at a station that never accepts
PAYG won't corrupt your Oyster if there is a valid travelcard on it.
But we don't really know anything else, like whether LU barriers would
have let travelcards through if they were switched on.  Or the same
about NR barriers at, say, Liverpool Street.

On Jul 25, 10:29 pm, "tim....."  wrote:
> "Chris"  wrote in message
>
> news:47678041-59e7-4981-990d-7f2e8dbc3583@p25g2000hsf.googlegroups.com...
>
> > On 25 Jul, 20:28, thagor2...@googlemail.com wrote:
> >> On 25 Jul, 18:45, Paul Corfield  wrote:
>
> >> > While everyone is enjoying the card hacking speculation I don't think
> >> > this problem is anything to do with it.
>
> >> I'd be interested in hearing then why suddenly oyster goes down twice
> >> in 2 weeks , the 1st time trashing 60K cards, if it was just some
> >> "data upload error" that was being bounced around as the official
> >> excuse. Data errors don't mess up hardware.
>
> >> B2003
>
> > Of course they can - incorrect data downloaded to cards can easily
> > makethem inoperable.
>
> Only if you design your systems wrongly.
>
> Incorrect data in the validators could easily make them not accept cards,
> but it shouldn't cause cards to be trashed unless it has been specifically
> designed to do so.
>
> > Both today anda couple of weeks ago are being put
> > down to Transys.& no hacking fix.
>
> Hm, so we are told.  It doesn't seem entirely believable.

The whole point of consultants is to be paid obscene amounts of money
to take the blame for management decisions that were made before the
consultants were hired.

(I generally think of New Labour as consultants to the ruling business
interests of this country.)

On Fri, 25 Jul 2008 14:34:05 -0700 (PDT), MIG
 wrote:

>On Jul 25, 5:57 pm, Mr Thant 
>wrote:
>> On 25 Jul, 16:47, MIG  wrote:
>>
>> > Today I used Cannon Street NR, where the barriers were working and I
>> > didn't see crowds of people with travelcards on Oyster waiting to be
>> > let through.  I am on paper at the moment, so I didn't test it with an
>> > Oyster Travelcard.
>>
>> The problem was only affecting PAYG, which isn't available at Cannon
>> Street NR.
>
>Well you know that and I know that ...
>
>It's evidence for whoever can work out what the problem was.
>
>So we know that touching an NR barrier at a station that never accepts
>PAYG won't corrupt your Oyster if there is a valid travelcard on it.
>But we don't really know anything else, like whether LU barriers would
>have let travelcards through if they were switched on.  Or the same
>about NR barriers at, say, Liverpool Street.

I travelled from Paddington to Ealing Broadway on the 0645 and thence
on the 65 bus without any problem (with Z1-3 annual). Had no problems
using the Tube today - but I suppose I should check my PAYG balance!

"MIG"  wrote in message 
news:633ab23d-af4c-47d2-a7a3-7cafbc77fbd2@k13g2000hse.googlegroups.com...
On Jul 25, 10:29 pm, "tim....."  wrote:
> "Chris"  wrote in message
>
> news:47678041-59e7-4981-990d-7f2e8dbc3583@p25g2000hsf.googlegroups.com...
>
> > On 25 Jul, 20:28, thagor2...@googlemail.com wrote:
> >> On 25 Jul, 18:45, Paul Corfield  wrote:
>
> >> > While everyone is enjoying the card hacking speculation I don't think
> >> > this problem is anything to do with it.
>
> >> I'd be interested in hearing then why suddenly oyster goes down twice
> >> in 2 weeks , the 1st time trashing 60K cards, if it was just some
> >> "data upload error" that was being bounced around as the official
> >> excuse. Data errors don't mess up hardware.
>
> >> B2003
>
> > Of course they can - incorrect data downloaded to cards can easily
> > makethem inoperable.
>
> Only if you design your systems wrongly.
>
> Incorrect data in the validators could easily make them not accept cards,
> but it shouldn't cause cards to be trashed unless it has been specifically
> designed to do so.
>
> > Both today anda couple of weeks ago are being put
> > down to Transys.& no hacking fix.
>
> Hm, so we are told. It doesn't seem entirely believable.

The whole point of consultants is to be paid obscene amounts of money
to take the blame for management decisions that were made before the
consultants were hired.

(I generally think of New Labour as consultants to the ruling business
interests of this country.)

-------------------------------------------------

I was referring to the reason for the update, not the buck passing.

tim

"MIG"  wrote in message 
news:633ab23d-af4c-47d2-a7a3-7cafbc77fbd2@k13g2000hse.googlegroups.com...
On Jul 25, 10:29 pm, "tim....."  wrote:
> "Chris"  wrote in message
>

The whole point of consultants is to be paid obscene amounts of money
to take the blame for management decisions that were made before the
consultants were hired.

(I generally think of New Labour as consultants to the ruling business
interests of this country.)

I always thought consultants were paid obscene amounts of money to waste 
employees time asking them how to solve a problem, ignore their wisdom, 
write a report based on the solution they had decided on beforehand and 
depart before the whatsit hit the thingy!

MaxB

> I always thought consultants were paid obscene amounts of money to waste 
> employees time asking them how to solve a problem, ignore their wisdom, 
> write a report based on the solution they had decided on beforehand and 
> depart before the whatsit hit the thingy!
>
> MaxB

Yes, that sounds familiar. It's no coincidence that consultancy begins with 
con ;-)

On Sat, 26 Jul 2008 13:28:41 +0100, "dB"  wrote:

>> I always thought consultants were paid obscene amounts of money to waste 
>> employees time asking them how to solve a problem, ignore their wisdom, 
>> write a report based on the solution they had decided on beforehand and 
>> depart before the whatsit hit the thingy!
>>
>> MaxB
>
>Yes, that sounds familiar. It's no coincidence that consultancy begins with 
>con ;-) 

Consult: A cross between "con" and "insult".

(With thanks to Scott Adams).

On 25 Jul, 21:43, Chris  wrote:
> Of course they can - incorrect data downloaded to cards can easily
> makethem inoperable.

I've not yet come across r/w memory that can't be reset if theres
dodgy data on it so unless they're upgrading any software there may be
on it I can't see how it could happen. And if thats the case you have
to ask yourself why.

>Both today anda couple of weeks ago are being put
> down to Transys.& no hacking fix.#

Yes , because I'm sure TfL would release a statement saying "transys
have been attempting a workaround for the MiFARE hack but have so far
failed miserably".

B2003

On Jul 26, 2:22 pm, James Farrar  wrote:
> On Sat, 26 Jul 2008 13:28:41 퍝, "dB"  wrote:
> >> I always thought consultants were paid obscene amounts of money to waste
> >> employees time asking them how to solve a problem, ignore their wisdom> >> write a report based on the solution they had decided on beforehand and
> >> depart before the whatsit hit the thingy!
>
> >> MaxB
>
> >Yes, that sounds familiar. It's no coincidence that consultancy begins with
> >con ;-)
>
> Consult: A cross between "con" and "insult".
>
> (With thanks to Scott Adams).

It's not incompatible with my version if the management decision is to
hire consultants to override the wisdom of the staff and to produce
the solution that management hired them to produce (possibly on the
grounds that it's the solution that the particular consultancy always
produces).

In message 
, at 
12:25:39 on Sat, 26 Jul 2008, MIG  
remarked:
>It's not incompatible with my version if the management decision is to
>hire consultants to override the wisdom of the staff and to produce
>the solution that management hired them to produce (possibly on the
>grounds that it's the solution that the particular consultancy always
>produces).

The other common scenario is that the consultants produce the solution 
that the staff recommend, but the management weren't listening to the 
staff. So everyone wins! Call it a catalyst.
-- 
Roland Perry

>
> The other common scenario is that the consultants produce the solution 
> that the staff recommend, but the management weren't listening to the 
> staff. So everyone wins! Call it a catalyst.

Except it cost the company a lot of money for someone to state the obvious.

In message <UKadnfjiMoEJHRbVnZ2dneKdnZydnZ2d@posted.plusnet>, at 
20:52:55 on Sat, 26 Jul 2008, dB  remarked:
>> The other common scenario is that the consultants produce the solution
>> that the staff recommend, but the management weren't listening to the
>> staff. So everyone wins! Call it a catalyst.
>
>Except it cost the company a lot of money for someone to state the obvious.

But without paying the money the "obvious" goes un-stated.

You probably wouldn't be surprised to learn how many managements are 
convinced that no good ideas will ever come from the staff, so those 
ideas end up being laundered through a consultant.

The consultant doesn't have zero work to do, of course; he has to listen 
to all the staff, then select the ideas that makes sense. But the 
chances are that many times there will be some non-trivial subset of the 
staff who will recognise it as "their" idea.
-- 
Roland Perry

Roland Perry wrote:

> 
> You probably wouldn't be surprised to learn how many managements are 
> convinced that no good ideas will ever come from the staff, so those 
> ideas end up being laundered through a consultant.
> 

I have to say I (as a staff member with ideas) only realised the 
usefulness of this relatively recently.  The consultant, having been 
brought in to have ideas but without any idea of how the place runs, is 
going to reach for anyone willing to explain things to him like a 
drowning man for a lifebelt.  If you can get a couple of hours alone 
with him you have a good chance of getting your ideas in front of people 
with far less effort than it would normally take through conventional 
bureaucracy.

This does require that you aren't expecting to be thanked or recognised 
for you contribution, and that you have sufficient self control that 
when management order you to drop everything and run with the exciting 
new idea the consultant has proposed you don't go 'hey, that was what 
I've been saying for years'.

Sadly it's a common human bias to value something that cost a lot of 
money more.

Tom

In message <hZWik.11910$3L5.3764@newsfe30.ams2>, at 10:11:45 on Sun, 27 
Jul 2008, Tom Barry  remarked:
>
>>  You probably wouldn't be surprised to learn how many managements are 
>>convinced that no good ideas will ever come from the staff, so those 
>>ideas end up being laundered through a consultant.
>
>I have to say I (as a staff member with ideas) only realised the 
>usefulness of this relatively recently.  The consultant, having been 
>brought in to have ideas but without any idea of how the place runs, is 
>going to reach for anyone willing to explain things to him like a 
>drowning man for a lifebelt.  If you can get a couple of hours alone 
>with him you have a good chance of getting your ideas in front of 
>people with far less effort than it would normally take through 
>conventional bureaucracy.
>
>This does require that you aren't expecting to be thanked or recognised 
>for you contribution, and that you have sufficient self control that 
>when management order you to drop everything and run with the exciting 
>new idea the consultant has proposed you don't go 'hey, that was what 
>I've been saying for years'.
>
>Sadly it's a common human bias to value something that cost a lot of 
>money more.

Most of that's true, but I think you are being a little hard on the 
"drowning man" - their job is to come into a new place and find out how 
it ticks.

As for use of consultants in general, here's another way of thinking 
about them:  A computer software company needs a new head office and 
rather than design it themselves (and unwilling to hire as employees the 
people with the skills) decide to subcontract it out to some building 
design consultants. Or as they are often called, architects. These folk 
interview the management and staff to get an idea of the requirements 
(probably none of them are programmers so want to understand what the 
special needs are).

Eventually they draw up plans in a sufficiently professional way that 
they are accepted by management and the board. The management were 
sceptical about some aspects (particularly some of the more 
staff-friendly ones), but the architects were able to argue that these 
features had worked well in other buildings they had done and figures 
that showed increased productivity; the board were impressed by the 
financial due diligence from people with credentials, and appreciated 
someone to pass the planning approval buck to. The staff recognised many 
of the things they had asked for, and wondered why specialists were 
needed at all; if only the management had listened to them!
-- 
Roland Perry

On Jul 27, 11:01 am, Roland Perry  wrote:
> In message <hZWik.11910$3L5.3...@newsfe30.ams2>, at 10:11:45 on Sun, 27
> Jul 2008, Tom Barry  remarked:
>
>
>
>
>
>
>
> >>  You probably wouldn't be surprised to learn how many managements are
> >>convinced that no good ideas will ever come from the staff, so those
> >>ideas end up being laundered through a consultant.
>
> >I have to say I (as a staff member with ideas) only realised the
> >usefulness of this relatively recently.  The consultant, having been
> >brought in to have ideas but without any idea of how the place runs, is
> >going to reach for anyone willing to explain things to him like a
> >drowning man for a lifebelt.  If you can get a couple of hours alone
> >with him you have a good chance of getting your ideas in front of
> >people with far less effort than it would normally take through
> >conventional bureaucracy.
>
> >This does require that you aren't expecting to be thanked or recognised
> >for you contribution, and that you have sufficient self control that
> >when management order you to drop everything and run with the exciting
> >new idea the consultant has proposed you don't go 'hey, that was what
> >I've been saying for years'.
>
> >Sadly it's a common human bias to value something that cost a lot of
> >money more.
>
> Most of that's true, but I think you are being a little hard on the
> "drowning man" - their job is to come into a new place and find out how
> it ticks.
>
> As for use of consultants in general, here's another way of thinking
> about them:  A computer software company needs a new head office and
> rather than design it themselves (and unwilling to hire as employees the
> people with the skills) decide to subcontract it out to some building
> design consultants. Or as they are often called, architects. These folk
> interview the management and staff to get an idea of the requirements
> (probably none of them are programmers so want to understand what the
> special needs are).
>
> Eventually they draw up plans in a sufficiently professional way that
> they are accepted by management and the board. The management were
> sceptical about some aspects (particularly some of the more
> staff-friendly ones), but the architects were able to argue that these
> features had worked well in other buildings they had done and figures
> that showed increased productivity; the board were impressed by the
> financial due diligence from people with credentials, and appreciated
> someone to pass the planning approval buck to. The staff recognised many
> of the things they had asked for, and wondered why specialists were
> needed at all; if only the management had listened to them!

My experience is that the management want to cover their backs WHEN
something fails, by saying "but we paid the most expensive
consultants".

They could have spent an awful lot less on working with their own
staff to prevent it failing in the first place.  I've seen that a few
times.

In message 
, at 
03:19:55 on Sun, 27 Jul 2008, MIG  
remarked:
>My experience is that the management want to cover their backs WHEN
>something fails, by saying "but we paid the most expensive
>consultants".

They all charge about the same.

>They could have spent an awful lot less on working with their own
>staff to prevent it failing in the first place.  I've seen that a few
>times.

If they were in the habit of working with their staff, they might not 
need the "rescue package".

And if it looks like the staff are failing (even if it's not the staff's 
fault) they are likely to be the last place management looks to for new 
skills to solve the problem.

But many of the staff's ideas, filtered and verified by the consultant, 
can be exactly what the organisation needs.

-- 
Roland Perry

On Jul 26, 5:37 pm, thagor2...@googlemail.com wrote:
> On 25 Jul, 21:43, Chris  wrote:
>
> > Of course they can - incorrect data downloaded to cards can easily
> > makethem inoperable.
>
> I've not yet come across r/w memory that can't be reset if theres
> dodgy data on it so unless they're upgrading any software there may be
> on it I can't see how it could happen. And if thats the case you have
> to ask yourself why.
>
Most microcontrollers have had settings which once written prevent you
ever reading out or changing the microcode again.

Some of those were non resettable, even if, before the fuses were
blown, the microcontroller was reprogrammable.

(The modern flash PICs which I've been playing with recently all seem
to have the ability to do a complete reset even after the code
protection bits have been set - IIRC on some of them this reset can
wipe some of the factory calibration data so you have to make sure
you've recorded these values for the individual devices somewhere
before you start down this path - I think mostly this calibration data
is related to the internal oscillator so it's not needed if you're
using external timing)

I can easily believe that the mifare card could have a setting to flag
some of the memory as read only - IIRC sector 0 (which contains the
ID[1]) is read only - It's perfectly possible that there is an address
somewhere that says what memory is read only and what is read write
and that address can only be incremented, never decremented.

Initially the card is created with this address as 0. Sector 0 is
written and then the address incremented to 1. A card can be totally
disabled by incrementing this address to its maximum value.

Tim.

[1] Someone posted a link to a presentation about hacking the mifare
chip - according to that, even though sector 0 is non-reprogrammable,
you can change the key used to encrypt the traffic in such a way that
the card looks like it has a different ID. Only if the reader
explicitly requests sector 0 and verifies the ID will it be able to
detect this spoofing.

On Jul 28, 11:52 am, "goo...@woodall.me.uk" 
wrote:
> On Jul 26, 5:37 pm, thagor2...@googlemail.com wrote:> On 25 Jul, 21:43, Chris  wrote:
>
> > > Of course they can - incorrect data downloaded to cards can easily
> > > makethem inoperable.
>
> > I've not yet come across r/w memory that can't be reset if theres
> > dodgy data on it so unless they're upgrading any software there may be
> > on it I can't see how it could happen. And if thats the case you have
> > to ask yourself why.
>
To followup:
Just found this 2K (256x8) eeprom

http://www.atmel.com/atmel/acrobat/doc0958.pdf

Has a permanent software write protection for the first half of the
memory.

"Write Protection
The software write protection, once enabled, permanently write
protects only the first-half of the array ...

The software write protection cannot be reversed even if the device is
powered down."

I've only skimmed that data sheet but it looks like if you send a
write command with a device address of 0110 instead of 1010 then
you'll set this bit.

You really don't want to send a software update to your readers that
drops a byte from the command being sent to the chip - most cards will
just fail to work, but a few will get that magic 0110 bit pattern at
the wrong point and will then be permanently broken.

Tim.

wrote in message 
news:eded1fbf-7506-489a-9715-f6a77a9e8a49@k13g2000hse.googlegroups.com...
> On Jul 26, 5:37 pm, thagor2...@googlemail.com wrote:
>> On 25 Jul, 21:43, Chris  wrote:
>>
>> > Of course they can - incorrect data downloaded to cards can easily
>> > makethem inoperable.
>>
>> I've not yet come across r/w memory that can't be reset if theres
>> dodgy data on it so unless they're upgrading any software there may be
>> on it I can't see how it could happen. And if thats the case you have
>> to ask yourself why.
>>
> Most microcontrollers have had settings which once written prevent you
> ever reading out or changing the microcode again.

Yep, but this area isn't going to be written to by the application code.  It 
will (or won't) be blown deliberately during manufacture.

tim