Slashdot Mirror
RFID Injection Required for Datacenter Access
user24 writes "Security focus reports that RFID injections are now required for access to the datacenter of a Cincinnati company. From the article 'In the past, employees accessed the room with an RFID tag which hung from their keychains, however under the new regulations an implantable, glass encapsulated RFID tag from VeriChip must be injected into the bicep to gain access ... although the company does not require the microchips be implanted to maintain employment.'"
...and the Comrades marched rank and file into their working facility, while the Big Brother telescreen carefully scanned each implanted chip...
Is this the first time civilians have been required to do thing type of thing? I guess its no longer science fiction.
And then there is the whole magic marker circumvention method that is soon to be discovered (possibly within this thread).
Oh wait...
FTA: Ironically, the extra security sought may be offset by a recent discovery of Jonathan Westhues, where the security researcher showed the VeriChip can be skimmed and cloned, duplicating an implant's authentication.
Yeah... I can't wait for the Diebold spin on this story.
The dangers of knowledge trigger emotional distress in human beings.
Back in the good old days, we used to just use duct tape and superglue to keep people from messing with our machines! (And I guess OpenBSD doesn't hurt either... ;-)
Creative misinterpretation is your friend.
Aw, hell no.
At least, it doesn't need to be cut out to be used by a sufficiently motivated attacker.
Mmmm-hmmm...
They won't require you to implant the chip to keep your job. But how long can you keep your job if you can't access the datacenter?
...Also, I didn't know Buggalo could fly.
Isn't this what the Christians have been saying was going to happen for the past 20 years now? Of course, it's not the governing that's forcing the chips on people, but it's only a matter of time.
It might actually double the victim's bicep circumference.
The story reads that it's not required to maintain employment. But, then again, most jobs in the US are "at will" anyway...
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
But now they want to chip us like dogs too?
What's next, kibble in the break room vending machines?
I'm not understanding the point here. If you inject the RFID chip, you can theoretically track your users wherever they go. But you can't ensure that access isn't being granted to someone who has an RFID chip in their wallet. You are making it slightly harder to steal the data, but you're not making it any harder to clone the chip.
What's the security benefit to injected RFID?
BTW, this is the original article.
The ______ Agenda
Could someone object on the basis of religious discrimination if they believe that RFID implants constitute the "Mark of the Beast"?
CC Licensed Serialized Story and Podcast: Ingenioustries
So much for Evil Guy yanking out an eye or cutting off a hand so that he can fake access. Now he has to take the whole arm...
Seriously, if he wants in that bad I'd rather he just beat me up and take my keys.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
If not, you're likely to be tracked not just by your employer but by anyone else with an RFID scanner. There really ought to be an activator button or device that needs to be pressed or broadcasting to make such a device safe for the implanted.
Actually, they didn't leave it out, and I did read the article. My comment was a question of the logical extention of this policy. More to the point, if they're only going to allow access to RFID-enabled employees, doesn't it seem kinda necessary that either 1) you will be implanted if your responsibilities include accessing the video library, or 2) you're going to lose that responsibility. I can't see the latter being a positive career move.
This will only last about as long as the Sony rootkit-like DRM lasted. It now has public attention, and when it is pointed out that the scheme has enough security holes in it to act as a noodle strainer, the number of people who will actually allow the implant will be zero, meaning there will be no one to do any maintenance in the datacenter, and thus the rules will have to be changed.
For less than they paid for the RFID system, they could have hired someone to log people in and out of the data center. Additionally, I question the validity of a system that restricts access to only those with an implant during disaster situations (fire, flood, and worse) where access rights and needs are rather different than in normal situations.
Good security costs a lot of money, and you cannot replace the human element in the security chain. The RFID schemes won't prevent anyone following an authorized person into the data center, unless there is physical restrictions that would make working in the data center dangerous during emergencies. In this case, the $10/hour guard is more flexible and cheaper than the high-tech answer, and more respectful of humans in general... or at least I think so
Support NYCountryLawyer RIAA vs People
To me this sounds more like a marketing ploy. So that they could go to potential clients and say, "Look we are so secure and futuristic that we need embedded chips in humans to access our critical datacenter!". Client is left stunned.
IANA American, but I hope that the goverment would do something if this was forced on the employees working in the datacenter. After all, what can this achieve which cannot be done with a retinal scan, RFID tag combo? If the criminal can pass the retinal scan, can't he also pluck the RFID from the employee and stick into his arm?
Huh..... I would hate it if someone said they are gonna put a chip inside my body. Wait till someone gets hurt and the company gets sued for a million dollars.
Life is just a conviction.
I'm approaching two dozen RFID chips in my biceps, and let me tell you -- the chicks dig it!
The joke's on them. Geeks don't HAVE biceps.
" must be injected into the bicep"
I think most slashdotters will have a problem there.
The war with islam is a war on the beast
The war on terror is a war for peace
And anyone who requires access to the datacenter to do their job, such as operators and sysadmins, cannot DO their job unless they get the implant. And if they cannot do the job, how are they expected to maintain employment?
I suppose the official reason for termination would be "uncooperative attitude." Certainly not "he refused to get chipped." Or maybe the company will concentrate on ways to make the employee so miserable, he just quits. Problem solved.
They say the first thing to go is your penis. Well, it's either that or your brain. I forget which...
showed the VeriChip can be skimmed and cloned, duplicating an implant's authentication.
To say nothing of employee's arms being taken and used to gain access. Just need to have a large plastic bags to put the body part in to keep it from leaking all over the hacker. Gives a whole new meaning to the term hacker.
I wonder if these are the same implants they use on dogs. If they are it's no wonder they are insecure. And I don't see how this improves security much if any. It would be better to have a two man rule enforced by the access system, using two factor authentication, and have cameras monitoring the access into the cages. Securing a data center is not that difficult. It can be costly.
One last thought, what does the company do if those implanted leave or are fired? Pay out the insurance premium for dismemberment when they remove the arm of the employee? I guess you know you are being fired when the security guard shows up at your desk with a box for your stuff and a hacksaw to revoke your access.
I wonder why the company doesn't use a biometric entry system that uses fingerprints or retinal scans for security? People are less likely to object to thumbprint scan than minor surgery. And it's probably more secure, given that RFID can be cloned.
It now has public attention
I don't think we can call this public attention. Seriously, if our attention actually mattered in changing any policy, don't you think Microsoft would have been extinct by now and that DRM and other things like [insert what Slashdot users think is evil here] would be under public scrutiny? The cliched Joe Sixpack will probably never hear of this; heck, I don't think Joe Sixpack knows what RFID is.
Maybe revoke the authorization for that particular RFID device?
A fine is a tax you pay for doing wrong and a tax is a fine you pay for doing all right.
That was supposed to read, FTA: Ironically, the extra security sought may be offset by a recent discovery of Captain Obvious, where the security researcher showed the VeriChip can be skimmed and cloned, duplicating an implant's authentication.
Seriously, which genius thought putting a remotely readable barcode in an employees arm was ever going to be secure? Must the IT world really repeat the mistakes of the 80's garage door opener industry??
Forget thrust, drag, lift and weight. Airplanes fly because of money.
We all know that this won't increase security, but now this surveillance company can use this in all their advertising and PR. "Sure, you can go with the other company but they arent half as serious as we are. We put bloody implants into our employess! That's serious!"
Its harmless except for Joe and Jane Datacenter who have to go in for some minor surgery on the weekend to keep their jobs. I hope this "Golden Casino" mentality stops right here after these people get exposed for the dumbasses that they are. Hell, even in the article they did not know the weaknesses of RFID authentication.
I woulndt doubt if this was 100% publicity stunt. I wonder how many people even have to access the datacenter. Depending on the company size it could just be one or two people. Of course all the executives, security, etc will have the old keycards that will work just fine.
Did you check the article IDs? Each article admitted to /. is required to have an attached ID.
Altho, if you're in a right-to-work state, I can't see why they can't force this on workers. If you agree to it in a contract, well, you had your opportunity to decide against it.
IANAL, but "right-to-work" only means that a state's employment laws don't allow an employer to require that some/all employee's join the union. Even in a right-to-work state, a contract doesn't let an employer off the hook for unsafe working conditions.
Come test your mettle in the world of Alter Aeon!
It does not surprise me at all that this is in Cincinnati, which has a horrible anti-worker culture. Employees are considered far less valuable than office fixtures, pay is below the national average in all industries, and flexible time is a foreign concept. Most employers there resent the emancipation proclaimation. Without it, they wouldn't have to pay the drones at all. This attitude has even spilled over to the sports teams, who have lost a lot more often than they have won over the years due to skinflint ownership.
The Uncoveror: It's the real news.
Okay, but what's the metric here? "Unsafeness?" How "unsafe" is getting an RFID implant? Is it then safe to assume that if something was sufficiently risk-free, that a potential employer could get away with making the employee submit to their wishes? How far might that go? And most importantly, who's deciding what's unsafe, and where's their money come from?
I don't think the CIA is going to want thier agents permanantly broacasting a message that says 'hey I work for the CIA' to anybody that has the desire and technology to listen.
And as you tread the halls of sanity, You feel so glad to be, Unable to go beyond. I have a message, From another time..
And anyone who requires access to the datacenter to do their job, such as operators and sysadmins, cannot DO their job unless they get the implant. And if they cannot do the job, how are they expected to maintain employment?
They have no problem to do their job without physical access, they installed telnet on all the servers.
Ironically, the extra security sought may be offset by a recent discovery of Jonathan Westhues, where the security researcher showed the VeriChip can be skimmed and cloned, duplicating an implant's authentication. When contacted, those at CityWatcher were unaware of the chip's security issue, according to the spychips.com release.
So before I needed to get close to an object (whatever had the rfid tag) which under normal circumstances an employee would not be carried around (say they were going home or something) or could have it in a reader blocking case. Now, I simply need to get close to an employ anywhere at any time to copy their data.
Fucking brilliant, now I can steal their tag without anyone ever knowing, whereas before they'd know it was gone in a reasonable amount of time (I'd have to steal the physical object most likely).
This is way over the line and a dangerous precedent. The employees at this company must refuse and they must take this to court. If they acquiesce, it will establish a precedent and other companies will see that people are willing to allow corporations to do this shit and it will spread. Once it's common in corporate security environments, the government will start requiring it. This is bad news. The company doesn't own my body. They can stick the tag up their ass.
"The world is a construct of forceful imagination. Those who don't know walk around in the reailties of those who do"
It's a video surveillance company. You work in the data center, you become Big Brother.
As we know it!
I feel fine.
Freedom is fragile and must be protected. To sacrifice it, even as a temporary measure, is to betray it.
Many years ago I found myself in a turf war with the 'operators' who looked after our mainframe .... in their view system programmers weren't allowed to touch the hardware ... anyway as a response we instituted a physical penetration analysis of the machine room .... the number of different ways in we found was in the mid teens - some involved children (or small adults) climbing thru ducts or thru the windows we gave people their printouts through, others involved finding ways in under the false floor (there were several) - but the one that took the cake was when we noticed that all the hinges on each and every door to the room was on the outside ... anyone could show up at any time and steal the doors
Be well, Warden William Smithers!
- Yeah, you too!
It's the gradual change that scares me. First it starts with things that people can justify easily until it seems like a normal part of life then how can you object to something so harmless. Besides it's for our own good. How long will it be before you need an implanted chip to use a fire arm? They are already pushing for chip activated pistols that would need a ring or wristband to be used. Next step would be implants. Who could object? How long before drivers licenses require inplant chips? No time soon but eventually. Indentity thieft may make people even demand it. Remember driving isn't a right. You want to do it you abide by the rules. How about credit cards? Banks loosing money to thieft may start pushing for chips to combat thieves. You want a credit card you get a chip. May be not for fifty years but I think such things are the future. DNA identity systems may make the credit card version unnessaccary but then we are constantly having our DNA checked. A job can require DNA scanners for identification but what is to stop the same machines from checking for genetic desease? Suddenly to keep health costs down companies start laying off high risk employees. All such systems are dangerous and will be abused. The real reason is never for your benefit and in the end will take away our rights.
I started to track some of this a few years ago. I lost a lot of the paper articles, but maintained a bunch of html links (many became dead links for one reason or another).
We have been monitored a long time and for many different reasons. The public is mostly ignorant, AS THEY SHOULD BE. Could someone explain to me why we would want everyone to know that our governments have monitoring in place? It isn't something that could ever openly be acknowledged. Kind of like not letting Germans know that enigma was broken during WWII (good thing we got ahold of one of the machines)
I am not much of a Conspiracy Theorist (at least now anyway). I realize that it is necessary for a global society in the state that we are in to monitor and track. There is extreme good that can come of it, and extreme evil.
But I digress. I don't think that this instance is a notable trend towards NWO. I am MORE CONCERNED about the recent mass hiring of IT by the FBI to help develop the centralized database tracking system as part of the new national ID program. Ok, NOW you can be worried.
Now people are required to inject glass capsules into their arms to enter a facility?
Now we know asbestos kills.
What will be said of placing RFID tags into our bodies 50 years from now.
Some risks are worth taking, there is no question. For me, this is not one of them.
Obviously don't want geeks. No self respecting geek would have biceps!
Engineering is the art of compromise.
Paranoid? Not until you do all of your computing inside a Faraday cage. Until then, you're just a TEMPEST in a teapot.
Carthago delenda est!
VeriChip has been cracked. That's only because it didn't use cryptography. JHU researchers have cracked the Exxon Mobil Speedpass [research link] cryptographic RFID devices using brute force. It took 15 mintes per key, but this required 16 $200 FPGAs ($3200) working in parallel.
Ignoring the time taken to reverse engineer the protocol, it also requires extra equipment to do the analysis for the actual reverse engineering. To my knowledge, no code has been published publically.
At this point in time, it seems that cryptographic RFID devices, despite being cryptographically weak, are pretty secure from a practical standpoint due to a level of sophistication require to execute attacks currently.
Plus I must wonder a) how close you have to be to read/activate VeriChip devices and b) if the readers are inside of a faraday cage when they enter the facility. At the very least, this will remove the possiblity of using lost keys or ones that were left lying around unattended.
I am not confused.
My reference to asbestos, once used as insulation in homes/buildings, was to note the now well known effects of cancer caused by asbestos.
Perhaps in light of this information, my previous post will seem more complete.
If most of the employers in a town suck, you can do quite well by being the one place that doesn't. Grab the 20-percenters from every other IT outfit in town.
I did a bunch of interviews to pick out a developer for a customer of mine in Denver once. We weren't offering a whole lot of money, but just the fact that we were doing something moderately interesting attracted an amazing level of quality among the applicants I saw.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
I went to their web site and many time they repeat the word "secure". Now granted this could be marketing bunk destined to pointy haired boss, but a passive RFID tag without private key cannot be qualified as secure even remotely. So I will stand on a leg and state that the GP is wrong and the Parent post is right, you cannot so easily copy the tag.
p eople purport is short. For me 1 foot is short. With 5 meters/15 feet readability, then you can REALLY immagine implementing a reader everywhere and fully track a population (in a firm/company/city/country).
Veri Chip
Veri Guard Brochure
What is quite frightening is that they purport on site tracking up to 15 foot (5 meter!). This is WAAAY beyond the distance the RFID-CHip-are-ok-sleep-safely-it-won't-be-abused-
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
Is this the first time civilians have been required to do thing type of thing?
This may not be exactly the same thing, but it's somewhat of a precedent: A few years ago, after a mammogram, my wife had a biopsy to check out something "suspicious". It turned out to be nothing important, though.
Some time later, she had another x-ray at a different place, and she saw that the image had a visible object at the site of the biopsy. She was told that it was a small piece of plastic left behind during the biopsy procedure, and that this was a fairly common thing. Sort of a "We were here" tag.
Whether it's an RFID chip we don't know. But at least some medical people are already implanting small "innocuous" things without mentioning it to the patient. And there have been stories of medical uses of RFID chips to help avoid the common problem of misidentifying a patient.
It's easy to put such things together. If you've had any "penetrative" medical work done in the past few years, there's a good chance that you're carrying an RFID chip now.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
The reason they would take the whole arm is that it would probably be difficult to dig around in the arm to find the implant. Much quicker to just use a hacksaw and take the arm. Plus they might damage the RFID chip while trying to extract it.
The whole idea is about as silly as it can be. While it sounds hi-tech and probably would impress most managers it does nothing NOTHING to improve security.
Although it might be good to use as a method to tag point haired bosses so we can track their movement through the various companies during their careers.
Everyone should know so that they can act appropriately. For instance, what's the point in voting when Diebold will just hand the election to the highest bidder?
The monitoring should go both ways. Elected officials should be monitored 24/7, audio and video, and these feeds should be made available to the public for their amusement and also to ensure that we know when they're talking to Diebold, or Enron, or Halliburton, ad nauseum. This would go a long way towards eliminating corruption--which is of course why they'll never go for it.
I feel fantastic, and I'm still alive.
On Endemol's TV, you watch Big Brother!
Justice is the sheep getting arrested while an impartial judge declares the vote void.
I know because I spent 2 years developing a replacement for them to be marketed locally - DVRs that record up to 64 channels of live audio and video at up to 30 fps. And those give you pictures, unenhanced, that the cops CAN use. I was at a customers' on Friday - someone had stolen a mirror from a car in the parking lot. So, thanks to continuous (not time-lapse) coverage, he had the thiefs face, his cars make and model and color (a lot of those time-lapses are monochrome), etc. So, hit the print button and there's your guy. MUCH better.
Even in 2-hour mode, with no time-lapse, a VCR isn't going to give you the same 705x480 recording from 1 camera, never mind 8, 16, 32, or 64, and it won't be nearly as searchable.
So, to do something remotely equivalent to a DVR for 8 camersa would require 12 tapes per day x 8 (1 per camera) x 30 days per month - in just 1 month you will have gone through 288 tapes. Now, instead of 8 cameras, make it 64. 2,304 tapes per month, plus you have to manually load, unload, label, log, and manually walk them to storage. If it takes 2 minutes to do each one, this will require 2 people, 24 hours a day (because 1 person, at 2 minutes per, would need a minimum of 128 minutes an hour, not counting pee and lunch breaks). The tapes can't be the dollar-store variety either, so even at $2/tape, your tape budget alone is $4,608, plus the cost of 2 employees x 3 shifts x 7 days ... even at minimum wage, they would be more expensive than just buying a couple of terrabyes of cheap raid (6 x 300 gig == 1 month storage for 64 cameras at 25 fps, for under a grand.)
Plus, you can't just stack these tapes one on top of the other to the ceiling - you have to shelve them. That takes space, and climate control. 1 year's worth of tapes (27,648 tapes) takes up a LOT of room, compared to 72 hard disks, that can all fit in a single fireproof storage cabinet.
And if you want to be doubly secure, you can mirror the hd offsite every day and still be well within your budget. A days recordings fit in your pocket on a single hd, or you can even send them over the net in real time for critical stuff. Try doing that with tape.
And anyone who requires access to the datacenter to do their job, such as operators and sysadmins, cannot DO their job unless they get the implant. And if they cannot do the job, how are they expected to maintain employment?
I'm sure the company has other jobs which the people are qualified for and do not involve access to the datacenter. Only two employees got the chip, so surely there are available job positions which don't involve getting chipped.
I suppose the official reason for termination would be "uncooperative attitude." Certainly not "he refused to get chipped." Or maybe the company will concentrate on ways to make the employee so miserable, he just quits. Problem solved.
I doubt it. In either of those two situations the company would likely be responsible for paying unemployment compensation and/or severance pay. It seems like a much better solution for the company to just give the person an alternative job.
Sure, the person might wind up getting passed over for the next promotion, but if the company is smart that's about the extent of it.
And you think so 3-dimensional. I'll take a hypercube...
You gotta be careful with those. You think refolding a roadmap is tricky...
I refolded my hypercube in the wrong order and ended up in Poughkeepsie in 1878. That was embarrassing.
By the taping of my glasses, something geeky this way passes