Slashdot Log In
RFID Injection Required for Datacenter Access
Posted by
Zonk
on Sat Feb 11, 2006 10:30 PM
from the one-way-to-make-sure-we're-working dept.
from the one-way-to-make-sure-we're-working dept.
user24 writes "Security focus reports that RFID injections are now required for access to the datacenter of a Cincinnati company. From the article 'In the past, employees accessed the room with an RFID tag which hung from their keychains, however under the new regulations an implantable, glass encapsulated RFID tag from VeriChip must be injected into the bicep to gain access ... although the company does not require the microchips be implanted to maintain employment.'"
Related Stories
[+]
Your Rights Online: Wisconsin Could Ban Mandatory Microchip Implants 395 comments
01101101 writes "The Duluth News Tribune is reporting that Wisconsin could be the first state to ban mandatory microchip implants in humans. The plan was authored by Rep. Marlin Schneider, D-Wisconsin Rapids and Gov. Jim Doyle plans to sign the bill. The bill still leaves an opening for voluntary chipping." Slashdot covered one instance of mandatory microchip implants back in February.
This discussion has been archived.
No new comments can be posted.
RFID Injection Required for Datacenter Access
|
Log In/Create an Account
| Top
| 551 comments
(Spill at 50!) | Index Only
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
|
2
Comrades... (Score:5, Insightful)
...and the Comrades marched rank and file into their working facility, while the Big Brother telescreen carefully scanned each implanted chip...
Big Brother (Score:4, Insightful)
It's a video surveillance company. You work in the data center, you become Big Brother.
A milestone (Score:5, Interesting)
(http://suso.suso.org/ | Last Journal: Tuesday March 09 2004, @12:03AM)
Re:A milestone (Score:4, Insightful)
Lots of stuff has been done to monitor civilian employees: Drug testing, email snooping, time card punching, video monitoring, background/credit checks, etc.
Re:A milestone (Score:5, Insightful)
(Last Journal: Wednesday December 07 2005, @07:15PM)
Re:A milestone (Score:5, Insightful)
(http://www.timewarp.org/ | Last Journal: Monday September 30 2002, @08:49AM)
--
Evan
Re:A milestone (Score:4, Insightful)
These things could be negated by RFID chips with rolling codes or read/write ability but these are not commonly available in the glass capsule RFID chips. I'd give good odds that this company is not pushing the boudaries either and has the standard one-id versions.
Bear in mind that RFID devices are operating on the limits of what power can be obtained from a fairly weak power source in the first place. Any extra complexity has a real impact on the operational range.
Rich
Re:A milestone (Score:4, Funny)
(Last Journal: Wednesday December 07 2005, @07:15PM)
(I admit it's not very catchy.)
Maybe not such a milestone (Score:5, Interesting)
(http://trillian.mit.edu/~jc/ | Last Journal: Saturday August 14 2004, @05:03PM)
This may not be exactly the same thing, but it's somewhat of a precedent: A few years ago, after a mammogram, my wife had a biopsy to check out something "suspicious". It turned out to be nothing important, though.
Some time later, she had another x-ray at a different place, and she saw that the image had a visible object at the site of the biopsy. She was told that it was a small piece of plastic left behind during the biopsy procedure, and that this was a fairly common thing. Sort of a "We were here" tag.
Whether it's an RFID chip we don't know. But at least some medical people are already implanting small "innocuous" things without mentioning it to the patient. And there have been stories of medical uses of RFID chips to help avoid the common problem of misidentifying a patient.
It's easy to put such things together. If you've had any "penetrative" medical work done in the past few years, there's a good chance that you're carrying an RFID chip now.
Re:Maybe not such a milestone (Score:4, Insightful)
(http://trillian.mit.edu/~jc/ | Last Journal: Saturday August 14 2004, @05:03PM)
I almost didn't read it when I noticed the -1.
Maybe the meta-mods will catch it, or maybe not.
Actually, using a second breast as a control for the other may not be all that great an idea. Usually they are slightly different in size and shape, as are most men's testes. And both breasts get exposed to anything in the blood stream.
What you obviously want is a second woman who is a match for the first in as many ways as possible. Then you compare all four breasts.
Lessee what sort of mod this gets
Re:From TFA (Score:5, Insightful)
And anyone who requires access to the datacenter to do their job, such as operators and sysadmins, cannot DO their job unless they get the implant. And if they cannot do the job, how are they expected to maintain employment?
I suppose the official reason for termination would be "uncooperative attitude." Certainly not "he refused to get chipped." Or maybe the company will concentrate on ways to make the employee so miserable, he just quits. Problem solved.
Re:From TFA (Score:5, Funny)
(http://ygingras.net/)
They have no problem to do their job without physical access, they installed telnet on all the servers.
Re:From TFA (Score:5, Funny)
To say nothing of employee's arms being taken and used to gain access. Just need to have a large plastic bags to put the body part in to keep it from leaking all over the hacker. Gives a whole new meaning to the term hacker.
I wonder if these are the same implants they use on dogs. If they are it's no wonder they are insecure. And I don't see how this improves security much if any. It would be better to have a two man rule enforced by the access system, using two factor authentication, and have cameras monitoring the access into the cages. Securing a data center is not that difficult. It can be costly.
One last thought, what does the company do if those implanted leave or are fired? Pay out the insurance premium for dismemberment when they remove the arm of the employee? I guess you know you are being fired when the security guard shows up at your desk with a box for your stuff and a hacksaw to revoke your access.
Yeah that was ironical. (Score:4, Funny)
(http://put-your-mone...r-mouth-is.com/blog/ | Last Journal: Monday January 29 2007, @02:44PM)
And then there is the whole magic marker circumvention method that is soon to be discovered (possibly within this thread).
Oh wait...
FTA: Ironically, the extra security sought may be offset by a recent discovery of Jonathan Westhues, where the security researcher showed the VeriChip can be skimmed and cloned, duplicating an implant's authentication.
Yeah... I can't wait for the Diebold spin on this story.
Typo (Score:5, Funny)
(http://www.vems.co.nz/)
Seriously, which genius thought putting a remotely readable barcode in an employees arm was ever going to be secure? Must the IT world really repeat the mistakes of the 80's garage door opener industry??
Re:Yeah that was ironical. (Score:5, Funny)
I think I'll prestate the sentiments of Slashdot. (Score:5, Funny)
I especially like... (Score:4, Insightful)
(http://www.davidsterry.com/)
At least, it doesn't need to be cut out to be used by a sufficiently motivated attacker.
Re:I especially like... (Score:4, Interesting)
(Last Journal: Tuesday November 26 2002, @07:28PM)
Paranoid? Yeah, a bit. But then I've never had to worry much about someone intercepting my phone calls or passwords over the air.
On the main topic, if no one is going to be fired for refusing, but part of their job is working on equipment in the datacenter, what happens?
Re:I especially like... (Score:5, Funny)
Paranoid? (Score:5, Funny)
(http://www.tonysutton.com/)
Paranoid? Not until you do all of your computing inside a Faraday cage. Until then, you're just a TEMPEST in a teapot.
does not require the microchips be implanted (Score:5, Interesting)
They won't require you to implant the chip to keep your job. But how long can you keep your job if you can't access the datacenter?
Re:uh, no. (Score:5, Funny)
Re:uh, no. (Score:5, Insightful)
(http://slashdot.org/)
Maybe they're right (Score:5, Insightful)
Re:Maybe they're right (Score:5, Funny)
(http://symbolset.blogspot.com/ | Last Journal: Saturday May 26, @11:53PM)
Well, it's Slashdot (Score:5, Funny)
Re:Don't panic (Score:5, Insightful)
I always knew Management worked us like dogs... (Score:3, Insightful)
What's next, kibble in the break room vending machines?
Why? (Score:5, Insightful)
(http://www.chriscanfield.net/)
What's the security benefit to injected RFID?
BTW, this [spychips.com] is the original article.
Re:Why? (Score:5, Insightful)
(http://slashdot.org/)
So in the end, the RFID makes things worse by imcreasing the level of access to the device itself.
Re:Why? (Score:4, Funny)
angle entirely.
Re:Why? (Score:5, Informative)
(http://www.berylliumsphere.com/security_mentor | Last Journal: Wednesday January 31 2007, @09:13PM)
If your threat model is someone walking into the data center with a lost/stolen/borrowed badge then requiring them to be injected does address the threat. But then so would issuing tokens in the form factor of a ring, except for the "borrowed" token problem.
So, if you don't know that RFID chips can be cloned, if you don't know that they transmit the same number every time they're pinged, if you don't know that they can be read remotely and cloned at leisure, and if you have contempt for your employees and are oblivious to human rights, you might come up with a requirement for injected RFID.
I sincerely hope that whoever came up with this isn't one of my colleagues in security consulting.
Interresting Question (Score:4, Interesting)
Veri Chip [verichipcorp.com]
Veri Guard Brochure [verichipcorp.com]
What is quite frightening is that they purport on site tracking up to 15 foot (5 meter!). This is WAAAY beyond the distance the RFID-CHip-are-ok-sleep-safely-it-won't-be-abused-
Religious Objection (Score:5, Insightful)
(http://ingenioustries.com/ | Last Journal: Monday February 16 2004, @07:40PM)
Re:Religious Objection (Score:5, Interesting)
I would imagine it would be just like the article stated: They can't/won't force you, but if you refuse, you don't get acccess to the datacenter. Just like the Mark of the Beast "... no one may buy or sell except one who has the mark or name of the beast, or the number of his name."
Re:Religious Objection (Score:4, Informative)
(http://aodclick.worst-decision.com/?clickid=198 | Last Journal: Monday October 01, @03:36PM)
It seems to me that it would be a little hard to claim that this, or a good many of the other things that people have pointed too, constitutes the mark of the beast.
- It is in the bicep region, not the forehead or right hand;
- It is not a name nor the number 666
From the book of revelations:13:16 He causes all, the small and the great, the rich and the poor, and the free and the slave, to be given marks on their right hands, or on their foreheads;
13:17 and that no one would be able to buy or to sell, unless he has that mark, the name of the beast or the number of his name.
I'm not sure what edition the above is from but it is plain English and close enough for this discussion.
13:18 Here is wisdom. He who has understanding, let him calculate the number of the beast, for it is the number of a man. His number is six hundred sixty-six.
On a side note: always wondered about making a program to compute all the possible combinations of the Jewish alphabet that adds up to 666 (filtering out all the nonsense ones of course). Someone must have done this somewhere already.
Merlin.