Stupidity and the mark of the morons
According to an article I read on SecurityFocus:
Two employees have been injected with RFID chips this week as part of a new requirement to access their company’s datacenter.
Cincinnati based surveillance company CityWatcher.com created the policy with the hopes of increasing security in the datacenter where video surveillance tapes are stored.
This kind of thing seems completely inappropriate in that first, RFID is a crappy mechanism for security given it’s demonstrable copyability, and second, it forces body modifications on employees. While the company says it’s not required, obviously it will be encouraged and those whose jobs require access to the data center and who refuse will likely face repercussions.
Ironically, the extra security sought may be offset by a recent discovery of Jonathan Westhues, where the security researcher showed the VeriChip can be skimmed and cloned, duplicating an implant’s authentication. When contacted, those at CityWatcher were unaware of the chip’s security issue, according to the spychips.com release.
The use of biometrics, such as retinal scans, hand geometry, etc., would be substantially more secure in many ways, and would not impinge on people’s body integrity. Not thinking through the risks and benefits is the first problem that often begins the spiral into stupid security. There are no doubt substantially better ways to solve this company’s problems, had they actually been focused on solving the problem, but it’s likely someone got fascinated by the “flash” of the idea and didn’t bother to really try and solve the underlying problem.
This entry was posted at 12:29 am on 12 February 2006 and is filed under Security. You can follow any responses to this entry through the post-specific RSS 2.0 feed.
No comments found.
Both comments and pings are currently closed.