Feeds

BOFH gets an RFID he can't refuse

Playing tag in Mission Control

  • alert
  • submit to reddit

Mobile application security vulnerability report

Episode 23 BOFH 2004

"It's.... a new ID card!?" the PFY says, looking at the item proffered to him by the Boss.

"Yes, and here’s yours," the Boss responds, handing me a duplicate of my current ID card. "If you two could just give me your old ones back - to.. stop them getting um.. mislaid, or into the wrong hands."

"Sure," I respond, handing mine over. "And we're getting new cards because why?"

"Some magnetic stripe thing for the security system - they're upgrading or something and the old cards won't work."

"Oh, of course!" I blurt, feigning knowledge. "That's probably what all the work on the readers has been about. Tightening up the place a little?"

"Yes, well, in these troubled times…" the Boss burbles, moving quickly on to the next batch of people.

"Troubled times, my arse!" the PFY snaps, echoing my own thoughts.

"Indeed," I say. "Let's just see what the Mailsafex has to say!"

I chuck the card into the X-ray unit we borrowed (late at night, without asking, for an indefinite period) from the mail room.

"Ooooh," I blurt. "I spy, with my little eye, something beginning with RFID transponder."

"An RFID transponder?" the PFY suggests.

"Indeed! >sigh< They must think we came down in the last service pack..."

. . .

Later that day at the Boss' office.

>knock< >knock<

"Wha - how the hell did you get there?" the Boss asks, quickly flicking away from what looks to be a geeky version of the Marauders Map, complete with thumbnails of people wandering about the building.

"Walked?"

"Uh - yes, right, of course, how interesting," the Boss gabbles, as he attempts to seem busy and distract my attention till the application closes.

"I was just wanting you to sign off this expense claim," I say, handing over a piece of paper.

"Not a problem," he gabbles, so rattled he's not noticed that the important fields are filled out in pencil. "So how's that.. uh.. new ID card working out for you?"

"This?" I say, holding up my card.

"Yes, that's it...or is that the old one?" the Boss says, holding out his hand.

I hand the card over and he burbles about appreciating technology of modern access methods, blah, blah, blah, whilst copping a quick shufti at it.

"It's got a hole in it!" he says.

"Yeah, I was going to hang it off one of those retractable cord things that people hook onto their belts, then I remembered how sad and geeky they look. You know, when people wear them believing them to be some form of fashion accessory or status symbol and that if they turn up at the pub with one dangling off their beergut Claudia Schiffer is just going to drop everything and go for them like a ferret up a trouser le.."

"I wear mine on my belt!" the Boss snaps.

"And that M'Lord concludes the case for the prosecution," the PFY chirps, appearing from below the partition immediately behind me.

"How long have you been there?" the Boss gasps.

"Ages! I'm installing the secretary’s copier."

"And you put a hole in your card as well?" the Boss asks drily.

"Yeah, and I thought the better of wearing it!"

"So you know about the RFID thing?" he sighs.

"What RFID thing?" I ask blankly.

"Don't play games with me - in your ID card. They're afraid of a civil liberties outcry."

"So why did you do it?"

The Boss thinks about it for a bit, then makes a quick decision.

"Come in - both of you - and close the door. . . >slam< This isn't for public consumption" he blurts.

"Ah... like the cafeteria's macaroni cheese" the PFY nods.

The Boss ignores him and continues. "There’s been a lot of thefts recently – small things mostly, a coffee mug here, a pair of sunglasses there – nothing much to get upset about. But last month someone stole the X-ray machine from the mailroom!"

"The thieving bastards!" the PFY cries "What did security say?"

"Nothing. As usual," he snaps, annoyed. "So we got a private company in to fit these detectors under the guise of upgrading the readers so we’ll know where everyone is. And we’re changing things so you'll need a card for everything - to use the lifts, do photocopying, get lunch at the cafeteria – you name it."

"So people keep their cards with them. Sneaky," the PFY says. "And then you'll know EXACTLY where people are."

"You know what you should do?" I say.

"What?" the Boss asks.

"Replace all asset tags with RFIDs as well - like RFIDs are supposed to be used - that way you'll know who left the building AND what equipment they took with them...."

"I... Yes!" the Boss gasps. "So we'll know who stole it!!"

"Exactly!"

...two weeks later the Boss is helping security with their enquiries...

It seems he didn't notice the self-adhesive RFID tag (of every piece of kit we wanted replaced) stuck on the 'letters to the editor page' of the newspaper he obligingly took to the tube with him on the way home.

And it seems that no-one noticed the aforementioned pieces of kit accelerating at 9.81m/s from the second floor Mission Control window into the skip bin below.

But security did notice the thefts, eventually.

And the discovery of the mail scanner in the Boss's office didn't help either... ®

Bridging the IT gap between rising business demands and ageing tools

More from The Register

next story
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
FLAPE – the next BIG THING in storage
Find cold data with flash, transmit it from tape
Seagate chances ARM with NAS boxes for the SOHO crowd
There's an Atom-powered offering, too
Gartner: To the right, to the right – biz sync firms who've won in a box to the right...
Magic quadrant: Top marks for, er, completeness of vision, EMC
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.