"to my enduring professional shame – I even TURN THE CARD OVER and try again."
Where's the shame? That works sometimes. Experiment trumps theory.
"Never heard of them." Well, could you look again? "They're not on the list, sir." Look, I was here last week. The business I am visiting today definitely exists. It's in this building. Please let me through. [shuffling of papers] "Did you want Amalgamated Durables? No? How about Insure and Blow? Or is it one of those tech …
Yeah, surely if the coil is slightly nearer one edge of the card, turning it over will increase the chances of it working? Certainly with fobs this is the case.
However, what "non-IT" people don't realise is that just holding it ON the RFID reader does nothing. It has to be moving in order to induce the current to power the radio circuit inside it.
However, what "non-IT" people don't realise is that just holding it ON the RFID reader does nothing. It has to be moving in order to induce the current to power the radio circuit inside it.
Err, no, in the same way that you don't need to be juggling your laptop charger in order for the transformer to work. The magnetic field is constantly varying anyway, you dont need to add movement on top of that which is generally too slow to generate meaningful power at any rate.
Depends on the source of the magnetic field... If the field is generated by a constant DC source, the field will not vary and you will have to move something to induce the current in the secondary winding.
If the primary is fed by an alternating source, the field is continually forming and collapsing, and movement is not required.
That's why transformers don't work on DC, and why electro magnets don't work very well on AC (they keep dropping things 100 times a second as the phase changes and passes 0v).
So rest assured, RFID readers have an oscillator feeding the coil a nice wobbly current, and the magnetic field will be oscillating along with it.
To get in the building, you need what, in the vernacular of the research establishment, is called a B-swipe. To operate the lifts out of hours, you need an L-swipe. To gain access to the "biological services unit", you need a much coveted, top-security clearance, X-swipe. To get into the next building along using the underground tunnel and not get wet, you need a C-swipe. And if you are planning on going to the toilet, be sure to take an R-swipe.
Seriously, go somewhere totally off grid for a week. The world can get by without all that stress you know.
I was in a similar situation to you in 1992. I was doing lots more than I was really employed to do and not being able to say that dreaded word NO!
I ended up in St Thomas's ICU with severe chest pains. Thankfully ony Angina and not a heart attack.
Chill out. Switch off and get de-stressed.
Yes, I know that this is an article for the weeked and we should all be relaxing ( or sitting at LHR waiting for my flight to JFK) but man, for heavens sake CHILL and learn to say "No, not my job".
Seriously, go somewhere totally off grid for a week. The world can get by without all that stress you know.
I was in a similar situation to you in 1992. I was doing lots more than I was really employed to do and not being able to say that dreaded word NO!
I ended up in St Thomas's ICU with severe chest pains. Thankfully ony Angina and not a heart attack.
Chill out. Switch off and get de-stressed.
Yes, I know that this is an article for the weeked and we should all be relaxing ( or about to head for LHR and my flight to JFK when the Taxi arrives) but man, for heavens sake CHILL and learn to say "No, not my job".
Amalgamated Durables dissolved last year. Inspired by this near miss, I found 3x Omni Consumer Products, 35x Universal Exports and 314 Ubrella's, but no Weyland Yutani. The Tyrell Corporation could be an ISP in Kansas, but I could not find their web site.
Got to run... the Mighty Jagrafess of the Holy Hadrojassic Maxarodenfoe is getting impatient.
As someone who has been in charge of access control system instalation in a former career, I can say this happens all too often, and I've been on the receiving end of dead cards and locked cupboards.
Even more fun when the door strikes are "fail secure" on power cut, the power goes out, the panel backup battery isn't connected (needed to power cycle the controller earlier and forgot to reconnect...), the breaker panel and acess panel are inside the room that is now a vault, and you don't have a master key.
Almost as fun as when I was instructed to install a damn obnoxious lift truck horn to sound if someone proped the doors open more than 10 seconds...
If the door strikes are on the outside, then a decent screwdriver works as a card substitute. Never really understood why people do that on 'secure' doors other than it's easier than making the doors open outwards.
Best purgatory was a site where doors had an video intercom connected to the NOC, and they controlled entry. What you had to do to gain entry depended on who was on shift, and how bored they were.
>> What you had to do to gain entry
Yes, I have a colleague who was refused re-entry via a convenient side door after he had nipped out of the company gym for a run. The jobsworth on video security could see that he was waving a valid pass and covered head to foot in sweat but still made him walk up the road and use the main entrance and take the public lift back down to the gym, dripping sweat throughout.
A few years ago I worked at a site where the bogs were only accessible from the secured area but were shared between two companies in adjacent offices. The result was that you needed a pass to get out of the bog. The passes were managed from 100 miles away by a nest of jobsworths who used to cancel them in an arbitrary way in the middle of the working day. You can guess where I was when my pass got cancelled.
More recently I've encountered a system where you need a pass to get out as well as in, and where the doors send you a stroppy email if you aren't meticulous about closing them behind you.
From Noirware (Hal Berghel, University of Nevada, Las Vegas), IEEE Computer, March 2015.
I have drawn an orthogonal distinction between a posteriori bad ideas (those that, in practice, just didn’t realize expectations) and a priori bad ideas (those that could or should have been identified as wearing a cloak of dopey by a competent knowledge-domain expert before any work began). Dopey a priori offerings become part of the disaster literature, and many are destined to be featured in eponymous documentaries. Not everything we can do is worth doing. The use of RFID in security-challenging is really a poster child of a priori misguided technology.
The last time I discussed this topic, I gave two examples: the use of RFID for keyless entry and transit passes, and the laughable Western Hemisphere Travel Initiative (WHTI) People Access Security Service cards (PASS cards) (https://cdt.org/files/security/20070124passcard.pdf). This WHTI PASS card is a particularly poignant example of how a government’s fondness for bad ideas can fill the military–industrial–surveillance–political–media–prison–energy–healthcare–academic–thinktank–corporatist–homeland security complex’s coffers.
...
RFID for keyless entry and pass cards are examples of TECHNOLOGY ABSURDISM: technology development that ignores, fails to appreciate, or underrepresents obvious negative externalities. Placing technology development in the hands of the unskilled, ill-trained, or poorly supervised pretty much guarantees that the resulting technology will fail to meet our needs and expectations and expose us to increased risk. Those of you who are software engineers and developers could write books about this phenomenon from your own personal experiences. It’s incumbent on all of us to remember that many, if not most, of the worst technological ideas were identifiable as such a priori. In the hands of bad leadership, technological absurdism drifts toward TECHNOLOGY NIHILISM that in turn drives subprime innovation of limited or ephemeral value. The National Security Agency (NSA) dragnet surveillance programs typify technological nihilism in this sense, and they’re linked to exceedingly poor leadership.
Keep reading, even the most boneheaded student / PHB looking for easy access "solutions" should have a chance at reaching enlightment, we are nothing if not an egalitarian society. Meanwhile I will help you out with some Internet: RFIDiocy: It’s déjà vu all over again
"Meanwhile I will help you out with some Internet"
Much obliged, although to be fair all I've found there is a fellow awfully enamoured of the sound of his own voice - desperately trying to appear knowledgeable recounting a bunch of security trivia any interested party would be aware of by now - who's entire point (if he has one at all, still can't quite tell) seems to be that there's no such thing as perfect security. Well, d'oh, mate... -->
I still can't figure out what PITB means. I've googled it. I've hidden under the desk. I would stand on top but my neck would break against the ceiling. My subconscious keeps spitting out "Pissing In.." and "Protuberance Instigation..". I can only assume it's doing this dependant upon me being down the pub or visiting my mother. Neither helps.
As far as I can tell, the main part of the argument is "don't give complicated technology to stupid people. If you do they'll only mess everything up, just look at the NSA".
Some people hate to use ten words when a hundred longer ones can make their point thoroughly opaque.
I keep my access card in my wallet - I hate wearing the little yo-yo-on-the-belt holders, and lanyards make me feel like I should be backstage at a rock concert, not entering the office from the west stairwell. Problem is, our RFID readers also seem to read NFC credit cards, so when you wave your wallet at the reader, it's a crapshoot which card the reader is going to pick up first. Didn't take more than a few faceplants into a door that's still locked because my Visa won't open it before I finally learned to slow down and make sure I hear the little click of freedom.
I tend to keep access cards of any type (such as a London Transport Oyster card and access badges) far away from my wallet because I worked in locations where identifying where you wallet was and what it looked like was just a *bad idea (pro tip - ignore any posters that say "is your wallet safe" because crim gangs loiter around such posters to see where you check).
As for RFID credit cards, I will never accept that abomination from my provider. There is no hope in hell I'm ever going to give any device untrusted wireless access to a payment method.
The use of one wallet to carry all cards, is no longer sensible. Each card needs to be kept sufficiently far from all the others to avoid confusing the sensors.
To avoid having passers-by collecting the information carried by each card, seperate Faraday cages are required.
If the exterior of each Faraday cage card wallet were to be given a unique shape, we could use the individual wallet instead of the card if the lock were able to recognise the correct shape. I think the ancient Romans had something like that, called a key. They actually work rather well.
"If the exterior of each Faraday cage card wallet were to be given a unique shape, we could use the individual wallet instead of the card if the lock were able to recognise the correct shape. I think the ancient Romans had something like that, called a key. They actually work rather well."
Or.. you could use a little RFID tag to identify each wallet.
"The use of one wallet to carry all cards, is no longer sensible. Each card needs to be kept sufficiently far from all the others to avoid confusing the sensors."
But since most of us have just ONE pocket to spare (if ANY), it kind of becomes a necessary evil to put them all in there.
I have the opposite problem: my work access card in my wallet activates the shoplifting alarms at most of the local stores. It's quite the conundrum to the average retail employee when it goes off and you're *coming in the store*
Nowadays the alarms are so frequent, they just sigh and press the silence button, no matter what the situation is.
To my shame (well, a bit), there was a shop in town which had those anti-shoplifting sensors very close to the frontage and our work cards would set them off if you walked past outside. Some days when walking down that area I would let my intended path drift towards that shop and gauge how near you had to get to trigger the alarm.
You would have an RFID blocking wallet if you had any sense, otherwise anyone with some cheap kit could skim your cards or track you; card issuers are frankly negligent the way they issue RFID cards, including by post!!!
Eagle Creek (from http://www.ultralightoutdoorgear.co.uk/) make some practical RFID blocking wallets, unlike the impractical carp found on Firebox etc.
I have my work RFID card on one of those yo yo things at work because it has to be visible at work but I refuse to use a lanyard, and it gets put in a pocket after leaving work. I have also had fun with forgetting cards behind doors with a push exit button, so it helps to have it visible to ensure that I can exit work especially on the brief occasions when reception is empty!
From my experience, they are only in charge of handing out passes to whoever desires one, and that is the paper ones you receive in a plastic sheet with a clip, you know, the ones you end up throwing away every day because you forgot to hand it back in (it's fun to do though - it confuses them because it normally never happens).
I took on a job somewhere in London, and was duly issued a badge, valid for the 3 weeks that I was there. Come the next day I wake up late, scramble to get there in time and realise on entry that the badge is still at at home. I also notice that this is another group of guards, so they won't recall giving me a badge. I have 3 choices. One: I go over there, ask them to issue a day badge. Risk: they may have to ask the client, and I look stupid. Two: I can ask the company to let me pass and again get a day badge. Risk: I'm certain to look stupid (short note: this was early days, I'm no longer that sensitive). Three: take a shot at getting in without a badge.
I naturally take the risky option (men do BBQ because there's danger involved) - I tailgate and get in without anyone the wiser. OK, it wasn't *that* risky, for reasons that will emerge in a minute, but I got in without a badge.
It had now become a challenge, so for the rest of the entire 3 weeks I kept the badge in my pocket and tailgate. Only on the very last day a guard decides to ask for the badge.
Now, my job was to review & fix my client's IT security...
I remember the first day in one job, the security was showing me about and one door he said was particularly stiff and needed a good shove. I scanned my card, it beeped and wouldnt open so I gave it a good push with my shoulder which summarily splintered the door handle mechanism and opened. I hadn't noticed the red light after the beep....
We had a lot of tailgating, but the problem is we're at Orlando int'l airport and used to be in the identical building opposite the local FAA office.
One day, a airline pilot managed to get to the sixth floor by tailgating people. Unfortunately, instead of realizing his mistake and slinking back out, he decided to get pissy and start demanding to know where the hell the FAA office was... from the security people who decided to take Official Notice of his trespassing in a controlled area. The FAA were notified and being as how it was 8 months past 9/11, things spiraled very badly downhill.
"the security people who decided to take Official Notice of his trespassing in a controlled area. The FAA were notified and being as how it was 8 months past 9/11, things spiraled very badly downhill."
It's not clear from from your post just exactly who it "spiraled very badly downhill" for, but I hope you meant that it was "security" who were in the shit for allowing an unauthorised person to get so far into the building without a proper pass. I suspect you mean that "security" made life hell for the pilot though.
Ditto in old bank vault wrt Manchester. Aix HACMP which is one area (recovery) I know nothing about. Like standing on the edge of a cliff & not jumping off. Kept looking at the wall, wondering what would happen if I pressed the master power doofrey. Hundreds of machines.
I could have been anyone, as far as security was concerned. Pre 9/11 but I could have given that pass to anyone.
"What French ID carte? There is no valid ID cards you can get from France unless you are either French or not from the EU (carte de séjour/de travail)."
A "Titre de Sejour". You can request this even as an EU citizen.
I'm actually just renewing mine after an address change, Including all the digital fingerprint shenanigans for the "biometric chip".
It's not compulsory to have, but useful if you don't want to carry your passport around for ID.
(Which is compulsory at all times and doubly so when trying to get into most customer sites.)
Driving licences are not legal valid ID in France as it is not compulsory to update the address on them. Our UK passports don't have an address, but they are valid ID. Who knows how their warped bureaucratic minds work....?
Pretty easy, they want ID cards or passports, nothing else.
Now as an example of petty burocracy I was particularly impressed with news that DVLA have changed how cars are sold on and say that a soon as a second-hand car is sold it becomes untaxed, the previous owner is refunded for the unused portion of the year, and the new owner must get it taxed immediately.
In this age of everything being recorded on CCTV and datestamped, how are you supposed to get it home and drive it around for the next week or so while you sort it out? I don't believe it's even occurred to TPTB in Spain to do it this way, that's how petty it is.
I once had this in Paris - nobody had told me that the site we were going to visit needed ID, so I had all of that locked away at the hotel. Duh.
Much to my surprise, a business card was acceptable too, so I took one out of my pocket. Only as my hand moved towards the desk did I notice that it was someone else's business card (someone I met the day before).
Like a true professional, I decided to go with the flow and sure enough, I got away with it :).
Trying to collect a parcel for someone else who lives in the same house as you has become a nightmare. They won't accept bills anymore.
"Yeah, you might have been riffling through someone's bins you see..." said the bloke handing me back my immaculate A4 file of bills from the last 7 years, and the current tenancy agreement in its plastic coated wallet, and my passport and my driving license with the address on, and a letter of authority signed by my flatmate.
"Does it look like this has come from the bins? And how did I get your little red card?" I ask.
"You might have gained access to the inside of the flat."
"In which case why would I bother with the risk of trying to pick up a parcel you attempted to deliver 4 days ago, and if I could get into the flat and had access to all this stuff, wouldn't I just steal a credit card to use that?"
"Only credit cards, passports and driving licenses. Them's the rules."
My flatmate has only one of those, and if I ask her for her credit card....???!!! And woe betide you if you forget your little red card saying that you weren't in.
You can even buy a small kit (sparkfun.com) that allows you to read them. It includes a couple of cards as well. Of course the sensor needs to be pretty close (for the cheaper sensor, I have), but it works quite well. One of these days, I'll make it unlock/lock my computer when I go away for a while.
I have yet to try it on US passport cards. I'll be able to do that in a couple of days.
BEEP.
One of these days, I'll make it unlock/lock my computer when I go away for a while.
Yes, got a Bluetooth proximity lock for OSX as well. Very handy when working on site, and an easy way to impress the natives :).
You can read all the passport RFID stuff on a smartphone (indeed there's a free NFC Passport app on Google Play). It's mildly rewarding to play with, it contains much the same data as is printed, plus a full colour photo of the bearer. But being a single wire protocol (I understand), and drawing power from the reader, it's somewhat slow (tens of seconds).
You need to unlock it with the passport number, so that's why you OCR and wait at the magic passport control eGates.
You can also play freely with 'mifare' NFC chips, I got 100 for $25 from China, you can read/write/play all you like. Worth it for the fun factor.
"moved over the reader from 7cm above, at an angle of 12 degrees to the horizontal, for precisely 0.2 second."
A h yes, the old holistic gym. Train your body AND your brain in one visit.
Only tangentially related, but one company I did time with used iris recognition for secure entry. Nothing to leave at home or lose (unless you're VERY clumsy indeed). It was just like Half Life, except for the polite electronic voice droning "Stand further back. Come forward. Stand further back....."
Reading the article I suddenly realize, why people yell and scream so much online, like little toddlers.
People who are inherent cowards that are afraid to use violence in a real justified situation, are like hungry people who dream about the things they don't have or do, or are never confronted with.
When you're hungry you have fantasies and dream about mountains of food, I'm now starting to believe it's the same for violence. As in when you're never doing it, you come up with all these pervasive fantasies how to hurt others.
I never get violently angry until the moment that I'm forced ,to start to exercise that violence for real.
This happens normally only after somebody else has signaled they want to use violence on me, and then I will have to counter that by showing that I will take you with me in to the hospital, that is, if I'm set with my back against the wall, and only reacting or threatening to react in kind will help.
Because I will always try to leave my opponent with a graceful way out, making sure people are not with their back against the wall. Then again there are of cause juvenile people who are just simply violent because they have no control over them self at all like Clarkson, which is even more sad.
In any case I never have these violent fantasies like displayed in this story, it was an interesting read.
Kid: "Are we there yet?"
Life: (tends to be shit)(*)
HR: Tell kid off
Religion=Kid
(*) Unless like me you've got a pair of lesbian twin sisters (aka Bottom "doing it" [rip RM]) under your duvet or as my wife likes to point out: "in your imagination". In neither case does it result in violence.
[edit] There should be a ")" somewhere.
Been there just this week. Government building in fact this time. Almost got arrested. By guys with guns.
My favorite is new passcards not working for weeks after being issued. Or not being able to get one for weeks AFTER already starting the job.
WHAT THE FUCK IS THE PROBLEM?!!!!!!!!!!! HOW FUCKING HARD IS IT???
There is no doubt that HID Corp. are globally responsible for many tears and arguments with control room staff. That's when the doors or turnstiles themselves are functioning properly, too.
It's a whole other story when you scan your card, the light goes green and you try to walk through the turnstile to be met with a loud clunk and then get trapped in the damn thing.
One of our night security guards used to get locked out without his pass quite often. By means of his positioning and body-language he was very good at giving the impression that he just happened to be passing the door as you were going out and that he wasn't hanging round outside waiting to be let in at all. It was a masterful performance.