After Security Breach, Harvard Unveils New IDs

["Richard M. Smith" <rms () computerbytesman com>]

http://www.thecrimson.com/article.aspx?ref=523934

The Faculty of Arts and Sciences (FAS) announced last week that students,
faculty, and staff will receive new identification cards that use
contactless Smartcard technology when they return to campus this fall. 

The upgrade comes less than a year after Theodore R. Pak '09 was caught
creating duplicates of the Harvard University ID (HUID) cards belonging to
University President Drew G. Faust, Assistant Dean of the College Paul J.
McLoughlin II, and Dunster House Superintendent H. Joseph O'Connor. 

Pak's hack revealed a significant security flaw in the more than 15-year-old
swipe card system, as he was able to gain access to buildings and gates
across campus with only knowledge of HUID numbers and a $200 card reader
bought from eBay. 

Assistant Dean for Physical Resources Michael L. Lichten said that the Pak
incident "was a motivator for us to move more quickly in putting the new
system in place." 

Prior to the Pak incident, HUID numbers were available to a number of
individuals at the University including undergraduate User Assistants,
Harvard University Dining Services workers, building managers, and freshman
proctors. The University has since strictly restricted the access to these
numbers, putting in place a number of protocols that limit how and when they
can be displayed and accessed by members of the Harvard community.

...

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.