NOTE FROM CLEMENT:
RFID has been in the news quite a lot over the past six months and rightly so. It is used within our passports, it is used on our credit cards, it is used within your public transportation tickets, it is used even on some of the common products you buy at the store.

I invite you to visit my tester website and look at some of the videos demonstrating attacks on RFID:
http://www.professionalsecuritytesters.org/modules.php?name=Flash_Player

Here is a recent article from cnet.com pointing to research and information on the subject:

http://news.cnet.com/8301-1009_3-10059605-83.html

By Elinor Mills
Security
CNET News
October 6, 2008

Want to ride the subway for free without having to jump the turnstiles? Well, as of Monday, you'll be able to do that by making a fake transit card.

A scientific paper detailing the security flaws in the Mifare Classic wireless smart card chip used in transit systems around the world is being published by the Radboud University Nijmegen. And a researcher at
Humboldt University in Berlin has published a full implementation of the algorithm (PDF) [1].

"Combining these two pieces of information, attacks can now be implemented by anyone," RFID researcher Karsten Nohl told CNET News. "All it takes is a $100 (card) reader and a little software."

Armed with the information in the papers, someone could steal the secret key from a Mifare Classic-based transit card and create a clone of it. As seen in a demonstration [2], data was collected wirelessly by merely brushing a card reader past someone carrying a card. The data was then used to create a fresh transit card that permitted free access to the London subway.

Subway systems in Amsterdam, Boston, and Beijing, among other cities, are also susceptible, as are building access control systems in Europe.

[1] http://sar.informatik.hu-berlin.de/research/publications/SAR-PR-2008-21/SAR-PR-2008-21_.pdf
[2] http://news.cnet.com/8301-10789_3-9978486-57.html