Sat 22 Nov 2008
Search
RSS Feed

RSS Feed

Edited by Paul Hales

Published by Incisive Media Investments Ltd.

Terms and Conditions of use.

To advertise in Europe e-mail here

To advertise in Asia email here.

To advertise in North America email here.

Join the INQbot Mail List for a weekly guide to our news stories:

Subscribe

Massachusetts tries to silence whistleblowing hackers

Gets restraining order

By Nick Farrell: Monday, 11 August 2008, 8:17 AM

THE MASSACHUSETTS Bay Transportation Authority has won an injunction against three MIT hackers who were about to tell a security conference about holes in the security of its automated fare system.

A federal judge ordered three college students to cancel a Sunday presentation at Defcon conference in Las Vegas. The complaint claimed students offered to show others how to use the hacks before giving the transit system a chance to fix the flaws.

The Electronics Frontier Foundation, which is representing MIT students Zack Anderson, RJ Ryan and Alessandro Chiesa, plans to fight the order.

The presentation was distributed to attendees on CDs on Thursday, before the conference officially began and the transit system filed suit and was shoved onto the web.

It seems that the Massachusetts Bay Transportation Authority had good reason to want to silence the three.

Electronic copies of the 87-slide presentation circulating on the world wide wibble mock the Authority's transit system's physical security. The conference was supposed to see photographs of unlocked doors, turnstile control boxes and exposed computer monitors at subway stations.

But what miffed the MBTA was that the presentation would teach attendees how to generate fare cards, reverse engineer magnetic stripes on cards and hack radio frequency identification (RFID) cards.

One slide says: "And this is very illegal! So the following material is for educational use only." µ

L'Inq
AP

Comments

yahoo! does! better! job!!!

a quick search reveals a much more informative yahoo news article that supplies everything else you expected this reporter to provide.
If i wanted to research stories myself i would not bother reading this site.
http://www-tech.mit.edu/V128/N30/subway/Defcon_Presentation.pdf

go get some caffine nick, seems like you need some.
posted by : stewed, 11 August 2008

Lucky...

An injunction? I’d say these people got off light.

It’s a good thing that their presentation didn’t include flashing lights; or they could be facing the bomb squad:

http://www.forbes.com/2007/02/01/cx_ml_0201varitytv.html

or SWAT

http://machinist.salon.com/blog/2007/09/21/star_simpson/
posted by : thomas_seeker, 11 August 2008

Easy fixes

Wow, I can see a few very easy low impact fixes that help mitigate this problem. But really, who doesn't store the account and value in a central DB? It's easy stuff.

I know, lets release a shopping cart and store the prices in the HTML form! Great idea.

GZ
posted by : GZ, 11 August 2008
IThound
Search for solutions, reports & analysis

Newsletter signup



 

Top INQ Stories