Jump to content
The Inquirer-Home
Communications > Security

Massachusetts tries to silence whistleblowing hackers

Gets restraining order
By Nick Farrell
Monday, 11 August 2008, 09:17

THE MASSACHUSETTS Bay Transportation Authority has won an injunction against three MIT hackers who were about to tell a security conference about holes in the security of its automated fare system.

A federal judge ordered three college students to cancel a Sunday presentation at Defcon conference in Las Vegas. The complaint claimed students offered to show others how to use the hacks before giving the transit system a chance to fix the flaws.

The Electronics Frontier Foundation, which is representing MIT students Zack Anderson, RJ Ryan and Alessandro Chiesa, plans to fight the order.

The presentation was distributed to attendees on CDs on Thursday, before the conference officially began and the transit system filed suit and was shoved onto the web.

It seems that the Massachusetts Bay Transportation Authority had good reason to want to silence the three.

Electronic copies of the 87-slide presentation circulating on the world wide wibble mock the Authority's transit system's physical security. The conference was supposed to see photographs of unlocked doors, turnstile control boxes and exposed computer monitors at subway stations.

But what miffed the MBTA was that the presentation would teach attendees how to generate fare cards, reverse engineer magnetic stripes on cards and hack radio frequency identification (RFID) cards.

One slide says: "And this is very illegal! So the following material is for educational use only." µ

L'Inq
AP

Share this:

< Previous article| Next article >
Comments
yahoo! does! better! job!!!

a quick search reveals a much more informative yahoo news article that supplies everything else you expected this reporter to provide. &#xD;
If i wanted to research stories myself i would not bother reading this site.&#xD;
http://www-tech.mit.edu/V128/N30/subway/Defcon_Presentation.pdf&#xD;
&#xD;
go get some caffine nick, seems like you need some.

posted by : stewed, 11 August 2008 Complain about this comment
Lucky...

An injunction? I’d say these people got off light.&#xD;
&#xD;
It’s a good thing that their presentation didn’t include flashing lights; or they could be facing the bomb squad:&#xD;
&#xD;
http://www.forbes.com/2007/02/01/cx_ml_0201varitytv.html&#xD;
&#xD;
or SWAT&#xD;
&#xD;
http://machinist.salon.com/blog/2007/09/21/star_simpson/&#xD;

posted by : thomas_seeker, 11 August 2008 Complain about this comment
Easy fixes

Wow, I can see a few very easy low impact fixes that help mitigate this problem. But really, who doesn't store the account and value in a central DB? It's easy stuff. &#xD;
&#xD;
I know, lets release a shopping cart and store the prices in the HTML form! Great idea.&#xD;
&#xD;
GZ

posted by : GZ, 11 August 2008 Complain about this comment
Advertisement
Subscribe to the INQ Newsletter
Sign-up for the INQBot weekly newsletter
Click here to sign up Existing user
INQ Whitepapers

Business Intelligence Software

Customer Relationship Management (CRM)

Enterprise Accounting Software

Enterprise Resource Planning (ERP)

Enterprise Systems Management

Jobs
Powered by INQJOBS
Advertisement
INQ Poll

Christmas computer sales

Will you be buying a new computer this Christmas?

View other polls
Follow us:
Business & Technology websites:
Business research resources:
Products:
Investment Market IT websites:
Find out what you are worth:
Search for a job: