Home
News
Events
Bands
Labels
Venues
Pics
MP3s
Radio Show
Reviews
Releases
Buy$tuff
Forum
Classifieds
News
Localband
Shows
Show Pics
Polls
OT Threads
Other News
Movies
VideoGames
Videos
TV
Sports
Gear
/r/
Food
New Thread
New Poll
Miscellaneous
Links
E-mail
Search
login
New site? Maybe some day.
Username:
SPAM Filter:
re-type this
(values are 0,1,2,3,4,5,6,7,8,9,A,B,C,D,E, or F)
Select Color
orange
orange-red
crimson
red
firebrick
dark red
green
limegreen
teal
silver
sea-green
deeppink
tomato
coral
purple
indigo
burlywood
sandy brown
sienna
chocolate
FONT
XXSmall
XSmall
Small
Medium
Large
XL
XXL
:DG:
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Char
†
‡
‰
♠
♣
♥
♦
‾
←
↑
→
↓
™
–
—
¡
¢
£
¤
¥
¦
§
¨
©
ª
«
¬
®
¯
°
±
²
³
´
µ
¶
·
¸
¹
º
»
¼
½
¾
¿
À
Á
Â
Ã
Ä
Å
Æ
Ç
È
É
Ê
Ë
Ì
Í
Î
Ï
Ð
Ñ
Ò
Ó
Ô
Õ
Ö
×
Ø
Ù
Ú
Û
Ü
Ý
Þ
ß
à
á
â
ã
ä
å
æ
ç
è
é
ê
ë
ì
í
î
ï
ð
ñ
ò
ó
ô
õ
ö
÷
ø
ù
ú
û
ü
ý
þ
ÿ
b
i
u
add:
url
image
video
(
?
)
Message:
UBB
enabled
. HTML
disabled
Spam Filtering
enabled
Icons: (click image to insert)
Show All
-
pop
:
post by
zyklon
at 2008-08-11 18:13:30
A federal judge ordered three college students to cancel a Sunday presentation at a computer hackers' conference where they planned to show security flaws in the automated fare system used by Boston's subway.
The temporary restraining order, issued by a U.S. district judge in Massachusetts, prevented the Massachusetts Institute of Technology students from demonstrating at the Defcon conference in Las Vegas how to use the vulnerabilities to get free rides.
The Electronics Frontier Foundation, which is representing MIT students Zack Anderson, R.J. Ryan and Alessandro Chiesa, plans to fight the order, said Jennifer Granick, the group's civil liberties director.
The Massachusetts Bay Transportation Authority said in a complaint filed Friday that the students offered to show others how to use the hacks before giving the transit system a chance to fix the flaws. MIT is also named in the suit.
But Granick told The Associated Press on Sunday that the students were simply trying to share their research and planned to omit key information that would make things easier for anyone who actually wanted to hack the payment system.
Lawyers for the transit system did not immediately return phone calls seeking comment on Sunday.
Electronic copies of the 87-slide presentation circulating the Internet disparaged the transit system's physical security and showed photographs of unlocked doors, turnstile control boxes and exposed computer monitors at subway stations.
One slide explains that the presentation would teach attendees how to generate fare cards, reverse engineer magnetic stripes on cards and hack radio frequency identification (RFID) cards.
The next slide says: "And this is very illegal! So the following material is for educational use only."
The presentation was distributed to conference attendees on CDs on Thursday, before the conference officially began and the transit system filed suit.
In court documents, Gary Foster, chief technology officer for the transit system said the presentation would "inflict significant damage" if the Massachusetts Bay Transportation Authority did not have a chance to correct the flaws.
"It is extremely important to maintain the security and integrity of the Fare Media systems," Foster said in a court declaration. "With an insecure, compromised system, even basic revenue controls, to name one example, become significantly challenging."
The MIT students' presentation was supposed to demonstrate hacks for the system's primary two payment cards — CharlieCard and CharlieTicket — which work on the system's subways and buses. The transit system plans to implement the cards' use on its commuter rail, boats and ferries, according to its Web site.
Granick said ordering the students to not share their findings would be "dangerous," and have a chilling effect on legitimate researchers who want to point out flaws that lead to system improvements.
"If you prevent legitimate researchers from talking about their findings, it's not going to stop people from finding vulnerabilities. It's going to stop the good guys from talking about them and from learning from each other," Granick said. "The bad guys are still going to be looking for the vulnerabilities and still be finding them."
Defcon, attended by many of the world's best-known security experts, has become an annual showcase of the latest discovered weaknesses in computers, phone equipment and other machines.
[
default homepage
]
[
print
][
12:52:35am Jun 01,2024
load time 0.01569 secs/10 queries]
[
search
]
[
refresh page
]