What is Digg?125 Comments
- Jacolyte, on 08/09/2008, -2/+158Just don't look at the gaping vulnerability in the system, I'm sure it will go away.
- wiretapped, on 08/09/2008, -2/+122MIT student newspaper publishes the banned DEFCON slides
https://groups.google.com/group/n3td3v/browse_thre ... - serendipitously, on 08/09/2008, -1/+55Especially when a lot of the world's transit systems are based on the new technology.
It will get published on the web anyway.
I still remember Skylarov, the Russian getting arrested in the US, the land of free speech for anti circumvention re; adobe - JackSchittt, on 08/10/2008, -1/+55So instead of working WITH these people and figuring out a way to patch the security holes in their system, they criminalize these students, attempt to quash the information, and pretend the issue doesn't exist? And what do they expect to be able to do when the REAL criminal hackers come around and exploit this?
This is the equivalent of the MBTA putting their fingers in their ears and shouting LALALALALALALA I CAN'T HEAR YOU LALALALALAALALA.
Good job, guys. - itspuddingtime, on 08/10/2008, -0/+49"constitutes a threat to public health or safety." ???
more like "constitutes a threat to the income of the MBTA." I have a CharlieCard and I always figured they would be simple to hack, especially after the same thing happened to the London Underground fare system.
The whole system cost something like $192 million to put into place. And they had to double fares to pay for it. Good work, MBTA. source: http://www.boston.com/news/local/articles/2007/12/ ... - crash013, on 08/10/2008, -1/+39Direct link:
http://www-tech.mit.edu/V128/N30/subway/Defcon_Pre ... - CrushThemTorg, on 08/09/2008, -0/+36It's way too late. As wiretap posted, the slides are already out there. A fascinating read, too.
- wwwonka, on 08/10/2008, -0/+30What is going on with America and the destruction of free speech, seriously? I saw the below article today as well that makes me stop cold in my tracks and think "intellectual revolution"...to start.
http://digg.com/people/Work_at_a_Library_Write_a_B ... - sysop073, on 08/10/2008, -1/+30They didn't even need to, the slides were helpfully entered into public evidence. They really need to stop trying to silence people like this, it always backfires: now the whole internet hates the MBTA and knows how to defraud them. Not a super combination
- redfox2600, on 08/10/2008, -3/+30The Judge was a idiot, I don't use the subway nor do I even care about it. If they would have presented at Defcon I'll probably just overlook them and go throw dye in the pool again. But now that he's file and injunction I'm going to actually read the forbidden presentation.
- nathanww, on 08/10/2008, -2/+23This trend in silencing security researchers is very worrying. First the "don't speculate about the DNS bug" thing, now this.
What we basically have now is a set of direction s for how to exploit this, but no exploit. Which means that they re now going to have thousands of crackers coming at them from different directions. Nice job. - goffy59, on 08/10/2008, -0/+17Freedom of speech = failed again. ***** that judge! I hope he gets fired.
- inactive, on 08/10/2008, -1/+16If the manufacturer of the smart cards want to improve the security of their products, they'll give these kids a job offer.
- UtahApocalyse, on 08/10/2008, -0/+14wait, did someone move my bed to another country in my sleep?
- phoomp, on 08/10/2008, -1/+15Because, unless technically inept systems have to deal with hackers they won't improve the security of those systems.
- iadiggs10, on 08/10/2008, -2/+15They are there not to prove that they can defraud their city, but to point out the fact that their city's subway system has problems that are fixable if they are willing to pay the price (obviously they aren't).
- cbartlett, on 08/10/2008, -0/+13Hopefully this gets overturned on appeal because this judge seems out of line. An injunction might be in order if people's lives were at stake, but that seems hardly the case here.
- WNW3, on 08/10/2008, -1/+13Security by obscurity rolls off the tongue better :)
- Codes02, on 08/10/2008, -0/+11Ok, now we just need the software.
- jgzman, on 08/10/2008, -2/+13Bratterscain, you are correct, the existence of an exploit does not mean that it should, in fact, be exploited.
However, the exploit exists. The exploit is known by several people. The action taken by the judge, attempted suppressing of the information, will allow the people in charge of the smartcard system to claim that the exploit is 'corralled' or 'controlled' when it is most certainly not.
The reason that exploits are published like this is not to encourage people to use them, but to change the world for the kind of people who see nothing except the flow of money, blind to the needs of their customers. The only way to get certain things fixed is to insure that not fixing them is less profitable than fixing them.
TL:DR: grow an attention span, jackass. - StephenCIreland, on 08/10/2008, -0/+11ohh ***** their hear
- poprocksandsoda, on 08/10/2008, -13/+23Why are people so excited about hacking technically inept systems like it is such an accomplishment? Most of these systems are built around typical use cases for their intended purpose and not to harden them against criminals bent on the misuse of them.
If I were to write the title of this story it would be:
Academics waste time proving obvious hackability of inept technology used for subway fares, prison time still available for anyone caught doing this - flashback99, on 08/10/2008, -4/+13its not "a" transit system its:
- Boston (CharlieCard)
- London (Oyster Card)
- Netherlands (OV-Chipkaart)
- Minneapolis
- South Korea (Upass)
- Hong Kong
- Beijing
- Madrid (Sube-T)
- Rio de Janeiro (RioCard)
- New Delhi
- Bangkok and more
Care more *****! - Elliuotatar, on 08/10/2008, -0/+9Are you kidding? The slides show you how the data is formatted on the card, and give step by step instructions on what to do. Maybe the steps aren't 100% clear, but they're they farthest thing possible from worthless.
- TheSwashbuckler, on 08/10/2008, -0/+9Prior restraint is a VERY big deal when it comes to the first amendment. I hope the EFF pursues this.
- norman619, on 08/10/2008, -0/+8No *****. Knowledge isn't and shouldn't be illegal. What you do with it is what's really important.
- grungegbunny, on 08/10/2008, -1/+9How I read it: "Federal Judge Orders Halt to First Amendment particularly the part about Freedom of Speech."
- dustinspringman, on 08/10/2008, -2/+9Ahahahah...ignore it, it will go away! GOGO USA censorship... The sad part is, they will look at these guys like they are criminals instead of seeing them as the true heroes they are. One day people will learn that not everyone is out to destroy things. Some of us only want to ensure the safety of others..Sometimes that means researching, testing, and exposing vulnerabilities. As my friends in Munich say "get skilled, or get owned".
- lead2thehead, on 08/10/2008, -0/+7The same thing happened with the MiFare talk. Good thing their slides are on the DefCon CD. :)
- heystoopid, on 08/10/2008, -0/+7Alas , since the recent publication of a mathematical treatise in a far flung country in an Old European University , which just happens to be in the same country that this RFID technological marvel card originated from !
The words of an old rock song ring in one's ears on the lines of "You're just a little bit too late as Moores Laws has already rendered this technology security obsolete and they have already given the keys away for everyone to use for free !" ! - kushin, on 08/10/2008, -0/+7I love the warcart
http://img156.imageshack.us/img156/4733/warcartab7 ... - synned, on 08/10/2008, -0/+7http://thepiratebay.org/torrent/4336590/Anatomy_of ...
- engrishGamer, on 08/10/2008, -0/+7I'm actually friends with Alessandro, I've got to shake his hand. But really, the T Charlie Cards use simple RFID tech, it's not surprising they have vulnerabilities. But considering the large number of people who use them, I could see how they're be nervous about anyone exposing any weaknesses in the system. Hopefully this will at least get them thinking about it and hopefull solving the problems
- ldjarmin, on 08/10/2008, -0/+7Did anyone else catch that Ron Rivest is the students' professor? I thought it was humorous and ironic.
(For those who don't know, Ron Rivest is the R in RSA, the inventors of the first public-key crypto system) - grason1129, on 08/10/2008, -1/+8HACK THE PLANET
- nosecohn, on 08/10/2008, -0/+7FTA: "...a black and white faxed copy of the entire presentation was entered as evidence in publicly available court records..." as well as "...a document marked 'confidential' and written by the researchers that explains exactly how the Charlie cards can be cloned and forged."
In the process of suing to keep the information from the public, they released the information to the public. It's apparent that these idiots got the security they deserved. - mono, on 08/10/2008, -0/+7The Feds just don't get it. If they hadn't filed an injunction/received a court order then this demonstration would have been a mildly interesting blip on a slow news day. Now everyone in the tech industry is going to take notice and download the presentation just because of the 'Man's' attempt to quash the spread of knowledge.
- mithrasinvictus, on 08/10/2008, -0/+7If it is a "threat to public health or safety" shouldn't some people be fired for implementing this dangerous system in the first place?
- bonedog73, on 08/10/2008, -0/+6The lawsuit is going to have the opposite effect, now everyone is going to want it and try it. They should have just let them give their presentation and be done with it. Now they're just sparking interest and creating a buzz and now they'll have thousands more interested. When will these governments learn to pick their battles.. They just assume that ALL americans are evil and want to wreak havoc and mayhem.
- HappyScrappy, on 08/10/2008, -1/+7I can tell you by looking at the system that it's very similar to the system used by the NYC MTA. It probably has the same vulnerabilities.
These systems are old enough that they don't function as "always connected" systems anyway, so they're always going to be somewhat vulnerable to replay attacks anyway. So showing they are insecure is somewhat redundant. - phoomp, on 08/10/2008, -2/+8They don't want the gaping vulnerabilities to go away, they just don't want anyone to know about them. Security by ignorance.
- MacBookForMe, on 08/10/2008, -0/+6Just another senile and mentally retarded judge...who has absolutely no idea about modern life and computer electronics technology...I guess he is still using a pen and a pencil:)
- Elliuotatar, on 08/10/2008, -0/+6Yeah, if they'd just kept their mouths shut then this talk might have happened, and a few hackers might have learned the trick and it would remain fairly obscure. Now everyone on slashdot, AND digg, and every other technology site out there knows about the trick.
The MBTA is ***** now. MIT and Harvard are right there in Boston. People are gonna start selling these unlimited cards for a few bucks to their fellow students. - tomarocco, on 08/10/2008, -0/+5!!!GRAMMAR POLICE!!! Watch out!!!
- Codes02, on 08/10/2008, -0/+5it was on http://web.mit.edu/zacka/www/subway/, anyone happen to grab it?
- jgzman, on 08/10/2008, -0/+5If your hope was founded in any kind of reality, I don't think they would have gone for the judicial branch, but for the R&D department.
- magneticB, on 08/10/2008, -0/+5Old news. Oyster cards in London (and I'm guessing in other places) use a distributed design with master records on a central database. It would be possible to increase the balance on the card itself (using a replay attack), but at the end of each day any travel made on a hacked balance would be deducted from the database (when the station syncs its cached transactions for the day). Next time you travel the cards balance would be set to that of the database so you would still be charged. At best it will give you a days free travel but you'll have to buy a new £3 Oyster card everyday to get free travel. Legitimate travel only costs a little more than that anyway so it's not a problem. There's talk of Oyster cards being upgraded soon anyway.
- inactive, on 08/10/2008, -0/+5The beautifully ironic thing is that because the presentation was banned from Defcon, it will become MORE prolific in other venues.
- LilRabbitFooFoo, on 08/11/2008, -1/+6Downloaded the presentation, just to support the freedom of information this country used to believe in.
- norman619, on 08/10/2008, -1/+6Thank you for your so eloquent illustration of how little you know about defcon. I will add my negative digg to your collection.
-
Show 51 - 100 of 125 discussions
Check out the new & improved 
© Digg Inc. 2009
— Content created and posted by Digg users is 