What is Digg?157 Comments
- thedopeness, on 08/20/2008, -7/+297The way I see it, they were bound to get caught sometime or another. The fact that they decided to turn it in to a paper, then get a good grade? Genius.
- OpenRevolt, on 08/21/2008, -3/+194I'd love to write a paper about how I got free slurpees from 7/11, but I don't think MIT would appreciate my expertise.
- nickycakes, on 08/21/2008, -0/+138Something tells me graduating MIT is slightly more valuable than free rides on the subway. Just sayin.
- Kanten, on 08/21/2008, -6/+129A couple students hack the subway, they get top grades. One kid downloads a song, they get a lawsuit.
- bamafun, on 08/21/2008, -0/+82http://www.docstoc.com/docs/1036786/Anatomy-of-a-S ... that is the 87 page paper - all of the exhibits and other court orders are on that site as well.
- c89a, on 08/21/2008, -2/+75RFID = FAIL
- inactive, on 08/20/2008, -50/+121figuring out how to beat the system = Awesome. Using it to write a term paper and lose the luxury = FAIL.
- zyklon, on 08/21/2008, -0/+56Neither would the friend that you use to get those free Slurpees.
- samanathon, on 08/20/2008, -3/+42Where's the link to the paper?!
- inactive, on 08/21/2008, -0/+36They hacked the Boston Subway? Which one? Which day was that; Italian BMT or Meatball Marinara?
- slapded, on 08/21/2008, -2/+33hack the planet?
- zyklon, on 08/21/2008, -3/+31Not truth. To upgrade the firmware and the C-card system, the MBTA would have to spend mucho dolla and would take ages. Plus, there's a lot of heavy commuters that have those year-long passes and those cards would ALL have to be updated along with all the systems.
I live in Boston, and I've done my share of *Cough* C-card hackery. It's still very much so alive and possible.
Please note that the system also works for London and New York City's systems as well. It's not just Boston. There's a LOT of systems that would need to be updated, man. - esc27, on 08/21/2008, -0/+26No fail at all. All this attention will probably help them to get well paying jobs earning a lot more money than they would save with free transit fares.
- LiquidShield, on 08/21/2008, -1/+27We've known RFID to be very insecure for a long time now. The only reason that this is getting such public attention is that it was MIT students that tried to get free subway rides, and the people that they cracked the RFID cards for took them to court. They ended up winning by creating a term paper. What this article doesn't state is the reason that the MBTA took them to court in the first place was for the fact that they were going to present their crack at DEFCON this year, and the MBTA wanted to stop that. Didn't quite work out that way since the MBTA was late by a day, and they had already passed out media containing the presentation to all DEFCON attendees at the start of the conference. That's other articles non-digg that I have read in the last couple days.
- zyklon, on 08/21/2008, -0/+18There's a delete button under the edit part, man.
- The2DQuartet, on 08/21/2008, -1/+20" It is also thought that an MBTA official was overheard saying "It's not fair. I'm telling my mom." "
Pwned.
I wonder if this would work for Oyster cards in London? - error1312, on 08/21/2008, -0/+16But did he write a paper about it?
- Peck3277, on 08/21/2008, -1/+15@matthewinDRO
Jesus Christ they did it for a college project. If they really were malicious they wouldn't have said anything. Here's some common sense use it.
They easily could have continued using the hack to use free rides possibly even selling on the details of how to do it for money. If they can hack and ZyKlon above said he could then I'm sure countless others can. They practically did the public and the state a service by doing this and telling about it.
This is how many of the big names in security companies started out. Finding a problem, seeing how far it can be exploited and then telling the company about it and how to fix it. - Pinasco, on 08/21/2008, -0/+14Quiznos has far superior security.
- Black6x, on 08/21/2008, -2/+15The genius comes from being able to identify a flawed system, and then reverse engineer it. Ignore the fact that it was only a 48-bit key. Tax-payer money was spent on this system. You can stop calling it genius when you can perform something like this from scratch.
- clsslc, on 08/21/2008, -0/+13Something tells me that if this were to happen at a local state university those kids would have been thrown in jail.
- Stevo23, on 08/21/2008, -1/+13And even in that case, it would be really easy to just never put an absurd amount of money on your forged card, just add like $20 at a time.
- Pinasco, on 08/21/2008, -1/+12RFID = Real ***** Idiotic Decision
- doshindude, on 08/21/2008, -1/+12well, I can see why you're not an MIT student...
- slapded, on 08/21/2008, -0/+10dude youre giving away all our backdoors
- purzzzell, on 08/21/2008, -0/+8Same as the person who hacked Homeland security and FEMA - it was a stupid, old method, but it's very intelligent b/c they identified the door to exploitation, NOT how hard it was to exploit.
- inactive, on 08/21/2008, -0/+7try scissors and if that doesn't work hedge clippers.
- Quaterni0n, on 08/21/2008, -0/+7If the system is simple to hack, why go out of your way to come up with a overly complex hack when a simple one will do just fine?
"All other things being equal, the simplest solution is the best." - Occam's razor - zyklon, on 08/21/2008, -3/+10Not necessarily. The hack is just on the card, and it's impossible to catch someone with a hacked card unless you had a system that would set off an alarm and alert the guards when a card with a balance over $X tried to swipe.
- kidendless, on 08/21/2008, -0/+7the real genius comes from that terror-inspiring WARCART they show at the end of the presentation. the thing has ***** smoke grenades!
- sgtbutterscotch, on 08/21/2008, -1/+8Oh *****, a reverse double-dupe dugg comment. I am in awe to have had this amazing opportunity to witness this rare phenomena.
- Iztikeit, on 08/21/2008, -0/+6They went to MIT, they get free reign.
Do you know how many computer laws are broken throughout MIT? More than any of us can imagine. - ihatepeterh, on 08/21/2008, -0/+6I think all the money they'll be able to make with top marks from MIT will allow them to pay for the T just fine, actually. The red line is something you can easily make room for in your budget.
- kingmanic, on 08/21/2008, -0/+6When you publish a paper everyone can see it and it exposes the flaw. When you share it with your friends, your friends can exploit it. Honestly do you think MBTA would act on it if they just advised MTBA there was a problem? 90% of the time, companies and gov agencies would rather bury it through litigation rather then fix it. So publishing a paper/ making it public is the best way. The company/agency is shamed into fixing it.
- Stevo23, on 08/21/2008, -1/+71) Hackers are insisting people use public transit? I was unaware of this.
2) Lots of people aren't going to do this, it requires some medium-expensive equipment and a modicum of knowledge about technology. The only real issue would be if some criminal enterprise started printing off counterfeit transit cards and selling them cheaply.
3) Security through obscurity is no security at all. - TonyLocNE, on 08/21/2008, -0/+5Did you read the first article? Hacking the card was one thing they did.. Dressing up as MBTA officials and walking into secure rooms and such was another..
- ceoandpresident, on 08/21/2008, -0/+5or you could just jump the turn style--
- serif69, on 08/21/2008, -0/+5NO WEEZIN JUICE
- DHracer, on 08/21/2008, -0/+5The was one of the coolest things I've read in a long time. It puts some faith back in me when I watch movies where people just insert a card and it hacks the system for them. These guys could have easily made that card.
- eSentrik, on 08/21/2008, -0/+4ya..do tell!
- kingmanic, on 08/21/2008, -0/+4I'd rather a whitehat write a paper on how it's done so someone can fix it rather then having a blackhat figure it out.
Our obligation to society to ensure things we pay for as a society work as promised. Obviously these passes didn't, they lacked the security. Deep down you seem to fail at grasping that outlawing an activity doesn't stop it. so discovering the exploits, holes, problems int he system will help fix it. We need to keep rewarding whitehats and punish blackhats. These days that doesn't happen. A white hat has lawsuits, gag orders, DMCA violation, etc... thrown at them while blackhats just go about thei rbusiness making money and when their caught their hired on as whitehats by the people they defrauded. It ought not work that way and people like you encourage it to work in this perverse way. You object to people publicly announcing flaws when most corps would rather sweep it all under the table unless it's public. - dext3r, on 08/21/2008, -0/+4how does this end?
- ParanoydAndroid, on 08/21/2008, -0/+4would HAVE.
- slapded, on 08/21/2008, -1/+5that presentation was great. Very funny in some parts!
- clsslc, on 08/21/2008, -1/+4I believe anyone can get an MIT-caliber education from a decent library, provided they have a decent amount of discipline.
- ganymede2010, on 08/21/2008, -2/+6 In the long run this was the right decision. If the subway officials would of caught on to their scheme, they would of been charged with a myriad of crimes. These guys weren't accepted in M.I.T nothing:)
- ChayD, on 08/21/2008, -2/+5Writing a "research" paper does not legitimize theft IMHO. If they wanted to test the system, they really should've cleared with with MBTA first. Yeah, I know it sounds like really responsible and boring, but all these little innocent pranks usually end up affecting someone further upstream.
-
Show 51 - 100 of 159 discussions
Browsing Digg on your phone just got easier with our enhancements to the 
© Digg Inc. 2009
— Content created and posted by Digg users is