Greetings dear readers. I'm not sure if anyone is out there. Seems like most are cramming in their holidays. Those of you in the good ole USA are most likely preparing to work-hard-play-hard so you can get out and enjoy a long Labor Day weekend.
I myself have recently had a major life change. I've gone from being self-employed to a full-time employee of Sapient. I'm thrilled to bits, but traveling while writing to you. Other than the close of the Olympics in Beijing last night and the same old political
advertising, not much is happening in the realm of our beloved digital space.
On a local level, I had to laugh out loud (LOL) when I heard about a completely ridiculous case, the MBTA v.
Anderson. It has spawned national ink (in hard copy and electronic). Nonetheless, the Massachusetts Bay Transportation Agency (MBTA) has what it calls a Charlie Ticket System. It is a public transit
system that's supposed to be safe and secure. Well, think again, folks. It seems a group of students from Massachusetts Institute of Technology (MIT) hacked the system and recently published an
academic paper detailing the findings.
advertisement
advertisement
After submitting their proposal (as well as a detailed copy of their findings to the MBTA) the students were sued and given a gag order by the
United States District Court in Massachusetts. Thanks to the Electronic Frontier Foundation's Coders' Rights Project, "launched two weeks ago to protect programmers and developers from legal threats
hampering their cutting-edge research," according to the EEF, the gag order was recently lifted.
"We're very pleased that the court recognized that the MBTA's legal arguments were
meritless," said EFF Legal Director Cindy Cohn, who argued at the hearing. "The MBTA's attempts to silence these students were not only misguided, but blatantly unconstitutional." [Source: http://www.eff.org/press/archives/2008/08/19 ].
For more on MBTA v. Anderson, check out http://www.eff.org/cases/mbta-v-anderson .
I'd like to point out four points of interest:
#1 The system was proven to be vulnerable;
#2 The MBTA should be thankful;
#3 Don't mess with the MIT;
# 4 -- and by no means low on the priority list, can we say free speech, people (WTF?)
For what it's worth, the
project earned the students an "A" from renowned computer scientist and MIT professor Dr. Ron Rivest.
After months, the MBTA finally admitted its Charlie Ticket System had vulnerabilities
(ya think?). The company said it will take a solid five months to fix.
So what were the students going to do with their findings (aside from submitting them in class,) you ask? Well
they sure as hell weren't blogging or writing about it. The MBTA should have been thankful of that, first and foremost. However, I was able to find the white paper outlining specifics: http://blog.wired.com/27bstroke6/files/vulnerability_assessment_of_the_mtba_system.pdf .
The students said they were planning on presenting topline findings without details at a DEFCON http://www.defcon.org conference earlier this month. The blogosphere was all abuzz with, "Anatomy of a
Subway Hack."
If you have ever been out here in the Boston area, you'd see that it is unlikely folks would hack into the MBTA's RFID system versus jumping over the turnstyle to catch a
subway ride for free.
I'd like to hear your opinion on the continued lawsuit as well as the gag order that was lifted. Something about gagging a hack scares the heck out of me.