Register ProjectsBlogs FAQ/Rules Members List Social Groups Calendar Search Today's Posts Mark Forums Read
Go Back   Science Forums > Physical Sciences Forums > Computer Science and Technology

MIT Student's MBTA Payment and Card Systems Volnurability Research
Reply
 
LinkBack Thread Tools
Old 08-15-2008   #1 (permalink)
alexander's Avatar
Dedicated Smart-ass

Senior Moderator
Gallery Curator
Dev Team Member

5,225   (View Stats) posts
Location:
Just before 0xAA55
Latest blog entry:
Web Application Auditing Tools
 
alexander has a reputation beyond reputealexander has a reputation beyond reputealexander has a reputation beyond reputealexander has a reputation beyond reputealexander has a reputation beyond reputealexander has a reputation beyond reputealexander has a reputation beyond reputealexander has a reputation beyond reputealexander has a reputation beyond reputealexander has a reputation beyond repute
Send a message via AIM to alexander
 



Not Ranked  0 score     
MIT Student's MBTA Payment and Card Systems Volnurability Research
This I have been following pretty closely lately, a group of MIT students, for a class project, wrote up a 30 page vulnerability assessment report on Massachussets Bay Transportation Authority Payment and Card Systems, and were planning to present it at this year's Defcon (last weekend). Unfortunately for the MBTA, copies of the presentation slides were sent out to conference attendees before they were able to file a restraining order for information disclosure.

MBTA is worried sick about their system being attacked, reasonable, i guess, but they should have tested and thought of those things prior to putting the system in place.

EFF (Electronic Frontier Organization) on the other hand is defending the publishing right of the researchers, saying that it is unconstitutional to have a government agency to review what you want to say, before you say it...

I'm on the MIT kids side, let's hope 1st Appeals court will see what i see here...

MIT Students Submit 30-Page Report; Judge Lets Gag Order Stand -- UPDATED | Threat Level from Wired.com


----------------
Microsoft, the leader in using innovative tactics to promote irksome experience, coupled with antiquated technology that's held together by a pyramid of makeshift afterthoughts.

Apple, the leader in using irksome tactics to promote innovative experience, coupled with an antiquated core that's enhanced by state-of-the-art afterthoughts.

Linux, the leader in not using any tactics to promote user-defined experience, coupled with state-of-the-art core enhanced by innovative afterthoughts.
Reply With Quote
Old 08-15-2008   #2 (permalink)
freeztar's Avatar
M.C. Grillmeister

Moderator
Editor
Basic Subscription
Sponsor

7,207   (View Stats) posts
Location:
ATL, GA, USA
Latest blog entry:
 
freeztar has a reputation beyond reputefreeztar has a reputation beyond reputefreeztar has a reputation beyond reputefreeztar has a reputation beyond reputefreeztar has a reputation beyond reputefreeztar has a reputation beyond reputefreeztar has a reputation beyond reputefreeztar has a reputation beyond reputefreeztar has a reputation beyond reputefreeztar has a reputation beyond reputefreeztar has a reputation beyond repute
 



Not Ranked  0 score     
Re: MIT Student's MBTA Payment and Card Systems Volnurability Research
I agree that they have the right to publish and disseminate their research. Nonetheless, I think it would have been morally appropriate for the students to disclose their findings to MBTA before releasing the info to the public (common courtesy).

It's like Dan Kaminsky's DNS find. He kept it secret until patches could be made. He worked with all major vendors to help them identify and patch the holes. I'm not aware of any legal motivation (though there could be one) for him to do this, it was out of morality.


----------------
Hypography Science Forums Moderator
---
"There are no passengers on Spaceship Earth. We are all crew." - Marshall McLuhan

"We must not forget that when radium was discovered no one knew that it would prove useful in hospitals. The work was one of pure science. And this is a proof that scientific work must not be considered from the point of view of the direct usefulness of it." - Marie Curie
Reply With Quote
Old 08-15-2008   #3 (permalink)
alexander's Avatar
Dedicated Smart-ass

Senior Moderator
Gallery Curator
Dev Team Member

5,225   (View Stats) posts
Location:
Just before 0xAA55
Latest blog entry:
Web Application Auditing Tools
 
alexander has a reputation beyond reputealexander has a reputation beyond reputealexander has a reputation beyond reputealexander has a reputation beyond reputealexander has a reputation beyond reputealexander has a reputation beyond reputealexander has a reputation beyond reputealexander has a reputation beyond reputealexander has a reputation beyond reputealexander has a reputation beyond repute
Send a message via AIM to alexander
 



Not Ranked  0 score     
Re: MIT Student's MBTA Payment and Card Systems Volnurability Research
Here's the problem i have with that, I think they didn't very much care to disclose their finds to the MBTA, problem was that MBTA wanted to sensor their material and disallow public release of large parts of the research...

Quote:
It's like Dan Kaminsky's DNS find.
or like Zero Day Initiative, as well as 95% of all the security wholes found. Problem is, i think MIT kids would have released the "preview" for the board, have they not just gotten up and went to the court for the restraining order against the release of the info. Especially a few days before a big conf like Defcon...

And lastly its MBTA's failure to secure the system that is to blame to begin with, so, i'd say they brought it on themselves...


----------------
Microsoft, the leader in using innovative tactics to promote irksome experience, coupled with antiquated technology that's held together by a pyramid of makeshift afterthoughts.

Apple, the leader in using irksome tactics to promote innovative experience, coupled with an antiquated core that's enhanced by state-of-the-art afterthoughts.

Linux, the leader in not using any tactics to promote user-defined experience, coupled with state-of-the-art core enhanced by innovative afterthoughts.
Reply With Quote
Reply

Bookmarks

Tags
defcon, eff, mbta, mit, payment, transportation, vulnerability

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
Sim Card between phones Vagabond -SC2- Computer Science and Technology 5 06-01-2007 06:15 PM
Upgrading a video card ronthepon Computer Science and Technology 18 04-21-2007 12:26 PM
The Four Card Trick - a variation on Monty Hall Simon Physics and Mathematics 0 01-23-2007 08:12 AM
Orson Scott Card sanctus Books, movies, games 12 06-22-2006 05:47 AM
New Operating Systems Phire Computer Science and Technology 3 03-07-2004 11:23 PM

» Advertisement
» Current Poll
Who's the sexiest man alive? Johnny Depp or Robert Pattinson?
Johnny Depp - 27.27%
3 Votes
Robert Pattinson - 0%
0 Votes
Someone else (please specify) - 45.45%
5 Votes
I'm too macho to think a guy is sexy - 27.27%
3 Votes
Total Votes: 11
You may not vote on this poll.
» View Poll Results
» Comment On This Poll
» This Poll Has 13 Replies


All times are GMT -8. The time now is 03:53 PM.

Contact Us - Hypography Science Forums - Top

Hypography?

Hypography [n.]: A combination of "hyperlink" and "bibliography" - ie, a list of links to electronic documents. Comparable to discography and bibliography, but not cartography.

We have been online since May 2000, and aim to be the best place to find and share science-related content of all kinds.

Share the love!

Please add more science to your life. Use our RSS feeds on your blog, your portal, or your favorite feedreader!

Powered by vBulletin® Version 3.8.3
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.3.2
Copyright © 2000-2009 Hypography
Part of the Hypography - Science for Everyone Network