dcsimg
RealTime IT News

Boston Transit hack averted?

blackhat.jpg
From the "don't talk don't tell" files:

A Federal Judge successfully prevented a pair of MIT students from presenting a paper at Defcon on Sunday that could have exposed flaws in the Massachusetts Bay Transportation Authority (MBTA) system.

According the the AP  MBTA argued that they weren't properly notified of the flaws that the students would be presenting.

BAAAAAAAAAAAAAAAH.

Reality is that if the MIT student researchers could find the flaws - in the hopes of sharing them at a conference - then others could properly figure them out too (and not for research purposes either). Hacking RFID isn't a terribly complicated thing to do anymore if you've got the right equipment and it's likely in the MBTA best interests that this information becomes avaialble so they can take the appropriate step to protect they network.

The argument of not being properly disclosed is one that I heard alot of last week. Both Google and Mozilla argued that flaws that were presented at Black Hat were not fully disclosed before their respective presentations. To the credit of both organizations though neither attempted to stifle the presentation of the research.

*UPDATED* Though the presentation wasn't delivered at DEFCON, an online student pubication at MIT has made the full presentation available to anyone over the internet. It's an interesting presentation - check out the pdf at:
http://www-tech.mit.edu/V128/N30/subway/Defcon_Presentation.pdf

Comment and Contribute