Monday, August 11, 2008

Court Blocks MIT Students From Showing Subway Hack at Defcon

The Associated Press: Court blocks MIT students from showing subway hack "A federal judge ordered three college students to cancel a Sunday presentation at a computer hackers' conference where they planned to show security flaws in the automated fare system used by Boston's subway."

They basically shredded the security system of the Boston (and several other similar) subway systems. They started with unlocked doors, unmonitored computer terminals, and went on to how easy it was to forge tickets and reusable charlie cards.

"If you prevent legitimate researchers from talking about their findings, it's not going to stop people from finding vulnerabilities. It's going to stop the good guys from talking about them and from learning from each other," Granick said. "The bad guys are still going to be looking for the vulnerabilities and still be finding them."

These students weren't the ones that put all these vulnerabilities in the T, they're the ones to publicly shame the T into realizing they might have to do something about it. And that something shouldn't be silencing the critics, let alone suing them.

1 comment:

Anonymous said...

and one lesson we learn from this lawsuit is that if you ARE going to issue an injunction on a presentation, make sure you don't make the problem worse by submitting the documents that you want to keep private - non-confidentially - *thereby putting them into the public domain*.

Incidentally, if what the DefCon organizer said (in the hallway in passing) is true, then the papers were in fact submitted to the MBTA prior to being included in the conference, thereby pretty much voiding this lawsuit.

I'd say the lawyers couldn't be that dumb, but then again see paragraph #1 for the counter-evidence in this case ...