MIT student defends MBTA hacking research
After he's done with his security dust up with the Massachusetts Bay Transportation Authority, Zack Anderson plans on slightly different work: A company that turns heat from a car's shock absorbers into energy for the car's engine.
Hopefully, a government agency won't take offense to that work, as well.
Anderson is one of three Massachusetts Institute of Technology students who were blocked by the MBTA and a judge's order from making a presentation on vulnerabilities in the T's card-based fare system at the recent Defcon conference in Las Vegas. They're still blocked from making that presentation under a gag order that expires Tuesday. A hearing will be held in federal court in Boston Tuesday morning to determine whether the temporary restraining order should be converted into a preliminary injunction.
In an interview with the The Boston Globe, Anderson defended the presentation the students planned to make at Defcon. "It wasn't to enable others to get a free fare or cause any sort of havoc," Anderson told The Globe. "It was really to show how major the issues are in this system, which also might resonate in many other systems around the world."
The MBTA, not surprisingly, doesn't seem so willing to participate in this particular scientific discourse. In a hearing last week, a federal judge ordered the students to hand over classroom material and any correspondence they've had with Defcon organizers. The students have already provided the judge and T officials with two reports, including a 30-page paper that included details the students say they didn't intend to reveal in their Defcon talk.
The students and the MBTA are still fighting over what documents they should have to reveal, including unpublished research notes.
Jim Kerstetter has been writing about the high-tech industry for more than 13 years, as a senior editor at PC Week, a Silicon Valley correspondent at BusinessWeek, and now an executive editor at CNET News. He moved back to Boston because he missed the Red Sox. E-mail Jim. 
I'm all for free speech, but this really steps the line with public security then bragging rights.
I cant imagine if a terrorist got a hold of this exploit and use it to his advantage, posing a great threat.
------------------------------------------------------
Care to elaborate on that? What "threat" can a "terrorist" pose by getting free rides on a subway? Better yet, how can we avert that threat by keeping it secret from the public in general? Do you really think "terrorists" learn their trade by reading newspapers?
The MBTA is only trying to cover their own butts. They spent millions on an insecure system and they don't want anyone to criticize them for it. They want to fix the problems - now that it's made the news. But before then they weren't to concerned about it, were they.
its like the dns bug.. once someone KNEW there was a bit.. it was EASY and trivial to figure it out (and this was not knowhing squat about the bug)
So think about that and i hope you realize... if terrorist wanted it.. they would have it already.
A reason could be so that they couldn't be tracked as they cased the system. Providing that the MBTA has a way of tracking a pass to a particular person.
All of that aside I feel that the MBTA is more concerned about the loss of revenue if the sale of pirated passes becomes rampant. Playing the terrorism card is just way of getting the court order.
- by eyemroot August 26, 2008 10:10 AM PDT
- This whole issue really weighs on my mind considering the industry ramfications. Jon Longoria wrote an interesting, albeit brief, article regarding the plausible thought process MBTA took going into this. You can check it out here: http://thereformed.org/2008/08/25/mbta-put-profit-before-security/
- Reply to this comment
-
(6 Comments)