Comments on: Judge leaves gag order intact on subway card-hacking students

In a setback to Electronic Frontier Foundation, judge postpones decision on whether three MIT students can reveal "information" about security problems in Boston subway cards.

[Michichael]

Wow, this is absolutely ridiculous. It's been accepted in Europe that it is not only a violation of basic rights, but a fallacy in security to restrict a researcher from presenting his findings on the RFID vulnerabilities. I'm smelling something incredibly fishy here between the "impartial" judge and Massachusetts, and I'm not one for conspiracy theories.

[DeltaBravo]

Nothing fishy here. Just a judge with a good sense of right and wrong. These "researchers", being spoiled brats, are trying to puff up their public image by harming an innocent company. If they wanted to practice free speech responsibly they would have revealed what they know to the company and offered to help correct the problem. If the company didn't do anything about it, after a reasonable period of time (which could take several months), then a public announcement would be appropriate.

[The_Decider]

Innocent?

The problems they found can only be explained by saying that MTBA is grossly incompetent.

[protagonistic]

What can I say, most judges in this country at that level are little more than political hacks. They do not even understand the concept of freedom anymore. I think it must be a requirement these days that to graduate from law school you have to prove you have eliminated the last vestige of common sense from your reasoning.

[DeltaBravo]

The judge understands the concept of freedom. The problem is that neither you nor these three spoiled brats understands the concept of responsibility.

[The_Decider]

It is the transit system avoiding responsibility.

The problem is that you don't seem to understand the issues. If you point out a fire hazard, would you expect to get a gag order? These kids found many fire hazards and should be commended.

[fdunn3]

I think that the MBTA is afraid that the public will find out that the hack is being used on a daily basis and that they have done nothing about it.

The EFF should subpoena security records and ridership data on the T cards as I think they will find it interesting reading. (Such as duplicated cards.)

Only then will the MBTA back off as they know they have been busted.

[DeltaBravo]

While I have no problem with honest "hackers" uncovering vulnerabilities in software, I feel they have a moral obligation to notify the companies affected rather than make public revelations that can only serve to help others harm innocent individuals and companies. These guys are looking to puff themselves up in the eyes of others by hurting a company that doesn't deserve such treatment. They claim free speech rights but have no concept of free speech responsibility. One can not work without the other. I don't know if the Judge's decision can be upheld on appeal but these jerks need to grow up and MIT needs to do a better job of teaching their students something about morality and adulthood.

[aphoog]

Why are the students actions immoral? If you happen to keep all your money in a safe made of straw and I just happen to state that straw is combustible.... was I immoral or is the owner of the straw safe stupid?

[The_Decider]

MBTA deserves this. Look at the power point slides. A group of drunken monkeys could produce a more secure system.

Or do you think that it is OK to have critical network gear in a publicly accessible, unlock room?

In no way is finding and pointing out serious security issues is immoral. Some of what they did might be illegal, but not immoral.

Funny how people who rail against these kids are technically illiterate and can't grasp the magnitude of the flaws(some tech related, many not) were not fixed by MBTA.

[ktappe]

First, MBTA is not a "company", it is a publicly-owned service that is funded by taxpayers. No individual entity is being "hurt" by these students--they are attempting to perform a public service and bring about more security on that public service.
Second, they DID (if you read the article) submit a security brief to the MBTA over a week before the conference. So they did act morally.
Third, if the MBTA was aware of the security deficiencies in the system already, then it most certainly did deserve to be treated like this. Worse, in fact.
So lastly, these people are not "jerks" as you call them. They seem like they are performing an admirable, necessary function. Without them, would anyone currently be discussing the MBTA's security flaws?

[ghifarix]

For others to hack into any software program it shows up that program to be unfinished incomplete or the hack to be different or otherwise new perhaps superior. Therefore this Hack should not have been subjugate as a patent violation in any way for or manner. These MIT students are being repressed because the culture of monopoly reject competition-lets say improvement. If any thing moral were to show its principle head it should have been the owners of the old software negotiating with the creators of the new. The learned judge not only robed the MIT developers she simply said that America have reach the pinnacle of developing - gate closed- lets move on to China.

[The_Decider]

Not only that, many of the flaws were not technical at all. Leaving rooms with switches and routers unlocked and publicly accessible, is one example. Turnstile boxes were found unsecured. Crap like that.

Every executive and employee that has anything remotely to do with security should be fired and jailed for violating the public trust in such an incompetent manner.

[LarryLarryLarryLarry]

The students' report is online. I read the 87 page pdf file yesterday. I won't say where, because then I'm the bad guy, but hmmm, if you wanted to find some supressed document, what is the most obvious website that would show such a document?

[KenHaggerty]

It's surprisingly easy to hack the subway system and actually works for multiple subway systems. I read through the file and even as an architecture student I could understand it. I agree that the MBTA maybe should have had prior notice as a courtesy but the fact is that at least the students are bringing the issue to public attention and not keeping it secret and looting money off the MBTA.

[Maccess]

Why not just fix the vulnerability so the hacking information becomes worthless?

[Jimmu411]

We MUST maintain the principles of security by ignorance! If we muzzle these three, surely no one else will be able to figure out the weaknesses in the system!