Oyster Card Hack To Be Released, In Good Time

DangerFace writes "A little while ago some Dutch researchers cracked the Oyster card, meaning they could get free public transport around London. The company that makes the cards, NXP, sought and got an injunction to stop the exploit being published, but that has now been overruled by a Dutch judge. The lovely Dutch blokes are holding off from releasing the hack for the time being, to give NXP time to secure their systems."

You mean...

[Notquitecajun]

The People don't have a right to free public transportation in London? Somethin' oughtta be done!

Re:You mean...

[argStyopa]

I'd love to hear Red Ken's take on this.

The guy is a socialist right down to the soles of his feet, but here's an event where his city would be losing MASSIVE amounts of money.

Re:You mean...

[Joker1980]

The People don't have rights in London!.

There thats a bit more accurate.

Re:You mean...

[iworm]

...and as the EX-mayor of London, why would he care?

Re:You mean...

[bledwhite]

Actually the now Mayor Of London said that we should all definitely go abroad on our holidays saving precious slabs for a couple of weeks a years. 'In typically politically-incorrect style, Johnson said he would be going to somewhere "as sunny and foreign as possible" this summer' http://afp.google.com/article/ALeqM5iS2b9DpPs6YG8KjbtvDCL81vVh0w I've never actually seen a 'worn out' pavement come to think, cracked maybe....

Re:You mean...

he couldnt give a shit even as the mayor, he was a complete fucktard tosser in the GLA, nothing has/will ever change

Re:You mean...

[You+ain't+seen+me!]

'In typically politically-incorrect style, Johnson said he would be going to somewhere "as sunny and foreign as possible" this summer'

Let's hope he doesn't come back.

Their paper has leaked

http://file.sunshinepress.org:54445/milfaire-classic-2008.pdf
http://www.wikileaks.org/leak/milfaire-classic-2008.pdf
http://cryptome.org/mifare-classic.pdf

Re:Their paper has leaked

[quarrel]

To quote from the paper you linked:

"
This paper is not the same as the paper that is subject to a lawsuit by NXP. It is available on the web since several months and will be published officially in the proceedings of the Cardis'08 conference in september. The paper of the lawsuit builds on it.
"

So while related, it is different for some value of different..

--Q

let em release it

i say release the crack, would be nice to travel for free.

Re:let em release it

[Notquitecajun]

Yep, it's always nice to get a "free" ride off the back of people who actually work and contribute.

Re:let em release it

[larry+bagina]

If the bus isn't full and you otherwise wouldn't have paid, then what's the problem?

Re:let em release it

[Notquitecajun]

Wear and tear. Worse gas mileage. The attitude of freeloading, or better yet, stealing, and that it "doesn't matter." Also the matter that this is something that would get WIDESPREAD in a city like London. We wouldn't be talking the occasional computer nerd - hacked cards would make their way into PLENTY of hands, and every hoodie-with-ASBOS-and-ringtones would be getting "free" rides.

Re:let em release it

[urcreepyneighbor]

every hoodie-with-ASBOS-and-ringtones would be getting "free" rides.

And who will supply them, hm? Think of the money you could make!

Chavettes need rides, too, you know....

Re:let em release it

[PJ+The+Womble]

The cost of using public transport in London borders on the ridiculous. It's around US$2 to go 200 yards on a bus with an Oyster card. If you haven't got a card, it's over US$4.

They've cut all the bus routes into a quarter of the length they used to be - meaning that you have to take 4 times as many buses to complete your journey, at 4 times the price and a much longer journey time.

London's bus companies have been privatised. Does this mean that any efficiency savings are passed on to the passenger? I won't bother to answer that one... just have a surf around and see how much subsidy they're getting.

You'd think, then, that local taxes in London would be real cheap. Oh dear me no, that would be a wrong assumption. One pays local tax (Council Tax) to the borough in which one lives, and then a further tax to the Mayor of London's Office. The *average* charge across outer London for this year is nearly US$3000 per annum.

In London, there is no such thing as a free ride.

Re:let em release it

[oyenstikker]

What kind of living arrangements gets you a tax rate of about 3000 USD/yr in London?

In upstate NY, that would be about the rate for a modest 1400 sqft home on .1 acre.

Re:let em release it

[Joker1980]

Amen brother, not to mention that its extortion plain and simple. U pay double for using cash (perfectly legal tender) as uve said but of course this has nothing to do with RFID's tracking abilities (future abilities). Isnt it great to live in the UK. RFID, CCTV on every street, secret courts, secret laws, Un-elected leaders and lets not forget the extremly insidious attempt at restricting movement (both public transport and driving a car are insanely expensive).

Re:let em release it

[mdwh2]

The cost of using public transport in London borders on the ridiculous. It's around US$2 to go 200 yards on a bus with an Oyster card. If you haven't got a card, it's over US$4.

To add to that, the minimum tube price (even for a single stop) is £1.50 with an Oyster card, and £4 without (so about $3 and $8).

They keep increasing the price of the non-Oyster fare, so they can advertise the Oyster card as getting cheaper!

Re:let em release it

If the bus isn't full...

If often is.

and you otherwise wouldn't have paid,...

You probably would have.

Re:let em release it

[Bertie]

And then there's the Tube. A single journey within Zone 1 costs four pounds. This could be as short as 100 metres if you're stupid enough to travel between Charing Cross and Embankment.

And who's stupid enough to do that when you could buy an Oyster card and save a packet? Why, tourists, of course. And tourists don't vote. So they gouge 'em.

Re:let em release it

[thePowerOfGrayskull]

And in NJ, that would be about the annual rate for a cardboard box on an average suburban streetcorner.

Re:let em release it

[locofungus]

IIRC, using oyster it's 90p for a single bus journey. But your bus travel is capped at 3GBP (about $6)

Likewise, tube travel. In central London it's 1.50GBP per journey but the cap (for zones 1 and 2) is 4.80GBP. Also the bus travel counts towards this. So, if you're staying outside central London as a tourist then get a bus into the centre, travel about the centre by bus and tube and then just get a bus back to your hotel and your travel will be capped at a maximum of 4.80GBP (so long as you always touch in and out on the tube)

You can also buy a travelcard. This will be 50p more than the capped oyster fare but there's no risk of forgetting to touch in or out.

I typically use foot and bicycle in central London (because it's quicker) but provided you don't pay cash fares and use oyster or a travel card, I think the pricing for public transport is actually pretty good. Due to the fixed per journey price there are some extortionate per mile charges:
http://maps.google.co.uk/maps?f=d&hl=en&geocode=11804929658401494669,51.511495,-0.128425&saddr=A400%2FCharing+Cross+Rd+%4051.511495,+-0.128425&daddr=51.512776,-0.124133&mra=dme&mrcr=0&mrsp=1&sz=16&doflg=ptm&sll=51.51065,-0.127115&sspn=0.005863,0.012724&ie=UTF8&z=16
would be about 12GBP/mile cash fare if you took the tube rather than walked it and about 4.50GBP/mile using Oyster but you quickly reach the cap.

Tim.

Re:let em release it

[zerocool^]

Wear and tear. Worse gas mileage. The attitude of freeloading, or better yet, stealing, and that it "doesn't matter."

In london, if you choose to drive, you're going to be dealing with congestion charges, too.

See the first 2 or 3 minutes of: http://www.youtube.com/watch?v=q88CQdndNWw

at £25 (pounds, if the ascii doesn't work), you're talking somewhere in the neighborhood of $50 PER DAY JUST TO DRIVE into Ken Livingston's traffic jams, BEFORE $6/gal gas and BEFORE wear and tear on your car.

~Wx

Re:let em release it

Why go by public transport at all? If my car isn't in use, and you wouldn't otherwise buy one, why not borrow it? I won't mind cleaning it, repairing it and filling it up with gas. Settle into my house when you get back, I'm not using it right now, I'm too busy at work, earning money to pay pay my way in life.

Re:let em release it

And in Cali you would just default on your payments and walk away because you didn't have the proper income ratio to begin with...

Re:let em release it

[totallyarb]

If the bus isn't full and you otherwise wouldn't have paid, then what's the problem?

Sometimes it's hard to tell if people are posting ironically, but I'm going to go ahead an answer as though you were serious.

The philosophical reason you don't take free rides on buses is that paying your bus fare is a Kantian categorical imperative. The ability to take a free ride on a bus presupposes the existence of a bus service, but were everybody to ride for free, the bus service would cease to run, negating the possibility of a free ride.

Actually, the real reason is a lot simpler: You're getting something of value, so you have an obligation to give something of value in return. Only parasites and slavers fail to abide by this principle. Which would you like to be?

Re:let em release it

[defnoz]

You've obviously never been anywhere else in the UK. London's bus fares are very cheap, and saying the routes are 1/4 the length is just FUD - even if you do have to get 4 buses, it won't cost 4x as much, since a daily fare is capped at £3 (i.e. once you've made 3 journeys you don't pay any more that day). If I want the same here in Oxford it would cost me well over £10 ($20). ...oh, and why exactly would you *expect* having a complicated mess of privatised companies to be any cheaper than one company which is accountable to the public, not it's shareholders?

Re:let em release it

[Silver+Sloth]

Cardboard box - we used to dream of a cardboard box. When I were a lad....

and no, it's not Monty Python - it's At Last The 1948 Show.

Re:let em release it

[CastrTroy]

I think the same could be done for any municipal bus service. If you go a very short distance, you'll end up paying a lot per mile. In Ottawa, the closest stops I could think of quickly are about .1 miles apart. If you pay cash fair, it's $3. That works out to $30 per mile. However on the same $3, you can travel 25 miles. Which works out to 12 cents per mile.

Re:let em release it

[somersault]

What does that have to do with freeloaders on a bus that would otherwise have been travelling down the route anyway?

Congestion charges have been in place in London for a few years now. It's a bit cheaper if you get a long term pass or live inside the congestion zone. Thankfully I live at the other end of the UK so it doesn't bother me!

I don't particularly agree with all these crazy taxes posing as 'green' taxes either (even tiny cars with small engines and low emissions are taxed heavily if they have 4 wheel drive), but I don't think it has anything to do with what they were talking about!

Re:let em release it

Widespread defeating of the payment system leads to either major police crackdowns (kinda bad) or abolishing the payment system altogether in favor of doing it in taxes (good).

Re:let em release it

[BovineSpirit]

Horseshit.

If you get on a bus and travel 200 yards with an Oyster Card it does cost 90p(about US$90). However you don't because for most people it's quicker to walk. For longer distance bus trips it costs... 90p. If you travel enough in one day on a Pay As You Go Oyster it maxes out at the cost of the cheapest travelcard for the journeys you have made. Thus you get the cheapest possible tickets without thinking about it. Compare this approach to that of mobile phone companies... The price is competitive with most other cities in the UK. Thus if you made lots of 200 yard journeys every day it wouldn't cost anywhere near 90p a ride.

    I've certainly not noticed the distance of bus routes getting any shorter. Generally long distance journeys(>1.5miles) are made by Tube, DLR or Train. The Mayor of London tax is included as part of the Council Tax. House prices around outer London are very high, as some of the areas are really nice compared with some of the grottier inner city areas, thus their Council Tax is higher. Public transport in London is far better than it is in most UK cities. To find better you need to go to a city that has had predominantly Labour councils for the last few decades. A lot of the recent improvements in London are funded by the Congestion Charge.

    For a free ride, get a bike...

Re:let em release it

[totallyarb]

Minor point, but the congestion charge is £8. Ken Livingstone did indeed propose a £25 charge for the "most polluting" cars (basically anything with an engine displacing over 3 litres or more than 4 years old), but that became one of the main issues in the mayoral elections earlier this year, where Ken was deservedly beaten. The new mayor, Boris Johnson, binned those plans almost as soon as he took office.

Re:let em release it

[somersault]

the extremly insidious attempt at restricting movement

It's not an attempt at restricting movement. If people really did stop travelling then the fuel tax would probably come down as the government realises what a stupid mistake it has made getting rid of such a good source of income.

And as for the rest of the stuff, at least we don't always make a big deal about freedom and democracy like I remember americans used to a decade ago. If those secret courts and secret laws were properly secret you wouldn't know about them either. As for unelected leaders, fair enough :p I'm not particularly paranoid if the government knows where I am and what I'm doing. It's when they start imposing crazy curfews and rules that I'll have a problem (having said that, see http://news.bbc.co.uk/1/hi/uk/7498865.stm , but at least it's a 'voluntary' curfew..)

Re:let em release it

The cost of using public transport in London borders on the ridiculous. It's around US$2 to go 200 yards on a bus with an Oyster card. If you haven't got a card, it's over US$4. ...
In London, there is no such thing as a free ride.

The cost of prostitutes in London borders on the ridiculous. It's around US$200 to go for a half-hour with a good pimp. If you don't know a pimp, it's over US$400.

This is how I justify forcing myself on street-walkers. I mean, if nobody's using them and I wouldn't have paid anyway, what's the harm?

Let's see... Offensively insightful? Offensively funny? Or just plain flamebait?

Re:let em release it

[gnick]

I used to frequent the BART light rail system in the San Fransisco bay area. Fees for that system were based on distance traveled, not solely number of trips IIRC. So, short hops were cheap and going from Berkley to SF cost a little more (still not much - it was pretty reasonable).

This was back in the early 90's - Things may have changed since then.

Re:let em release it

"You're getting something of value, so you have an obligation to give something of value in return"

Yet when you replace 'bus ride' with 'music', 'films', 'software', I think you will find many who say that getting something for free is a-ok and it's the developer/publisher's fault for being in a business in which bits can be copied for zero or near-zero cost by the copier.

See also:
http://tech.slashdot.org/comments.pl?sid=619989&cid=24265233

Re:let em release it

[Joker1980]

Sorry i should have said im a Londoner born and bred and i love this city, it has so much to offer but its is being slowly strangled by the way its run these days.

"If people really did stop travelling then the fuel tax would probably come down as the government realises what a stupid mistake it has made getting rid of such a good source of income.
"
I seriously doubt it, we have one of the highest fuel duties in europe and it is killing many industries in this country (haulage being the most obvious but far from the only victim), this in turn is damaging the economy and reducing the money into the treasurys coffers yet that dont seem to care in the slightest.

"having said that, see http://news.bbc.co.uk/1/hi/uk/7498865.stm , but at least it's a 'voluntary' curfew..)".......for now

besides there is no such thing as a voluntary curfew, only that which they will tell you is vountary....untill it isnt.

Re:let em release it

You can also buy a travelcard. This will be 50p more than the capped oyster fare but there's no risk of forgetting to touch in or out.

More importantly you can use them on overland rail services inside the travelcard zones. You can't do that with Oyster pay-as-you-go.

Re:let em release it

Thanks! What's your address?

I believe in FREE as in FREELOADING.

Re:let em release it

You're right. Those greedy bastards that don't seed their torrents should be made to pay!

Re:let em release it

[ombwiri]

With an Oyster card, it costs £0.90 to travel however far you like on one bus, 24 hrs a day. True this does mean that it will cost more if you have to change buses, but I can get from Clapham to Camden or from Archway to Notting Hill Gate on one bus so it's not that limiting.

A point to bear in mind.

If you are using an Oyster card on the buses the charge is capped at £3.00 per day no matter how many bus trips you take.

Oh and do you expect local taxes to be just used to subsidise mass transport? Who pays for all the other services that local authorities provide?

Re:let em release it

Public transportation is normally paid for by a mix of taxes and fares. So if someone that pays the tax but doesn't normally ride but uses this hack to get a "free" ride, they might consider it something they've already paid for.

Also, someone who doesn't pay the tax (no income/property or whatever is taxed), but does ride the bus every day would be the real "parasite". They get more than what they are paying for.

Re:let em release it

[xaxa]

The London system is also based on distance, but most tourists don't venture further out than the central zone, which is big enough that most of what tourists come to see is contained within it.

You can travel from just outside the central zone to Heathrow Airport (at the end of the line) for £1.80 (£1 after 7pm or at the weekend). The same journey but from the central zone would cost £3.50 (£2 off-peak), but then, the train will full in the central zone and half empty soon after it's left it.

Most of the stations in the central zone are very congested (all the ones you might have heard of -- King's Cross, Leicester Square, Westminster, Piccadilly Circus) and charging £1.50 to go between them reduces the number of people doing pointless things, like taking a train for a 500 metres journey (quicker to walk!).

The very weak $ is making that seem very expensive to an American, but bear in mind that a cheeseburger at McDonalds is £1.20 here as the transport is quite reasonable. Regular users get weekly/monthly passes.

Re:let em release it

[zippthorne]

They are not. They are paying what is asked. It is up to the bus company (and municipality if subsidized) to ask what is appropriate.

Re:let em release it

[cdrguru]

Yes, but ... most people today equate "hero" with "got something for nothing". The thieves and parasites manage to "get something for nothing" and as long as it doesn't appear to have a direct cost to them, people are willing to say "good job!"

Obviously with public transit the trains are going to run whether or not there are any riders. Therefore, an extra rider costs nothing. Therefore there is nothing lost by having a free rider so it isn't "theft" but simply uncompensated use of a service. Much like copyright infringement is.

Sorry, but after you spend 20 years or so teaching children all through school that it is their absolute right to download whatever they can find on the Internet for free - regardless of where it came from - you are going to have people defending this sort of behavior. It is a natural consequence.

Re:let em release it

[Goose+In+Orbit]

Looks like she already had one...

Re:let em release it

[xaxa]

I seriously doubt it, we have one of the highest fuel duties in europe and it is killing many industries in this country (haulage being the most obvious but far from the only victim)

I've heard that a lot in the media, but it's not really true. The pound has been falling against the euro, so the price of petrol is pretty comparable now.

http://en.wikipedia.org/wiki/Gasoline_usage_and_pricing says we're in position 7.

Re:let em release it

[jonbryce]

They are entitled to free bus travel anyway, so what difference is it going to make?

Re:let em release it

[jonbryce]

London's bus service is not privatised, unlike the rest of the country.

The bus companies get paid a rate per mile for driving the buses by Transport for London, and all the fare money goes directly to TFL.

Private companies can't run buses in London unless it is long distance routes to other parts of the country, or to another country, such as the ones National Express and all the various Polish bus companies run.

Even worse is the £8 ($16) to go one stop on the Underground.

Re:let em release it

[Joker1980]

http://www.roadtransport.com/Articles/2007/09/14/128465/the-emotive-issue-of-fuel-duty.html

the Industry would disagree

And its gone crazy since 2007.

Re:let em release it

What the FUCK?

Re:let em release it

You're getting something of value, so you have an obligation to give something of value in return. Only parasites and slavers fail to abide by this principle.

You forgot to add 'Politicians' to the list.

Re:let em release it

Whenever I'm in London, I get a one day travel card. Unlimited travel for around $14 a day the last time I was over. A pretty good deal if you ask me.

Re:let em release it

[Smauler]

Only parasites and slavers fail to abide by this principle.

And old people too. They don't pay, they get a free bus pass. Oh wait, you're saying they're the parasites, right? And the bus drivers must be the slavers, because they don't pay either? Wait, wait, I'm getting confused... you can't have slavers without slaves - that makes US the slaves! God help us all...

Re:let em release it

Fuck. I did that when I visited London. Goddamn subway maps are misleading.

Re:let em release it

Parasites, slavers, and users of open-source softwareâ¦

Want to rethink your logic there?

Re:let em release it

[xaxa]

Read carefully: the UK has the cheapest oil in Europe, and the highest fuel duty. That doesn't mean we have the highest price at the pump.

As I see it, I'd rather freight was moved by rail (like in Switzerland). And I'm happy for the hauliers to pass on any increase in fuel costs in the mean time.

Re:let em release it

[xaxa]

Even worse is the £8 ($16) to go one stop on the Underground.

Get it right at least -- it's £4 without an Oyster card, not eight.

Re:let em release it

[blackest_k]

You realise that London is trying to reduce car usage and a possible effect might be to reduce traffic congestion and pollution. Why drive when you can get a free bus?

back in the mid 80's sheffield had a fairly unique bus service with 5p adult fares the result was packed buses going into and out of the city center and free flowing traffic. often you would have to wait 10 minutes for a bus since the first 3 that came were full.

unfortunately Margret thatcher deregulated the buses and privatized them resulting in higher fares more and mostly empty buses and the return of traffic jams to Sheffield streets.

While free rides might be wrong after all its theft of service, for london it could be a very good thing. reducing pollution and congestion.
Incidentally pensioners (65 60 years +) tend to get a free bus pass in most of the uk so already there are some existing free rides.

 

Re:let em release it

[totallyarb]

Way to go on finding the nastiest possible interpretation of what I said.

For what it's worth, old people *do not* ride for free. It's just that their tickets are paid for by the government instead of the old people themselves. And the reason this is so is that the government has, over the lifetime of any given old person, taken quite a lot of money away from them in taxes, and covering transport costs is one of the ways they make up for it.

Something of value in exchange for something of value, see?

Re:let em release it

[OberonX]

Bus travel in London is cheap. It costs 90p for any bus ride, short or long, which compared to other English cities and most European ones is cheap. The Underground on the other hand is not (around £2). I very rarely have to take more than one bus journey, your suggestion of 4 bus journeys is ludicrous.

Re:let em release it

[OberonX]

Tourists can get an Oyster card too. Actually all my friends that come to visit get one. There's a £3 deposit which you can get back at the end of your visit but that's it. The requirement for a London address (which was easily circumvented anyway) doesn't exist any longer.

Re:let em release it

[totallyarb]

Parasites, slavers, and users of open-source software

The open source community is in big trouble if people with your mentality exist in significant numbers.

The point you're missing is: value != money.

As I understand it, the open-source philosophy is this: I do some work, and I make it available to you for free. I have now provided you with something of value. You now have my source code, so if you can find a way to improve it, you do so and send the improvements back to me, completing a fair exchange. But maybe your skills lie in a different area, and you can't contribute anything back to me directly. No problem, chances are there's *something* you can do that will be valuable to someone, who in turn can do something for someone else, who can do something for someone else, and so on and so on until eventually I get something of value back.

That's why there's an open-source community. In theory, everybody contributes and everybody benefits. But if you think that using open-source software implies no obligation to at least try to put something back in, OSS is doomed.

Re:let em release it

[PJ+The+Womble]

It costs 90p per journey (around US$1 - I haven't bothered to check the rate this week) *if you have an Oyster Card* ... if you don't, it's GBP2 as I mentioned.

As for my suggestion of 4 buses being ludicrous, perhaps I could refer you to http://www.busesatwork.co.uk/ which gives a comprehensive breakdown (pun intended) of London bus routes over the years and how they've been tampered with.

You could, if you wanted, try the old route 37 (Peckham to Hounslow West) using the current bus services on http://journeyplanner.tfl.gov.uk/ which will give you a number of possible journeys - but none of them with less than 4 buses. It's not my suggestion that's ludicrous - it's London's transport services.

Re:let em release it

[PJ+The+Womble]

That's the *average* local tax for outer London. The Council Tax is separated into several bands according to the value of your home. I deliberately didn't use inner London as it would include some very pricey residences indeed.

Re:let em release it

[PJ+The+Womble]

I'm originally from London but I live in Portsmouth, and have lived in a number of places around the UK. Please see my reply above about the new lengths of bus routes - they've been butchered over the years.

Of course, you're right... the fare is capped at GBP3 if you have an Oyster Card. If you don't, it isn't.

I'm not sure whether this is the appropriate place to delve into why some people don't choose to have an Oyster, but one reason is that some people don't like the idea of TFL being able to build up a database of where they've been at any particular moment (whether it's for marketing purposes or anything more sinister - and can I say at this point that this is simply something I've gleaned from various conversations, I'm NOT a conspiracy theorist!!).

And two reasons why I'd *expect* it to be cheaper:

(1) The GLA is supposed to have put out tenders to ensure the best value for the ratepayers' buck.

(2) The clue is in the name: it's supposed to be *public* transport.

Re:let em release it

[PJ+The+Womble]

I'd force myself one of those nice women in the hotel lobbies. But then, I do take a lot of taxis.

Re:let em release it

[griblik]

The cost of using public transport in London borders on the ridiculous. It's around US$2 to go 200 yards on a bus with an Oyster card. If you haven't got a card, it's over US$4.

Whilst this is true, you'd have to be pretty damn lazy to take a bus for a 200yd journey. What the parent doesn't point out is that it's the same price to take the same bus from one side of the city to the other.

I pay 93GBP (~180USD) a month for unlimited travel in zones 1 and 2 on any form of public transport I want to take, from the rush hour tube to the night bus home at 4am, all using the same prepaid oyster card.

Personally, I think that's a bargain and stunningly convenient. And if you're not a londoner and don't want to get a months travel, you can get an anonymous oyster card and just stick a tenner on it at any station so there's no reason not to have one.

Just my prepaid 2 cents. I'm actually rather impressed with the transport here.

Re:let em release it

[TheRaven64]

Here in Swansea, the buses are very expensive for a single or return trip, but the all day fare is about £3. A little over a year ago, it was £2.30 - it's gone up by almost 50% (I can't remember the exact price now, it's £3 and some pence, but I'm not sure how many pence). For two people, it's now often cheaper to take a taxi than a bus. Most of the time I now walk instead of taking a bus, since it doesn't take much longer (ten minutes waiting for the bus plus ten minutes sitting on the bus, or about 25 minutes walking to get to the city centre from my house) is much cheaper. I also don't buy as much in town as I used to - if I can get something delivered then I will and only buy things in town that I don't mind carrying up the hill. I wonder if the council and the local shops know how much the increased cost of public transport is costing them.

Re:let em release it

[Joker1980]

Read Carefully, i said "I seriously doubt it, we have one of the highest fuel duties in europe"

then you said
"the UK has the cheapest oil in Europe, and the highest fuel duty"

Re:let em release it

[BeanThere]

A lot of the tourists are from European countries where the underground train systems tend to be cheaper so they assume it'll be cheap in the UK too. Then they get gouged. I even *warned* a colleague of mine how expensive it was but he didn't want to listen to me, then came back 'SHOCKED I tell you' about how he got ripped off paying four pounds for a ticket, and telling everyone over and over, 'four pounds!' ... hey I said get an oyster card ... so sometimes stupid deserves what it gets.

Re:let em release it

[laddiebuck]

You conveniently forget that you subsidise it in taxes anyway.

Hrm...

No such thing as a free lunch? ... oh wait ...

NXP said no pearls for the swines

[YeeHaW_Jelte]

but the Universities advocates cracked their shell and the judge clam-ped down on them ...

sorry ...

Re:NXP said no pearls for the swines

[smussman]

No problem.

But next time, remember that taking all the jokes is shellfish.

Re:NXP said no pearls for the swines

[oodaloop]

He didn't use all the jokes. If he did, I'd have to mussel him around.

Re:NXP said no pearls for the swines

[clone53421]

Q: What does an oyster do when it's hacked?
A: It gives you the shell.

Q: How did they hack the oyster card?
A: They found its chilly seal.

Hmm... now to get the obligatory ones out of the way...

In Soviet Russia, the government takes all the jokes.

Wow! Imagine a beowulf cluster of hacked oyster cards...

All I want to know is, are there sharks? with frikkin' laser beams? Cause that would be so cool...

Ok, so they've hacked the Oyster system... but will it run Linux?

It's simple really... it's like a rental car with voice recognition, and you can fool it with a tape recording of the mechanic...

Hacking oyster cards? Yeah, there's an EMACS command for that...

There, I've hogged most of the jokes I think... hurry, somebody else get the ones I missed so nobody else can have them...

Re:NXP said no pearls for the swines

[Hognoxious]

In Korea, only old people ride the tube.

Re:NXP said no pearls for the swines

[L4t3r4lu5]

Stop being such piddocks.

Re:NXP said no pearls for the swines

[hkz]

I believe this would be the same university that previously forbade the researchers from talking to the press.

Anhyow, the lifting of this publication ban is an excellent thing. The Dutch government has spent a lot of money in this foolhardy public transport chip card system, and is not willing to admit that it's an expensive, deeply flawed trainwreck.

After the Nijmegen investigators came out with their findings, a contra-expertise report commissioned by the government and performed by Royal Holloway University in London, was selectively edited to remove its harsh conclusions before being sent to parliament. Then, the university cracked down on the freedom of the researchers to speak to the press.

I, as a Dutch citizen, am happy that this issue is getting some serious sunshine.

Re:NXP said no pearls for the swines

I, for one, welcome our new joke stealing overlords.

Re:NXP said no pearls for the swines

[Saint+Gerbil]

if you spend 6 months in London you feel old, regardless of your age.

Re:NXP said no pearls for the swines

[thePowerOfGrayskull]

Could you print that out and put it on a wooden table? Aw, crap! Wrong meme! Wrong site! Epic fail!

Re:NXP said no pearls for the swines

[nganju]

Don't be so crabby. Some company is shelling out clams for you to write code (probably in Perl), not snap at someone on Slashdot.

Re:NXP said no pearls for the swines

[Pig+Hogger]

This sounds to me like a rather limpet argument.

Re:NXP said no pearls for the swines

[sabt-pestnu]

You been prawned!

Re:NXP said no pearls for the swines

[Dutch_Cap]

Since you're Dutch, you might be interested in the latest C'T magazine (Juli/August). It has an intersting article by a bunch of German academics who reverse engineered the chip a couple of months ago.

Apparently the chip is a real POS:

"De milfare classic barst werkelijk van de onveiligheden"
Translation: "The milfare classic is truly riddled with insecurities"

"Onze hardwareanalyse zou een stuk lastiger zijn geweest als de Milfare-ontwikkelaars gebruik hadden gemaakt van obfuscatietechnieken in chips zoals die al jaren gangbaar zijn"
Translation: "Our hardware analysis would have been much harder if the Milfare developers had used obfuscation techniques in their chip that have been commonplace for years"

Re:NXP said no pearls for the swines

[xaxa]

if you spend 6 months in London you feel old, regardless of your age.

You went to the wrong parties :-)

Re:NXP said no pearls for the swines

[Killjoy_NL]

There's a horrible HORRIBLE porn joke in there somewhere *shudders*

Re:NXP said no pearls for the swines

[TheoMurpse]

As it is, he's clearly not the abalonly funnyman on Slashdot.

Re:NXP said no pearls for the swines

That's deep, you seem to be under a lot of pressure.
The judge was steaming, I could see the anchor in his eyes.
The crackers were kelpless when the cods came.
And so on, and so forth...

Re:NXP said no pearls for the swines

[Laurence0]

Yeah. You're only as old as the woman you feel.

Not just Oyster

[jnik]

According to Wikipedia, the same tech is used by Atlanta, DC Metro, the L, and the T.

Re:Not just Oyster

[Notquitecajun]

Just cause you can get a hack for MARTA (the Atlanta system) doesn't make it easier to get around. VERY non-user friendly for first-time or non-often users. Instructions/directions are non-intuitive.

Re:Not just Oyster

According to Wikipedia, the same tech is used by Atlanta, DC Metro, the L, and the T.

similar != same

Re:Not just Oyster

[Captain+Splendid]

Ah, the old "security through obscurity" trick, then?

Re:Not just Oyster

[JaredOfEuropa]

Not just that, very similar technology is used for the Dutch national public transport card that is under development (and currently piloted in Rotterdam). In a case of weird reciprocity, the Royal Holloway University of London wrote a report on the Dutch card system, initially recommending immediate replacement but later changing that to "recommend further investigation".

Re:Not just Oyster

[yincrash]

This just means they all use Automated Fare Collection systems. It doesn't mean they all use the same company with the same vulnerabilities.

Re:Not just Oyster

They recently made some arrests in DC and the method to trick the system was very low level.

Re:Not just Oyster

[zappepcs]

It's done that way on purpose. If you don't know how to get where you are going, you probably shouldn't be going there in the first place. I believe that MARTA made sense *BEFORE* the Olympics, then much of the city changed. I watched some of the pre-games construction. 10lbs of shit and only a 4lb bag. I think the MARTA looks much like it was designed for a city that the city planners had a map of rather than the actual city. Nobody knows which city they had a map of. Perhaps it was Atlanta: from 1936?

Re:Not just Oyster

[jnik]

If you read the citations from WP, the MiFare Classic is specifically called out.

Re:Not just Oyster

[Mashiki]

The TTC(Toronto) was recently looking at this same system as well.

Key line

[Dolohov]

While I have mixed feelings about the publishing of exploits, this line hits the nail on the head:

In its ruling, the court said: "Damage to NXP is not the result of the publication of the article but of the production and sale of a chip that appears to have shortcomings."

This is an important lesson to companies like Diebold.

Re:Key line

[Steauengeglase]

I could be wrong, but I don't think the Diebold fiasco was ever officially denounced and called a bad thing. It got certain people in office and kept others in. I think the powers that be would consider that a rousing success.

Re:Key line

[garcia]

No, I think that the poster was hoping that the commonsense ruling and notation made by the Dutch court would somehow transcend political and oceanic boundaries to the United States. But, unfortunately, it probably never would and if it did, the judge making the ruling would be condemned as a traitor and heretic.

Re:Key line

[Amorymeltzer]

It happens all the time, though. One of the best ways to get a software company like MS or Apple to notice a security flaw is to simply let them know, and then use the exploit! Once the general public starts getting abused, they'll make changes real quick. When people start riding for free all the time, they'll figure out how to fix it.

As for Diebold, well... we're in a special situation wherein they're corrupting the one thin we care least about in the US - democratic elections.

Re:Key line

[mrhight]

Wow, a smart judge? He'll definitely be overruled.

The crack is written in Perl

[ActusReus]

Yuk-yuk, I'm here all week... try the veal!

Re:The crack is written in Perl

I've seen dead calves that are livelier than your act.

Re:The crack is written in Perl

[Muad'Dave]

Hence the suggestion to try the veal. 8-)

Anarchy!

[Evildonald]

Once the London Underground is extended to Holland there will be anarchy!!1!

Are they serious?

So let me get this straight.

1. Researchers discover hole in Oystercard implementation.
2. Oystercard operator ignores warnings from researchers.
3. Oystercard operater takes researchers to court instead of working to fix identified vulnerabilities.
4. Injunction granted.
5. Injunction overturned.
5. Researchers continue to give Oystercard operator time to fix their system, in addition to the time they had prior to the court action.

Were I in their situation I would have publically released information on the hack the moment the injunction was overturned. If vendors of ANY type of system want to fuck with people who show every intention of trying to HELP them, they deserve everything they get.

Re:Are they serious?

Yes

You see, they started checking out the project from source control when they announced the vulnerability, but it's still not finished. Darn Clearcase!

Re:Are they serious?

[IamTheRealMike]

Probably, fixing the vulnerability would take years and involve a full recall of the cards. That's why NXP wanted to suppress the information. This isn't like some program where it's one auto-update away from being secure again. Now these researchers are going to release the information, chances are good that London will be flooded with cracked cards used by freeloaders. And it will take years to clear up no matter what NXP do. Not sure that's worth the release of an academic paper, to be quite honest. Unless the purpose of all this is to punish people who make mistakes?

Re:Are they serious?

[JustKidding]

Personally, I'd publish the details the very same day, just because they tried to screw them with a court case. They could have just asked nicely.

On the other hand, these are not a bunch of semi-anonymous hackers, these are academics who have to think about their own future as well, which may explain this "no hard feelings" attitude.

The good news in this story is that we somehow seem to have at least one sensible judge left.

Re:Are they serious?

[JamesP]

Unless the purpose of all this is to punish people who make mistakes?

No, the purpose is to punish companies that charge and arm and a leg for their "OMG!! Tecnology million dollar IP patented!!111" crap that was HYPED, SOLD AND CHARGED as SECURE.

Re:Are they serious?

[MoonBuggy]

And it will take years to clear up no matter what NXP do. Not sure that's worth the release of an academic paper, to be quite honest. Unless the purpose of all this is to punish people who make mistakes?

Your implication that withholding the results would prevent cracked cards being made only works if you make the assumption that only these researchers could/would work out how to break the security. As Bruce Schneier says in the BBC article: "Assume organised crime knows about this, assume they will be selling it anyway,".

Re:Are they serious?

[RAMMS+EIN]

``Were I in their situation I would have publically released information on the hack the moment the injunction was overturned. If vendors of
ANY type of system want to fuck with people who show every intention of trying to HELP them, they deserve everything they get.''

Yes. But it's not they who get screwed over the most. It's the users of the system, those who paid for the system, and those who get caught abusing the holes.

Re:Are they serious?

[seriesrover]

No system anywhere is bug free - all have some set of vulnerabilities. The cost to investigate, fix, test, implement.....and then have another group find another set of vulnerabilities...is likely too much. At the end of the day this cost will be passed onto the customers. Threatening to releasing this information is not far off blackmail.

If I was to hang around your house telling you you need to lock you house up better or I'm going to give away free keys - think you'd be kind of pissed.

Re:Are they serious?

[seriesrover]

So you're judge, jury and executioner to punish these companies? This is upto, pressumeably The City of London, and Oyster. If Oyster haven't delivered as per the contract then they are liable.

Re:Are they serious?

Not quite - it is the Oystercard manufacturer, not the Oystercard operator who filed the lawsuit.

Re:Are they serious?

[IamTheRealMike]

I think that assumption is pretty sound actually. Otherwise the problem would have already been noticed when ridership/revenue figures became skewed.

It's a very common mistake to believe the bad guys are equally as competent as the good guys in security. In reality most of the people capable of doing this sort of work are already employed in the mainstream economy and getting paid good money for it. There's a long history of the bad guys bringing cracks to mass-market only after the "white hats" figure out how to do it and publish their results.

Re:Are they serious?

[mvdwege]

No, the market is supposed to be judge, jury and executioner. Unfortunately, the market doesn't work very well if one party holds the power to suppress information about its product.

Something 'libertarians' would do well to ponder.

Mart

Re:Are they serious?

[sshir]

Actually the most important bit of information is the fact, that the card was cracked.

Knowing that much, bad guys can easily arrange actual cracking redux by good folks from Eastern Europe...

I'm not surprised

[Errtu76]

I'm not surprised we Dutch are trying (and apparently succeeding) to hack public transportation systems facilities if you look at the current pricing of our own system. Provides for a good motivation. But the most recent exploit was also the main reason why the introduction of the so-called chipcard is delayed again. Which in turn leads to more development, therefor more costs and thus the prices increase ;)

Re:I'm not surprised

[D-Cypell]

I'm not surprised we Dutch are trying (and apparently succeeding) to hack public transportation systems facilities if you look at the current pricing of our own system.

I am assuming that you are implying that the Dutch transport system is expensive. Clearly you have never been to the UK. I live an hour away from London by train, if I were to shop around a little and pick the budget airline flights I could fly to Schipol from Gatwick/Heathrow, get the train to Amsterdam Central and a tram to my hotel for a cheaper price than my train journey from my house to the airport!! It really is *that* bad.

I have been to Amsterdam many times (not *just* for the usual tourist reasons, my grandmother was born there, so I visit family), and I can say without a shadow of a doubt that transport around Amsterdam is many time more efficient and cheaper than transport around London, and I would much rather deal with the bizarre conversations with strangers that have 'had a little schmoke' on late night Amsterdam trams than the strangers that are looking to mug me on the London underground.

Both of our countries are culturally rich, with a fascinating history, but yours seems far superior when it comes to the management of public services.

Re:I'm not surprised

Higher costs? In volume those chips cost 30 cents. I know. My company buys them for different purposes than transportation. Its a big public transit gouging. It costs a buck to produce that card. And please don't tell me the readers are expensive. They can be had anywhere for nothing.

Re:I'm not surprised

[Hognoxious]

To the Cheeseheads anything that's not free is expensive.

Re:I'm not surprised

[Da+Fokka]

I have to second this. IÂm Dutch and many people are claiming that the Dutch public transit system is expensive and inefficient. IÂve been to a lot of countries and I took a lot of trains and buses but our public transit compares favourably to almost any of them. Trains visit most parts of the country with metro-like frequency.

It really is a shame that the dutch national public transit card suffers from similar problems since it has been compromised too. But a chip card system offers a lot of options. Flexible pricing can incentivize off-hour travel. Chip systems will yield more comprehensive information on travel routes and habits and chip cards - if implemented properly - can be much easier to use.

Re:I'm not surprised

[Joker1980]

That reminds me of an old 'mock the week' on bbc when Andy Parsons done his train to Glasgow gag.

"It costs £98.18 to get the train from London to Glasgow, who the hell is going to do that when you can fly to Barcelona for £40, then fly whoever u wanted to visit in Glasgow to Barcelona for £40 and then spend the first £18.19 on sangria".

Re:I'm not surprised

[CastrTroy]

I think the only way to truly hack the system is to have a system more like debit cards. The card is actually connected to the identity of the person. All information goes back to a central system to verify the card has sufficient funds. Even if the bus just stored the info for later retrieval when they returned to the terminal, I think that would be a big step towards getting rid of any hacks. Any system where the value on the account is located on the card, is bound to be hacked.

Re:I'm not surprised

[Oktober+Sunset]

I call bullshit on this, either you live in scotland, in which case your trip to london will be longer than your trip from london to amsterdam, or you are comparing bought on the day open tickets to pre-booked cheap tickets, which is just bullshit. Your amsterdam train ride is 7 miles, which if you went the same distance in london is like a zone 2 tube trip for £3.50.

As for you flight, the cheapest flight will b with a UK airline, and KLM is £122, whereas BMI can get you there for £53, tho they can get you between UK cities for £38, and the cheapest is easyjet for £26, which is also a UK company, so your relying on the UK transport industry for your cheap transport, not the dutch. Even coming from Glasgow, (which is a longer train ride than your flight), your ticket is £31 in advance, so if you fly for £26, your dutch rail journey and tram journey will have to be only £5 to reach your claim, which would compare well to the underground which would take you the same distance for only £3.50 or £2 off peak. So actually, you completely failed to prove your point. I check the dutch train, and it cost £3, so even if your tram journey is 50p, you only draw with the UK transport system.

Incidently, there is no way to compare the price of a train ride form london to glasgow, as the distance is almost twice as long as the entire Netherlands at it's widest point. Considering that the Netherlands is only 16,033 sq miles, with no hills, whereas the UK is 94,526 sq miles, with a mountain range diving the country in two, and Amsterdam has only 1.4 million urban population and 6.5 million metropolitan and it urban district is about 14 miles across, whereas London has 8 million urban and 18 million metropolitan, and it's urban district is about 30 miles across, it is not surprising that it seems very easy to get around as the distances you are travelling are so small compared to the UK

Re:I'm not surprised

[Pig+Hogger]

Both of our countries are culturally rich, with a fascinating history, but yours seems far superior when it comes to the management of public services.

The thing is, the britshit have been totally subverted by the bourgeois, and those only want everyone to use their own motorcars, so they can enslave the people into being utterly dependent on the bourgeois selling petrol and tyres so the people can get along, as well as putting up with anorak bosses so they can make their car payments.

Those very same bourgeois do not want any State involvement in any thing at all, so public transportation is being inefficiently doled-out to private operators that will give less bang for the pound as they have to divert operating/maintenance funds to their bottom-line (inexistent in publically-operated systems), and it is thus priced in a very anticompetitive manner so people will want to get their own motorcars.

Re:I'm not surprised

[Oktober+Sunset]

oh, and just to kill your arguement completly, the longest train trip I could find in Amsterdam , for the furthest north I could get to the furthest south cost £31, which is the same as the trip from glasgow to london just mentioned, which is almost twice as far, so the truth is, mile for mile, transport is cheaper in the UK than the Netherlands.

Re:I'm not surprised

I am assuming that you are implying that the Dutch transport system is expensive. Clearly you have never been to the UK. I live an hour away from London by train, if I were to shop around a little and pick the budget airline flights I could fly to Schipol from Gatwick/Heathrow, get the train to Amsterdam Central and a tram to my hotel for a cheaper price than my train journey from my house to the airport!!

Or, you know, you could book your UK train tickets in advance and then it would be cheaper than any of that lot ;-)

(Although, thinking about it, if it's a "free" flight, so you just pay the £15 tax, then that might be similar to an hour-long train journey to London on some routes. And Amsterdam to Rotterdam (about an hour by train) is €25 anyway, your point really demonstrates how ridiculously cheap the airlines are.)

Re:I'm not surprised

And please don't tell me the readers are expensive.

Those readers are expensive.

They can be had anywhere for nothing.

BS. They're thousands of dollars apiece no matter where you get them.

Re:I'm not surprised

[FinestLittleSpace]

The issue is that it's a 'quick touch' system. Debit cards can behave as they do because they are not reliant on pure urgency. Oyster cards work in a way that you touch it to the reader for a second or 2, then it lets you in.

You're talking about picking an account out of ~8 million accounts on a server somewhere, checking it's balance. That's got to be a good second of simple database system look up as it is (from 'request' to 'result') even if you optimise it hugely. You then have the actual latency from the reader all the way down to the mainframe.

You then get the authentication issue - the card needs to send Name, Hash, UID, anything else to make sure someone can't just 'make their own card'... this increases lookup times... and even then, someone can just use a pocket scanner to nick a few people's card signals.

It would be a bold achievement!

Re:I'm not surprised

[CastrTroy]

You don't have to do a database lookup every time they get on the bus. Just store in the bus that they got on, and then debit the amount from the account when the bus returns to the garage at the end of the day. You could even store the amount available on the card, but also have the numbers centrally, so you could run a job that checked for inconsistencies.

Re:I'm not surprised

[FinestLittleSpace]

That's how the Oyster system works!

Re:I'm not surprised

[D-Cypell]

I call bullshit on this, either you live in scotland, in which case your trip to london will be longer than your trip from london to amsterdam, or you are comparing bought on the day open tickets to pre-booked cheap tickets, which is just bullshit. Your amsterdam train ride is 7 miles, which if you went the same distance in london is like a zone 2 tube trip for £3.50.

To be fair, you are correct, I was comparing the lowest possible journey price to Amsterdam with the highest possible journey price to London. I would accept that this might have been a little misleading, but it is not 'bullshit', just a bit dramatic.

The point still stands though, I am fairly certain that we have one of the most expensive public transport systems in the developed world and at the same time are one of the most heavily taxed people in the developed world. Someone is clearly doing *something* wrong.

Re:I'm not surprised

[joost]

It's not all peachy in NL. Amsterdam has two metro lines! Two! So it might be cheap, but fast it isn't.

Re:I'm not surprised

[drsmithy]

I am assuming that you are implying that the Dutch transport system is expensive. Clearly you have never been to the UK. I live an hour away from London by train, if I were to shop around a little and pick the budget airline flights I could fly to Schipol from Gatwick/Heathrow, get the train to Amsterdam Central and a tram to my hotel for a cheaper price than my train journey from my house to the airport!! It really is *that* bad.

Bollocks. I doubt you could fly to _anywhere_ from London without paying at least 30 quid or so in taxes, surcharges and fuel fines.

I've been living in Zurich for 6 months now, which is about as good as public transport gets, and I wouldn't say London's was especially bad.

Re:I'm not surprised

[Belial6]

Wait a minute. I've heard about the London underground many times when discussing cars in America, and it has been made perfectly clear that on English public transportation, all trips are incredibly fast, no one ever talks, so it is incredibly quit, it is absolutely safe, you never have to sit next to some smelly guy who just pissed himself, and you can pay for it with pocket lint. You must be confused.

Re:I'm not surprised

[CastrTroy]

Well then why not just go after the people who are cheating the system. Either the card should be hooked up to someone's identity, in which case you can give them a large fine, or in the very least, if you don't know who has the card, you can just store the card ID in some list of disabled cards so busses don't accept it anymore.

Re:I'm not surprised

[Killjoy_NL]

We don't have miles in the Netherlands, we have kilometers ;)

Re:I'm not surprised

[Oktober+Sunset]

you are fairly certain based on what? I checked it on the ticketing websites and journeys of comparable distances are cheaper in the UK than the Netherlands, your point does not stand, it falls down when you actually look at the figures rather than just go on a hunch like you are doing.

What's more, you are wrong about the taxation too, I looked it up (are you seeing a theme here) and our tax rates go from 10% for the lowest band (our tax bands are approximately the same), 22% for the middle band and 40% at the highest band, whereas the netherlands tax bands start at 20% for low band, then 23% for thier middle band and 53% for thier top band, so they get taxed more than us, they also have VAT at 19% compared to our 17.5%

Comparing to most other European countries will show we are neither at the top or the bottom when it comes to taxation.

All your points fall down when you actually check them rather than just parroting what the media says to you. just because you are fairly certain doesn't mean you are remotly near the truth, don't just choose what to believe based on your own prejudices, base it on the facts instead. You may be fairly certain, but I am absolutely certain, because I checked my facts.

You are at a computer, use it, it took me less time to look up the figures than to type this paragraph.

Oh and I see your post has been modded up, people do love reading things that tell them what they think they already know, even if it's not really true.

Re:I'm not surprised

[againjj]

And the reason you have £40 + £40 + £18.19 = £98.19 instead of £98.18 is because you put in you 2 cents worth (£0.01) in?

Re:I'm not surprised

[xaxa]

That's exactly what they do (e.g. if you report a card as stolen).

Re:I'm not surprised

[xaxa]

It varies too much, so this is for the London Underground:

Wait a minute. I've heard about the London underground many times when discussing cars in America, and it has been made perfectly clear that on English public transportation, all trips are incredibly fast

Faster than driving. About 30-40mph in central London, faster as you go out.

no one ever talks

In the daytime only American tourists talk (seriously! it's funny, and I'm sure we screw up American etiquette in the US for our part). In the late evening people are often travelling with people they know, so there might be a little talking. No one talks to people they don't know, if it's busy people stay quiet anyway.

so it is incredibly quit, it is absolutely safe

Pretty much, if you're comfortable walking to the station you should be OK on the train (I'm not saying it's safe, but if you're already taking the "living in a city of 8 million" risk, the "also using public transport" risk is tiny.)

you never have to sit next to some smelly guy who just pissed himself

Never.

and you can pay for it with pocket lint

Ah, not quite true.

You must be confused.

Buses aren't as nice, especially night buses, but generally the public transport is used by most kinds of people (poor through to rich), so any weirdos are very much diluted (rather than in the USA, where apparently you have to piss yourself before they let you buy a ticket, if what I read on here is anything to go by).

Re:I'm not surprised

[petermgreen]

For some reason when people quote air travel prices they quote cheap advance fares but when they quote train prices they seem to generally quote the full fare.

If you book in advance on a train that isn't too busy (or if you book a long way in advance on virtually any train) you can go from london to glasgow by train for under £20

Re:I'm not surprised

[Askmum]

I'm not surprised we Dutch are trying (and apparently succeeding) to hack public transportation systems facilities if you look at the current pricing of our own system.

I think the most important reason for hacking this system is not so much the want for free travel, it is more the proof that this card is not secure, that you can copy someone else's card and thereby make him pay for your trip.

And a further motivation for this crack is that we Dutch do not at all like the move of our public transport going to this chipcard system. It means that almost all stations will be blocked by gates that you can not pass without having a chipcard. Reasons for this would be the fight against people travelling for free. But the gates are so easy to circumvent that this reason is moot.

Mind you: it will also be impossible to leave a station without a chipcard. And when you travel by train from Belgium of Germany, you do not have, or even have the possibility to buy, a chipcard. So you can not exit the station.

Yet, all official indications are to go ahead with this system. This is all a protest against the mindless politicians that turn onto a road and stay on it, no matter what.

Re:I'm not surprised

[The_reformant]

Or the commuter could use tokens which bear a relationship to the fare. They could obtain these tokens by putting their card into handily located dispensing machines which would then debit the equivelent amount of tokens from their account.
If only such a system existed.

Re:I'm not surprised

[Joker1980]

that's the problem with slashdot, if i got a 5 funny ur reply easily deserves a 5 funny

Free

[quarrel]

Information wants to be free.

Luckily, so does public transport.

--Q

Re:Free

[Tibixe]

So do serial killers, by the way.

Transportation wants to be free!

[frenchgates]

The London public transit system sees payment for services as damage and routes around it. Or something like that.

Re:Transportation wants to be free!

[Anonymous+Brave+Guy]

If the London public transport system can route around planned maintenance, you're doing pretty well. Unexpected damage is pretty much always a show-stopper. :-(

Re:Transportation wants to be free!

[drspliff]

Or even a light snow can disrupt underground services (don't ask me how... I've just heard the service announcements)

Re:Transportation wants to be free!

[pjt33]

Simple. Not all of the Underground is underground.

Re:Transportation wants to be free!

[xaxa]

Simple. Not all of the Underground is underground.

In fact, most of the Underground is above-ground (55% of it).

Re:Transportation wants to be free!

[a_real_bast...]

The London public transit system users see having to pay for services as damage and route around it?

No it hasn't

[Errtu76]

Read the first pdf you've posted. It's not the same.

Pwnie award

This was not a hack of the Oyster system. It was a single instance of a card being manipulated.

http://pwnie-awards.org/2008/awards.html#lamestvendor

This is a perfect example...

[txoof]

This is a perfect example of how hacking can benefit the greater good. While it would be great to ride Dutch trains for free, it's obviously not sustainable and therefore I don't mind paying for services I receive. It is rather frustrating however to see companies attack the hackers that have found this weakness. Fixing the weakness will obviously cost money and time, but that is far superior to months of unscrupulous individuals taking free train rides all over the country. The students could have easily distributed this to their friends and community members quietly and cost the rail system thousands (perhaps hundreds of thousands) in free trips before it was discovered.

The rail company may have been duly diligent in their security assessment of the system, but obviously missed this problem. In this case, the students have provided a very valuable service for FREE. This can potentially improve the overall quality of the rail system. Obviously the rail company needs to spend capital to repair the flaw in the system, but that is superior to discovering and repairing the flaw after thousands of free trips have already been lost. In this case, the money lost in free trips can be reinvested into the service to improve it, rather than just flushed down the drain.

If companies can change their opinion of hackers that voluntarily point out security flaws to be more positive and less adversarial, everyone can potentially benefit.

Re:This is a perfect example...

[shabble]

While it would be great to ride Dutch trains for free...

You do realise that the Dutch only cracked the Oyster card, and that the card itself is used in London.

Which isn't in Holland.

Re:This is a perfect example...

[txoof]

Whoops! I guess I didn't RTFA carefuly enough. Thanks for pointing that out.

Re:This is a perfect example...

[_Shad0w_]

Although there is a Holland Park in London.

This useless information brought to you by someone who is about to bugger off home for the day, on the hell that is the London Undeground. With an Oyster card that appears to be on its way to dying.

Re:This is a perfect example...

[RAMMS+EIN]

The case of the dutch public transport card has all the indications of nobody actually caring about the things most would consider good. There's been shoddy engineering from the beginning, that's why the system still isn't operational nationwide. The project is also ridiculously overspent, eating into taxpayers' money. If the contractor can't deliver for the price they mentioned, it should be their loss, not everyone else's. Security problems have been apparent for a long time, even though this is denied, ignored, and covered up. One positive effect of this is that the cards were found to contain far more personal information than necessary, allowed, and desirable. So, out of all the things they could have spent their resources on, they apparently chose tracking travelers and otherwise invading their privacy. On top of all that, I am not surprised at all that they would try to silence yet another couple of critics.

Really, this isn't about delivering a good product. I don't know what it _is_ about, but I do know it ends up spending tax payers' money on something that isn't good for them, especially if they travel by public transport. I'd very much like to see this investigated. Even if there wasn't any malicious intent, a lot of harm has been done. We need to know what happened, who ordered it to happen, and who allowed it to happen, because I don't want this to happen again. Sadly, I fear I won't get any sizeable part of the Dutch population to support such an investigation, let alone the government, which seems to have "no investigation into possible mistakes" their credo.

Re:This is a perfect example...

I agree. The company making the cards should be forced to pay a consulting fee to the hackers. Or at least prosecuted for fraud.

Re:This is a perfect example...

[mvdwege]

Unfortunately, the chip used in the Oyster Card is the same one that the Dutch government was planning on rolling out this summer in the Dutch nationwide public transport system. And this was mentioned in TFA.

So take your attitude, and shove it where the sun doesn't shine, OK?

Mart

Why yes, they do

[Jeppe+Salvesen]

The sidewalks are great for walking on. At no cost!

Re:Why yes, they do

[Anonymous+Brave+Guy]

<Obligatory>We don't have sidewalks in London, you insensitive clod!</Obligatory>

We do a good line in pavements, but prolonged exposure to roadside air in London isn't exactly good for your health.

Re:Why yes, they do

[Blue+Stone]

> The sidewalks are great for walking on. At no cost!

Until the ID card surveillance system comes in. Then we pay to walk. To breathe. To exist.

Re:Why yes, they do

[bsDaemon]

Prolonged exposure to roadside air anywhere isn't exactly a day at the spa... but then, London does have the distinction of being the only city in the world wherein you can see the air you breathe ;-)

Re:Why yes, they do

[Jeppe+Salvesen]

Bloody 'ell!! You let tourists walk around all day in unhealthy air?! Greedy, insensitive bastards the lot of you!

Re:Why yes, they do

[ObsessiveMathsFreak]

Sidewalks, or pavements as they are sometimes known, cost money. Billions of people walk to and fro across and over sidewalks every hour of every day. Every six seconds, 5.72 meters of sidewalk are worn down by human traffic and need to be replaced. People seem to think that sidewalks spring forth from the ground. They don't. They cost money.

And who is going to pay this money? Who is going to finance the millions of kilometers of much needed sidewalks? Who is doing it at the moment? Why _you_ are. You the humble taxpayer is being forced to hand over your hard earned wages to pay for concrete that will be worn down by other people's shoes! It's ludacrious! Does anyone pay you to tile your kitchen? Do you get free funding, materials and labor when you have to repave your drive. No. Why should sidewalks be any different!?

What we propose, is a better way, and a better future for you and your children. By forming strategic Public Private Partnerships, we can finance the creation and maintenance of sidewalks everywhere by privatizing them. Businesses can finance construction of sidewalks by modestly tolling the people who use them, passing the costs on to those actually wearing down the paths, and not onto you, the innocent taxpayer.

Through the Magic of the Free Market private enterprise will deliver better, cheaper and cleaner sidewalks to the general public with no government participation! Businesses will prosper, providing employment for millions and the savings earned in the government budget can be passed on to you through a cut in the top rate of tax. It's a win/win situation for everyone involved!

Vote yes on Proposition 22. You owe it to your Family.

Re:Why yes, they do

[Random+BedHead+Ed]

We're already doing this with roads in America so why not sidewalks? The Magic of the Free Market also worked well in bringing about prosperity in Iraq (imagine how badly it would have gone if we'd relied on public entities rather than contractors). I don't see how this sidewalk plan could go wrong - just make sure you stock up on quarters before you go for a walk. :)

Re:Why yes, they do

[gnick]

You made my morning - Thank you.

What frightens me though is how many people are going to read that and jump on board with your modest proposal...

Re:Why yes, they do

[darkmeridian]

As a resident of New York City, I'm pretty surprised the Metrocard public transportation card system has not been massively compromised in its fifteen years of operation. There have been hacks here and there but for the most part the system has been secure. Good job, guys!

Re:Why yes, they do

[kent_eh]

"If you take a walk, they'll tax your feet"

Lennon/McCartney

Re:Why yes, they do

Hold on now just a second. Are you saying the air down in the tube is better than the air above ground? I beg to differ!

Re:Why yes, they do

[50000BTU_barbecue]

Unless you walk around naked and can eat bugs, you already pay taxes for infrastructure, you buy shoes, you buy food and shelter. So what's your point?

Re:Why yes, they do

[Attila+Dimedici]

In most municipalities the sidewalk is paid for by the owner of the property it passes in front of. In the one's that I am familiar with, if it comes to the attention of the relevant authority that your sidewalk is in disrepair, they send you a letter giving you "x" number of days to fix the problem after which they will either fine you on a daily basis or fix it for themselves for some exorbitant sum that you will be billed for.
So, in the U.S., most sidewalks have always been privatized.

Re:Why yes, they do

[xaxa]

Hold on now just a second. Are you saying the air down in the tube is better than the air above ground? I beg to differ!

I wouldn't like to compare them, but there was a study done which found that the claim that travelling on the London Underground was as bad as smoking a cigarette was false.

The mass of material inhaled on the underground was comparable to the mass inhaled by smoking a cigarette, but the dust on the tube was mostly iron/steel (from the rails and wheels) or grit (from the tunnels), and was in relatively big lumps that were mostly stopped by the hairs in the nose (as any Londoner knows). Compare that to the pollution above ground or from smoking: tiny particulates of toxic chemicals.

I'd rather sit in a park, but given the choice of sitting by a busy road or an underground railway, I'll take the railway.

(Anecdote: I lived in a flat between one of the main railway lines into London, and one fo the main roads. The windows on the railway side didn't need cleaning very often, even though some of the trains were diesel-powered. The dirt was gritty. On the road-side of the building the windows quickly became oily.)

Re:Why yes, they do

Lennon/McCartney

Actually Harrision, IIRC.

Re:Why yes, they do

"If you take a walk, they'll tax your feet"
Harrison

Re:Why yes, they do

The market opportunities for sidewalk-related services go far beyond the construction and tolling of sidewalks themselves. For example, tolls can also be instituted for those portions of vehicle roadways that are regularly used by pedestrians, such as crosswalks and the pedestrian light systems related to them. No toll fee paid? Then no crosswalk or light. You'll have to cross at your own risk. Crossings which receive insufficient revenue can be eliminated as unnecessary, and the capital equipment deployed elsewhere, both saving money and speeding up road traffic. Fundamentally, why should road drivers and their tolls have to subsidize pedestrians?

Likewise tolls should be instituted for the use of streetlights at night. A fee of 10 cents collected at each streetlight pole (they can be set up like parking metres) for 2 minutes of light would be a modest fee for the service of providing light over the sidewalk area, and allow for amortization of the capital costs over a realistic period for a business willing to make the investment. This would allow proper cost recovery of the true expense of illumination (energy, light fixtures, capital amortization, maintenance, etc.) for those people who would like to actually use the service at night, rather than burdening all taxpayers for the expense or expecting daytime pedestrians to cover the expense of the more extravagant nightgoers.

Clearly are many opportunities to more properly account for the true costs of pedestrian-related services, and more accurately reflect the real usage versus the true expenses of upkeep. Your proposition is weak and flawed by comparison because it does not let a true market-based cost recovery system to develop, and it will therefore never lead to the government-free utopia we all wish for -- one where taxes are unnecessary.

You should go back to business school for re-education.

Re:Why yes, they do

[Antique+Geekmeister]

So trimming your nose hairs is actually a health risk for London commuters? Blimey!

Re:Why yes, they do

[JBHarris]

I wish there was a "-1 UnTrue".

I've never heard of this practice. I've worked on several downtown development/beautification projects for my hometown and from my experience the sidewalks are always paid for with the same budget that maintains the roadway. In fact, here in my state (FL) the state, city, or county actually owns a minimum of 15ft from the center of the road, which will normally include the sidewalks on most two lane roads. For more info please see this.

Re:Why yes, they do

[samwichse]

Strange, I thought this was common practice.

You are also responsible for clearing snow from the walk in front of your house within a reasonable time or being fined.

Re:Why yes, they do

The sidewalks are great for walking on. At no cost!

Well, except the massive council tax.

Re:Why yes, they do

[Fluffeh]

relatively big lumps that were mostly stopped by the hairs in the nose (as any Londoner knows).

Hey, I've been to London, sometimes the REALLY big clumbs get blocked bot by your nose hair, but my your geezer teeth.

Re:Why yes, they do

[xaxa]

relatively big lumps that were mostly stopped by the hairs in the nose (as any Londoner knows).

Hey, I've been to London, sometimes the REALLY big clumbs get blocked bot by your nose hair, but my your geezer teeth.

"Hummer off road racing" (on his hat). Are you sure he isn't American, like these girls?

Re:Why yes, they do

[Ihmhi]

You must live in New Jersey...

Re:Why yes, they do

[DrHyde]

It's a little known fact that Londoners have evolved to be able to metabolise a fifth food group. As well as beer, curry, chocolate and bacon, we can also extract nutrients from diesel.

This explains why we don't like to travel to the countryside. We can't get essential vitamins through our lungs.

It's a pity

[Chrisq]

Its a pity that Cherie Blair didn't know this one.

Re:It's a pity

[shermo]

Wait a minute. She didn't pay the GBP9.60 fare so she got charged an excess of GBP10? If your expected chance of getting caught is 0.5, then why would anyone ever buy a ticket?

Also, given that I've been checked maybe twice using public transport systems in various european cities, there's no way the chance is anywhere near 0.5.

Anyone here involved in Oyster?

[BovineSpirit]

Does anyone know if the accidental wiping of 1000's of Oyster Cards a couple of weeks ago was linked to this? Just curious...

Re:Anyone here involved in Oyster?

[rmcleod]

Different issue.

Up for Pwnie award : Lamest vendor response

[Mathinker]

An AC posted it above, but he was lame enough to quote the vendor's response without commentary!

      http://pwnie-awards.org/2008/awards.html#lamestvendor

The response from Transport of London to the news of successful cloning of Oyster cards includes this priceless comment:

This was not a hack of the Oyster system. It was a single instance of a card being manipulated.

Link to the paper.

http://cryptome.org/mifare-classic.pdf

TranSys on Caltrain?

[lscotte]

I've noticed that TranSys terminals have appeared along Caltrain here in the San Francisco Bay Area in the past couple of weeks. I wonder if this means Caltrain is moving to the system - and also if they are using a version with the same flaws?

let me see if I've got this right...

[clone53421]

a haxor with skillz über-1337
wanted to ride london's fleet
but rather than paying
he found himself saying
"h4ck1n9 0y573r w0u1d b3 50 v3ry n347!"

Only London air visible?

[N+Monkey]

. but then, London does have the distinction of being the only city in the world wherein you can see the air you breathe ;-)

Sorry. You must either be colour blind to shades of brown or have never been to LA :-|

Re:Only London air visible?

[bsDaemon]

I've never been to LA... but I do like to make references to Charles Dickens.

Re:Only London air visible?

[N+Monkey]

I've never been to LA... but I do like to make references to Charles Dickens.

So do I, but "that's Dikkens with two Ks, the well-known Dutch author." :)

Re:Only London air visible?

[Langfat]

I have been to London and LA...

...as well as Beijing and Cairo. Gimme a call when you've left the Western world and we'll really talk about air pollution ;)

Re:Only London air visible?

[gnuman99]

LA? London? Please!

Try,

    1. Jakarta
    2. Bombay
    3. Calcutta
    4. Beijing

Re:Only London air visible?

[MagdJTK]

He's alright, but I always preferred Darles Chickens.

Re:Only London air visible?

Tehran (Iran) anyone? They have "pollution alerts" where they warn people to stay inside because the air has become too toxic

Oh london underground

[A+beautiful+mind]

It seems really apt to include a link to this. I waited for a long time to be able to link this on /.

Re:Oh london underground

[muellerr1]

The goatse London Underground logo is just the icing on that cake. Nice find.

Re:Oh london underground

Hell how I've been longing to hear that song again. Thanks Alex

Poor guys..

[4D6963]

So Dutch researchers cracked the public transportation pass for London? Boy they're gonna be pretty down when they'll realise they need to travel all the way to London just to get free public transportation.

Fortunately being Dutch they'll surely find a place to forget about all of this within a walking distance.

Re:Poor guys..

[SleptThroughClass]

So Dutch researchers cracked the public transportation pass for London? Boy they're gonna be pretty down when they'll realise they need to travel all the way to London just to get free public transportation.

Well, after all that fighting several centuries ago, they can't very well put up with a bunch of Dutch tourists gallavanting about, now can they?

Fortunately being Dutch they'll surely find a place to forget about all of this within a walking distance.

Or skating distance.

Re:Poor guys..

[iwein]

Actually the Dutch public transportation was supposed to have the same system nation wide, but they researched it first, and postponed the implementation when they found the security leaks. It's called "OV chipkaart" and it is annoying Dutch travelers since 2006. Here is the (dutch) link: http://www.ov-chipkaart.nl/nieuws/nieuwsoverzicht/34971111.

Re:Poor guys..

[Lennie]

I wouldn't put it like that, the government first poured a lot of money into it, then some students broke the encryption on this chip from the previous century that already had many known problems. Now the government doesn't seem to want to stop with the project, because it was almost ready. Although it maybe have been postponed.

Re:public transportation is for losers.

[pandrijeczko]

I don't want to play the evangelist here but it could easily be argued that a system based on source code that is open to constant peer review probably wouldn't have been in this long without the hack being discovered much earlier, mayube even before it went in in the first place. Oh, and before the "Linux fanboi" replies start flooding in, please remember that Open Source software runs equally as well in Windows and other OSes also.

Wake-up call.

[Pig+Hogger]

This is a wake-up call.
The issue is public transit financing; hardasses who want the public to pay more than their fair share (public transit benefits ***EVERYONE***, including motorists, and most importantly motorists who see decreased congestion; as well as employers who can have their workforce brought on site cheaply, so they don't have to pay exorbitant salaries so the workforce has to be able to afford a car - look no further to see the reasons why jobs are going to China) will only drive fares up, and thus the incentives to cheat (where I live, I cheat all the time; illegally, of course, but in a way that's effectively very hard to catch - it would take a cop to tail me all the time).
With reasonable fares, the incentive to cheat is simply not there.
(But transit can't be free; you need a fare to insure systems don't load up with homeless winoes).

It's like music: with $20 CDs, everyone downloads. Not so when they cost $2.

cards will be cancelled within a day (maybe!)

[jaymz2k4]

TFL have been saying that whilst the hack does work and is a concern they'll be able to identify cloned or reloaded cards and cancel them, so the most you'd get for your effort is a free travel card for the day.

"We wouldn't go into what security systems we've got, but we do have extra layers within the whole Oyster system," the spokesperson claimed. "We run daily tests for any cloned cards or rogue devices and none have been discovered. We are aware of the situation in Holland but, at this stage, there's no reason to migrate to a different system due to any security concerns."

http://www.zdnetasia.com/news/communications/0,39044192,62040565,00.htm

When they say 'none have been discovered' its not clear if that includes the Dutch hack. While Im sure there are probably ways around that too in the future and that saying this is partly to play down the impact of 'omg free travel!' I would imagine that an organisation like TFL with the resources they've got they probably can do such scans every evening or in transit. It's interesting regardless to see how this plays out...

Re:cards will be cancelled within a day (maybe!)

[xaxa]

TFL have been saying that whilst the hack does work and is a concern they'll be able to identify cloned or reloaded cards and cancel them, so the most you'd get for your effort is a free travel card for the day.

If they increase the deposit on an Oyster card to £5 that should deter people who just want a free travelcard for a day.

Re:cards will be cancelled within a day (maybe!)

[TheLink]

It's actually quite easy to detect if the card system is to only work for TFL stuff.

Every night you collect all the transactions from the various sites, run a batch job, and figure out what values all the cards should have (reconciliation).

The next day if a card is used and has a different value from expected (especially higher :) ), you don't let it work and blacklist it.

The problem is if you want to allow the card to be used everywhere (parking, buying snacks), that means that:
a) either all the other places must be connected to one central system
or
b) you can get a free stuff/services/rides on places that aren't connected to that system.

If you don't want to do all that, I don't see the hack as being a big deal.

Storing the value on the card allows lower latency and for the system to work even if the network is temporarily down (or slow). As long as you can do the reconciliation in a timely and thorough manner, the hack doesn't really matter much. Matters even less if they have records on who bought the card - easy to notice someone regularly buying cards that "magically" get the "wrong" values and thus get cancelled the next day.

Become a UK MP anyone?

Surely it is easy enough for someone in the Dutch group to "lose" any important documents relating to the crack. Unless they have some ulterior motive for being good.

'Get the Facts...'

The reason the bus routes have had their length cut has been forced on Tfl by an EU directive. This is happening all over the country not only in London.
One evample was the X64 from Guildford to Winchester.
now it runs as the X64 from Guildford to Alton. Whereupon, everyone gets off. The driver changes the service number to X65. Everybody gets back on and off to winchester the charabang goes.

There is a maximum amount you can pay on an OyserCard in any one day. To quote the Tfl web site
Daily price capping automatically calculates the cheapest fare for the journeys you make in a single day
?This means that once to reach the amount of a daily travelcard for the zones you have covered you won't be charged any more.

I don't work for Tfl and do not support the congestion Carge or Low Emissions Zone.

There goes the dollar...

[BancBoy]

Horseshit.

it does cost 90p(about US$90).

I hate it when I oversleep and the entire US economy collapses...

Re:There goes the dollar...

[ombwiri]

Petrol will still be cheaper in the US than here though. So it isn't all bad.

Re:There goes the dollar...

[Tetsujin]

Horseshit.

it does cost 90p(about US$90).

I hate it when I oversleep and the entire US economy collapses...

So do we! We were counting on you to hold the malaise at bay, but, no... you had to get your beauty rest instead...

I used to be able to pay cash to travel

But they require an oyster card.

Whose security is broken.

So *criminals* will be able to travel for free. Not me.

Now why is it when someone shows the broken security, someone ALWAYS comes up with "Huh, so you want it for free". Uh, CRIMINALS will want it for free, so if they DON'T fix it, the cost to US the PAYING CUSTOMER will go up at no extra charge for the criminals.

You know what should happen: the security creator doesn't get paid, they get a cut of the profit. If the security saves no money, they get no money.

Sensible?

More seriously...

[cardpuncher]

... these cards are widely used in physical access control systems: determining who is allowed into buildings or parts thereof. As one of the researchers explained today, part of the delay is to allow extra physical security to be deployed at sensitive locations. I don't think anyone has started to calculate the potential cost of all this, though there are probably one or two lawyers ordering yacht catalogues...

So criminals can't use these hacks?

Or are they too honourable to do so?

When it's about putting everyone's DNA on file, it's all "Well, they'll only have criminals on there, won't they." but when it comes to the security that paying customers are paying for, there are no criminals interested. They appear to be repelled by the heinous act of "free travel".

free

[phaetonic]

open source, free as in transportation?

Beauty rest?

[BancBoy]

Horseshit.

it does cost 90p(about US$90).

I hate it when I oversleep and the entire US economy collapses...

So do we! We were counting on you to hold the malaise at bay, but, no... you had to get your beauty rest instead...

Obviously, you've not seen me first thing in the morning. Beauty rest?! It's more like ugly sleep!

Oysters Rock A Fella

[tiktok]

This should be called "shucking" instead of hacking.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

Release it!

Release the hack!! It would save me 160usd/month.

I wonder...

... what system the Argentinian underground uses.

If First-World countries have these flawed systems, I don't know what to expect from my Third-World home...

Roads aren't always *that* bad

[jesterzog]

Prolonged exposure to roadside air anywhere isn't exactly a day at the spa...

I don't live in a city anywhere near as large as most cities (~300,000) and I doubt we have anywhere near as many cars, but I've generally found air around vehicles much easier to breathe than air around groups of people, specifically because the latter is often full of smokers (where I am, at least). Cigarette smoke lingers a long way from people who smoke and for a long time after, and the air's much more stale. This is especially the case since local laws recently forced smokers out of workplaces, which means everyone smokes on the streets.

Perhaps vehicle manufactures have had much more motivation to clean up the exhaust their products produce than tobacco companies.

This is looking at things on a small scale, of course. I'd presume that vehicle exhausts have a much more significant effect on global problems than cigarette smoke.

No such thing as a free ride ????

[Temeraire]

Oh yes there is such a thing as a free ride in London. You would be amazed what a large fraction of all bus riders are paying nothing. All old folk, school kids, and disabled travel free. When they equalized the ages between men and women for free old age bus passes, they brought men's down to 60. Very nice for me, but sometimes I feel guilty sprinting to catch the bus and then flashing an old-timer's free pass! Seriously though, the whole of transport policy in London is deeply corrupt, with hidden subsidies going in all sorts of directions, some socially desirable, but very often acting as a powerful financial engine to transfer resources from poor to rich. If this Oyster card crack serves to make a few more people aware of the problems, it can only do good.

to give NXP time to secure their systems.

[RockDoctor]

Yeah, right.
I don't WOMBAT in the SMOKE too often, it's too much of a WOMBAT. But for the last several years, when I've WOMBATted in a hole in the ground, I've used an Oyster card registered to Osama Bin Laden, and only ever topped up by paying cash.
==============
Codes :
WOMBAT = Waste Of Money, Brains, And Time.
SMOKE = not an acronym, unfortunately. London, where the zoological specimens live inside the cages, to protect them from the city's inhabitants.
Many people travel as OSAMA, without challenge ; some are imaginative; while there is a coin-only way to charge-up the card, I'll continue to do so.

Why not prosecute them?

[Muchsake]

Just curious - why haven't the researchers been prosecuted for theft?