Slashdot Mirror

← Back to Stories (view on slashdot.org)

With Lawsuit Settled, Hackers Working With MBTA

Posted by ScuttleMonkey on from the how-it-should-be dept.

narramissic writes "The three MIT students who were sued earlier this year by the Massachusetts Bay Transit Authority for planning to show at Defcon how they had had reverse engineered the magnetic stripe tickets and smartcards said Monday that they are now working to make the Boston transit system more secure. 'I'm really glad to have it behind me. I think this is really what should have happened from the start,' said Zack Anderson, one of the students sued by the MBTA."

2 of 90 comments (clear)

  1. Re:nothing new by DMalic · · Score: 5, Informative

    You're reading verbatim the brief where the MTBA lies their butt off. The students were not only fully in the right, but 110% - they offered all relevant information, were not planning to provide any illegal or directly damaging info in their talk, etc etc. The MBTA wasn't willing to listen, fix their problems, or even admit they had one - the bureaucrats running it were more interesting in covering things up, which is how this whole fuss got started.

  2. Re:nothing new by Thinboy00 · · Score: 5, Informative

    Interestingly, they really didn't meet any of the conditions you stated!

    A couple of bits from the first link:

    The passage in the Defcon show guide describing their talk begins, "Want free subway rides for life?" That line was removed from the description of the talk posted at the Defcon Web site.

    Can't see that as not causing trouble (at least from the MBTA's perspective...)

    The researchers refused to give the transit authority information about security flaws in its system ahead of the talk, the filings state.

    Which is not particularly polite - and in fact definitely takes them out of any resonable definition of "White Hat"...

    And while hacking around on a smartcard they bought shouldn't be illegal (as long as they don't actually use it for free rides), this bit:

    [snip]

    From another FA

    The students said they tried to contact the MBTA around July 20 through their professor Ron Rivest, who teaches in MIT's Department of Electrical Engineering and Computer Science, but did not actually connect with the agency until around July 30.

    It's been a crazy week for Anderson, who looked haggard -- he said it took him 18 hours to travel by air to Defcon and he had not slept since Thursday.

    And another:

    Mahoney [the MBTA attorney] praised a security analysis the students had prepared for the agency, saying the information in it convinced them of the vulnerability.

    Looks like you're wrong, or one of TFAs is wrong anyway.

    --
    $ make available