Comments on: MBTA drops lawsuit against MIT subway hackers

By: mykeyfinn

mykeyfinn — Fri, 26 Dec 2008 02:11:23 +0000

Not just could have, but probally did. All the did was expose and fed up system, whereas someone else would have just used the info and said nothing. Sometimes it takes threat to get people to fis there problems. I had to pen test my bank and show the branch manager the results in non-geek to get them to upgrade security, same deal.

By: zypher

zypher — Wed, 24 Dec 2008 08:49:30 +0000

Could brute force that with Legos. = lulz

By: TJHooker

TJHooker — Wed, 24 Dec 2008 08:13:40 +0000

@joe: Anyone could do it based off the information in the PDF, and probably without it. It would of been cool if it used some type of self modifying code and obfuscation though to make the attack seem sophisticated.

Most people ignored I think because nobody cares about public transit that much.

By: Joe

Joe — Tue, 23 Dec 2008 20:06:44 +0000

The system was pathetically covered. If you read the slides it is obvious that the co that build it halfassed it. For instance, the top secret checksum was only 5 bits with a whopping 64 possible permutations. Could brute force that with Legos.

I read some of these cards when they first came out in ’06 and thought it looked simple. The barn door was freaking wide open and the just happened to be the ones to tell the world.

Read up, it is a great hoot, especially the gag request court papers. Starts out with an entire page of credentials by the MBTA security head. Then says the system is supersecure and that no one could easily break in. Even says cards were heavily encrypted. False on all counts when you look at the decon report.

MBTA is a mess, and likely will continue to be. let them blame it all on those insanely smart kids in Cambridge. Who else could pull it off? Its too bad they had to be “MIT” kids to do it, which makes people think that it was very complex, but the folks down at Bunker Hill Community College could have done most of it too.

By: TJHooker

TJHooker — Tue, 23 Dec 2008 19:31:48 +0000

When I heard MIT students where being threatened I knew the EFF would be all over it. Good thing they didn’t go to a state university(sarcasm.)

I wonder where all the non-commercial-interest digital rights advocates that supported the eff went.

I won’t list all the cases the eff has completely ignored over at least the past two and a half years. There execs must of done lunch with the prosecutions execs during the trials.

By: Tommy

Tommy — Tue, 23 Dec 2008 16:50:07 +0000

@aaron: Much more diplomatic about cranial location than I would have been.
:-)

By: Aaron

Aaron — Tue, 23 Dec 2008 16:24:26 +0000

From what I remember, the students went to the MBTA and they didn’t want to listen to them in the first place. Now they want to work together and improve the security. Finally the MBTA woke up and got their heads out of the sand.