FRIHOSTFORUMSSEARCHFAQTOSBLOGSDIRECTORY
You are invited to Log in or Register a Frihost Account!

Getting Free Rides on the Boston Subway....

   Frihost Forum Index -> Lifestyle and News -> Discuss World News
 


ganesh
I recently came across this article which tried to analyze the legal repercussions of the actions of some MIT students in exposing the vulnerabilities of the Boston subway ticketing system:

http://blogs.wsj.com/biztech/2008/08/11/responsible-disclosure-judge-gags-student-hackers/

Rather than actually encouraging the students for discovering the loophole and taking steps to rectify the vulnerability, the subway authorities have gone ahead and prosecuted the students! What is your opinion on this? Let us use this thread to discuss our viewpoints with fellow Frihosters.
brokenadvice
The student's probably should have notified the transport authority before going public with the data. Even letting out word that the systems are hackable before telling the transit authority allows the chance for malicious hackers to do some actual damage.
lagoon
Something like this happened with the Oyster card system on the London Underground. Mr. Boris has cancelled all contracts related to it.
{name here}
brokenadvice wrote:
The student's probably should have notified the transport authority before going public with the data. Even letting out word that the systems are hackable before telling the transit authority allows the chance for malicious hackers to do some actual damage.

I actually saw the presentation. Half of the discussion focused on something that is impratical although it is a real security loophole, and the other half focused on physical loopholes, all of which could be easily fixed by having workers that are willing to take simple precautions like locking their workstation and putting locks on drawers.

Based on how utterly ridiculous some of these little holes are, if a black hat cracker actually wanted to get inside the transit system security they would have already and they wouldn't have needed to try. I don't think there is any information there that they would want since charlie cards store a person's info and there isn't any main database for this info. At most, all there'd be is some easily resetable mischeif.
brokenadvice
Still, After someone recently announced that there was a huge bug in DNS, somebody else figured out how to exploit it separate from the first person, who was holding off on releasing the 'sploit. Sure a real hacker could have found it alone, but it definitely sped up the black hat searching.
Related topics

free pop
prizee and getting free pack+
Alcohol and parties, Your opinion.
finally free domain no adds
Free Beer, check this out
News Forum
Get your site linked and reviewed at Lockwolf's Links!
Virus and Spyware?
I is stupid, need domain help :P
I'm 15 yo and heres my site, hope you like it!
When and Why You Made Your First Website
An eye for an eye
Changements to the Points/frih$ system (Discuss)
Creative fonts
How to Make Good Posts
Reply to topic    Frihost Forum Index -> Lifestyle and News -> Discuss World News

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2007 Frihost, forums powered by phpBB.