Gagged DEFCON presentation now available
Posted on August 11th, 2008 by bile Tags: Alessandro Chiesa, Boston, CharlieCard, DEFCON, Douglas P. Woodlock, Massachusetts Bay Transit Authority, MetroCard, MIT, school newspaper, The Tech[Zack Anderson], [RJ Ryan], and [Alessandro Chiesa] were sued by the Massachusetts Bay Transit Authority for an alleged violation of the Computer Fraud and Abuse Act after copies of their presentation slides were circulated at Defcon 16. The slides give an eye widening glimpse into the massive security holes present in the Boston subway system. There are at least 4 major security flaws in the subway, which allowed them to get free subway rides by finding unlocked, back door routes into the subway, spoofing magnetic and RFID cards, and attacking the MTBA’s network. Judge Douglas P. Woodlock has issued a gag order, stopping the trio from giving the presentation at Defcon or disclosing sensitive information for ten days. However, the MIT school newspaper, The Tech, has published a PDF of the slides online. The research culminated in the trio warcarting the MTBA’s headquarters and being driven off by police.
A quick skim reveals that the magnetic strip part of the card is pretty simple to crack.
Leave a Reply
You must be logged in to post a comment.
