ERP Newsletter
 
NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 CIO Blogs and Discussion
 CIO Web 2.0
 CIO Leader
 CIO Enterprise
 CIO Insider
More Newsletters | Edit Profile
 
RSS Feeds »
 
 
LEADERSHIP
 
CIO Executive Programs
The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

 
CIO Executive Council
A Peer-Advisory Service and Professional Association for CIOs

Turn Geeks into Leaders

June 17, 11:30 AM - 12:30 PM U.S./ET (GMT-4)

Larry Bonfante, CIO of the U.S. Tennis Association, will discuss the skills and approaches that your rising IT leaders must learn to be effective in an executive capacity.

How to Handle Your New CEO: Managing Turnover at the Top

June 18, 11:00 AM - 12:00 PM U.S./Eastern (GMT-4)

Turbulent times have increased turnover at the top. Find out what Council CIOs have done to "break in" new CEOs—build relationships, set expectations, educate on the role of IT.

Mid-Market CIO Panel: Tips and Techniques for Improving Vendor Relationships

July 15, 4:00 PM - 5:00 PM U.S./Eastern (GMT-4)

We'll highlight relationship priorities and best practices identified in a Council study, and we'll interact with a CIO panel on the approaches they've used to improve strategic vendor partnerships.

Executive Competencies Assessment Tool

Assess Your Business Leadership Skills with the Council's new benchmarking tool. Rate yourself in change leadership, strategy, customer focus and more.

More / Register »

Learn more about the CIO Executive Council »



 
 
RESOURCE CENTER
 

buy a link »

Ads by TechWords
 
 
SUBSCRIBE TO CIO
 
Are you involved in setting the direction for your company's IT budget or strategy?

Apply today for a FREE subscription to CIO Magazine!

Subscription Services »
Reprints »

 
 
News
 

Massachusetts Transit Agency Sues to Stop Hacker Talk

The Massachusetts Bay Transportation Authority has sued three students and their school, the Massachusetts Institute of Technology, hoping to stop them from disclosing flaws in the MBTA's electronic ticketing system.

 

By Robert McMillan

August 09, 2008 — IDG News Service —

The Massachusetts Bay Transportation Authority has sued three students and their school, the Massachusetts Institute of Technology, hoping to stop them from disclosing flaws in the MBTA's electronic ticketing system.

The lawsuit claims that the presentation would cause "significant damage to the MBTA's transit system," according to an online posting of the suit, filed Friday with the U.S. District Court for the District of Massachusetts.

It names students Zack Anderson, Russell "RJ" Ryan and Alessandro Chiesa, who are scheduled to talk about "The Anatomy of a Subway Hack: Breaking Crypto RFIDs & Magstripes of Ticketing Systems" at the Defcon conference on Sunday at 1 p.m. local time. The MIT students and an MBTA lawyer did not return calls and e-mail messages seeking comment.

In a presentation distributed to Defcon attendees, the students describe a variety of techniques that could be used to gain free access to Boston's transit system, some of which they admit are illegal. They say that the point of the talk is to show the results of a penetration test of the MBTA system, but they were clearly aware that it could have caused legal problems. One slide reads simply "What this talk is not: evidence in court (hopefully)".

The passage in the Defcon show guide describing their talk begins, "Want free subway rides for life?" That line was removed from the description of the talk posted at the Defcon Web site.

The students discuss physical security problems they found with the system, such as unlocked gates and unattended surveillance booths. They say they were able to access fiber switches connecting fare vending machines to the unlocked network, and they also describe techniques to clone and reverse-engineer the MBTA's CharlieTicket magnetic stripe tickets and CharlieCard smartcards.

In court filings, the MBTA says that 68 percent of its riders use the CharlieCard, which brings in about US$475,000 to the transit authority each weekday. The researchers refused to give the transit authority information about security flaws in its system ahead of the talk, the filings state.

An MBTA vendor tipped off the authority on July 30 that the talk was scheduled, filings state.

The CharlieCard is based on the same Mifare Classic RFID (radio frequency identification) technology used by many other transit systems around the world. Earlier this year, Mifare's producer, NXP, sued to prevent researchers from presenting research on how to crack this technology. A Dutch court rejected NXP's claims last month.

The MIT students' talk is supposed to be posted online at an MIT site. At press time it was not available.

 
 
Loading...
 
WHITE PAPERS

Investing in Business Analytics Technology

Find the answers to your questions about business anyalytics initiatives.
 

Don't Sacrifice Speed

Learn how to ensure custom content is obtained in a fast manner and doesn't drive your customers away.
 

Virtualization: Unparalleled Agility

VMware joined BMC Software to co-author 7 must-read tips for striking the perfect balance in your virtual environment.
 

Effective Service Management Eases the Virtualization Transition

Virtualization adds a whole new level of complexity to the IT infrastructure.
 

Meet Rising Demands on IT and Cut Costs

Strategies for Modernizing IT, Reducing Costs, and Improving Operational Efficiency
 

How Can Your Organization Weather This Economic Storm?

IT executives are under intense pressure to cut costs, and that pressure is significantly increased by the current grim economic outlook.
 

WEBCASTS

IT Consolidation Made Easy

The Primary IT Initiative for Reducing Costs
 

Webcast with Dan Vesset: Investing in Business Analytics Technology

What exactly is business analytics and why should you care? Dan Vesset of IDC and Gaurav Verma of SAS answer this a...
 

Capitalize on Your SAP Content

After 18 years of partnership and over 3,000 successful customer deployments, Open Text has become SAP's premier pa...
 

Enterprise Cloud Computing: Ready for Primetime?

The progression toward enterprise cloud computing is happening today, as industry leaders deploy technologies that ...
 

BSM in the Field, Practical Insights from Peter Armaly

Have you thought about BSM, but haven't quite gotten the buy-in you need? Get down and dirty with BSM installations...
 

BMC Service Assurance Demo

What if you could predict disruptive IT events and automate their resolution -- all before they disrupt your busine...
 

Resource Alerts

Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.

 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

Taking the Service Desk to the Next Level

Communications and Collaboration Needs at Business Organizations

Using Open Source to Deploy Web Applications

Secondary Market Primer: Your Network at Half Price

Losing Ground: 2009 TMT Global Security Survey

Stop Application Fraud at the Source with Device Reputation

Building the Virtualized Enterprise with VMware Infrastructure

The Global Marketplace Today: Strategies for Tough Times

Top 10 Business and IT Drivers for the Wealth Management Sector

8 Key Ingredients to Building an Internal Cloud

BPM: Leveraging Competencies and Streamlining Processes to Achieve Operational Excellence

White Paper: The Building Blocks for Cloud Computing

Craft a Strategy to Lower Your Total Cost of Ownership

A Natural User Interface for Enterprise Applications

Delivering Secure and Reliable Data through Spreadsheet Automation

Financial Institutions Need Rich Internet Applicatons

"Enterprise-Proven" is the Prerequisite for Enterprise SaaS Portal Solutions

Accenture IT Consulting: Enabling high performance. More...

Top Five CIO Challenges

Insight makes it easy to spend your Microsoft subsidy check.

Five minute business analytics assessment. Immediate results.

Dangerous Collaboration Practices: 5 Ways IT Can Minimize Risk

Accenture: Outsourcing for uncertain times. Click to learn more.

The Case for Investing in Business Analytics Technology. Read white paper.

Live Webinar: Applying Business Analytics. Click here to learn more

Why Data Loss is Increasing--and What You Can Do About It

Learn how to managing client systems in the enterprise.

Build a High-Performance Open Web Platform

How Interactive Viewer Reduces the Effort to Meet Visualization Requirements

Top-line Performance that's Bottom-line Efficient

Learn how a virtualized enterprise can help your company reduce costs

Why Isn't Server Virtualization Saving Us More?

Learn how to save 30% through project & portfolio management.

5 Steps to Automating Accounts Payable

BPM Survey Results: The Real-World Analysis

Ready to Act: 3 Recommendations for Agile Processes

Achieving Business Agility with Application Grid

Next Generation Enterprise Applications

Achieving Pervasive Performance Management

Smart Decisions: The Role of Key Performance Indicators

The Link Between Effective Online Business Banking and Web 2.0

Introducing the new HP ProLiant G6 server family

Accenture: Outsourcing for Competitive Advantage. More...

Better spam protection with Postini for just $1/user/mo

Introducing the new HP ProLiant G6 server family

infoBOOM! - The Mid-Sized Company CIO's Exclusive Community

Accenture IT Consulting: Logical meets technological. More . . .

The Fraudster Economy Model: Operating a Business in the Underground

Trade in your old laser printer and get up to $1000 back!

Seven Ways ITIL Can Help You in an Economic Downturn