CIO Enterprise Newsletter
 
NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 CIO BlackBerry News and Tips
 CIO Research and Analysis
 CIO Microsoft
 CIO Insider
More Newsletters | Edit Profile
 
RSS Feeds »
 
 
LEADERSHIP
 
CIO Executive Programs
The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

 
CIO Executive Council
A Peer-Advisory Service and Professional Association for CIOs

Webcast: In the Google Apps Cloud: How to Achieve Your Business Objectives

Dec 3rd, '09, 1 - 2 pm US/Eastern (GMT-5)

Join Council member Brent Hoag, Director, Global IT, at JohnsonDiversey, as he discusses the adoption of Google Apps which has helped meet four corporate goals; sustainability, simplification, increased employee productivity and global collaboration.

Webcast: Collaboration Initiatives: Benchmarks & Best Practices

Dec 15th, '09, 4 - 5 pm US/Eastern (GMT-5)

Join Council members Ruth Thorpe, VP & CIO at the U.S. Pharmaceutical Operations of Sanofi-Aventis, and Gary Kuyper, CIO at Bethany Christian Services, as they speak about their collaboration initiatives and experiences in how and why they chose the social networking and collaboration tools they are using and their business goals for collaboration, and facing culture change challenges.

Data Overview: Collaboration Initiatives Field Guide: Benchmarks & Best Practices

This appendix to the Council Field Guide provides an analysis which discusses benchmarks for collaboration IT implementation costs, adoption rates and payoffs. The overview identifies top IT and business goals and satisfaction rates for collaboration initiatives as well as best practices and lessons learned for implementing collaboration IT.

More / Register »

Learn more about the CIO Executive Council »



 
 
RESOURCE CENTER
 

buy a link »

Ads by TechWords
 
 
News
 

Massachusetts Transit Agency Sues to Stop Hacker Talk

The Massachusetts Bay Transportation Authority has sued three students and their school, the Massachusetts Institute of Technology, hoping to stop them from disclosing flaws in the MBTA's electronic ticketing system.

 

By Robert McMillan

August 09, 2008 — IDG News Service —

The Massachusetts Bay Transportation Authority has sued three students and their school, the Massachusetts Institute of Technology, hoping to stop them from disclosing flaws in the MBTA's electronic ticketing system.

The lawsuit claims that the presentation would cause "significant damage to the MBTA's transit system," according to an online posting of the suit, filed Friday with the U.S. District Court for the District of Massachusetts.

It names students Zack Anderson, Russell "RJ" Ryan and Alessandro Chiesa, who are scheduled to talk about "The Anatomy of a Subway Hack: Breaking Crypto RFIDs & Magstripes of Ticketing Systems" at the Defcon conference on Sunday at 1 p.m. local time. The MIT students and an MBTA lawyer did not return calls and e-mail messages seeking comment.

In a presentation distributed to Defcon attendees, the students describe a variety of techniques that could be used to gain free access to Boston's transit system, some of which they admit are illegal. They say that the point of the talk is to show the results of a penetration test of the MBTA system, but they were clearly aware that it could have caused legal problems. One slide reads simply "What this talk is not: evidence in court (hopefully)".

The passage in the Defcon show guide describing their talk begins, "Want free subway rides for life?" That line was removed from the description of the talk posted at the Defcon Web site.

The students discuss physical security problems they found with the system, such as unlocked gates and unattended surveillance booths. They say they were able to access fiber switches connecting fare vending machines to the unlocked network, and they also describe techniques to clone and reverse-engineer the MBTA's CharlieTicket magnetic stripe tickets and CharlieCard smartcards.

In court filings, the MBTA says that 68 percent of its riders use the CharlieCard, which brings in about US$475,000 to the transit authority each weekday. The researchers refused to give the transit authority information about security flaws in its system ahead of the talk, the filings state.

An MBTA vendor tipped off the authority on July 30 that the talk was scheduled, filings state.

The CharlieCard is based on the same Mifare Classic RFID (radio frequency identification) technology used by many other transit systems around the world. Earlier this year, Mifare's producer, NXP, sued to prevent researchers from presenting research on how to crack this technology. A Dutch court rejected NXP's claims last month.

The MIT students' talk is supposed to be posted online at an MIT site. At press time it was not available.

 
 
Loading...
 
WHITE PAPERS

Exchange 2007 Risks and Mitigation Strategies

This whitepaper will review the strengths of Exchange 2007 and areas where CIOs should consider third party solutions.
 

Solving On-premise Email Challenges

This white paper presents ten on-premise challenges and their on-demand services solutions.
 

Adobe for Business Process Automation

Companies must be able to react to customer demands, competitive threats, and compliance requirements.
 

Increase Customer Satisfaction and Lower TCO

With Adobe® LiveCycle® Enterprise Suite (ES2) software, organizations can easily deploy intuitive user experiences.
 

Upgrading to VMware vSphere with vWire

Learn how vWire can help ensure the success of your upgrade from ESX 3.x to vSphere.
 

Using ERP To Gain Competitive Advantage in a Tough Economy

For midsize enterprises, now is the perfect time to invest in a significant IT expansion - despite the economic climate.
 

WEBCASTS

Extending Client Refresh - 11 Steps to Maximize Savings

11 Steps to Maximize Savings
 

CIOs Weigh In On Virtualization

Date: November 19, 2009 Time: 2:00 PM EST

Jim Malone, Editorial Director of CXO Media's C...
 

Beyond Installing ITPM Software: How a global company reduced risk and successfully implemented ITPM

Hear directly from one of your peers who has reduced risk and successfully implemented ITPM in this Live Webcast. ...
 

IT Consolidation Made Easy

The Primary IT Initiative for Reducing Costs
 

Taking a Seat at the Executive Table: The Reality of Virtualization

This year, for the first time, the number of virtual machines is on track to exceed the number of physical machines...
 

Who Are the Data Center Leaders?

Today's data center is still very much a heterogeneous environment. Gabriel Consulting recently surveyed over 250 d...
 

Resource Alerts

Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.

 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

Upgrading to VMware vSphere with vWire

Maximizing website Return on Information with high-quality search

Gartner Magic Quadrant, Application Delivery Controllers 2009

Authentication as a Service by Forrester Research

Learn How Web Site Performance Impacts Shopper Behavior

Build a Foundation for Unified Communications

Removing the Barriers to IT Governance: How On-Demand Software Changes the Game

Should Your Email Live In The Cloud? A Comparative Cost Analysis

Learn about the growing threat of insider data theft.

Adobe® LiveCycle® solutions for business process automation

10 Ways Excel Drives More Value from Your SAP Investment

The Key to Proving and Improving the Value of IT to the Company

Unleash the Power of Java with Oracle JRockit Real Time

Taking the Service Desk to the Next Level

Return on Information: Google Enterprise Search pays you back. Get the facts.

VMware. The source for Business Infrastructure Virtualization.

ShoreTel tells businesses to untangle from competitors' complexity and turn to its brilliantly simple UC solution

See how AT&T can help protect your network.

Streamline IT Costs. Boost Performance with WAN Optimization.

Build your 1st app FREE with Force.com

TDWI checklist helps define data readiness for analytics. Download report.

A Clear View Toward Virtualization

Virtualization Technology as a Business Solution

The rules of infrastructure management just changed.

A Clear View Toward Virtualization

Return on Information: Google Enterprise Search pays you back

ROI of Application Delivery Controllers

Making Consumer Two-Factor Authentication Simple and Cost-Effective

Webcast: Unleashing the Power of Customer Data

Disciplined Autonomy: Resolving the Tension Between Flexibility and Control

Enterprise Capture: Your Onramp to Business Process Automation

Cloud Computing--What is its Potential Value for Your Company?

Seven Design Requirements for Web 2.0 Threat Protection

How Consumerization of IT Will Make Your Business More Productive

How does a software company save big with Green IT?

Translate business strategy into IT strategy and obtain maximum benefits.

eBook: How Can You Make Your People Productive Anywhere?

Mind the Talent Gap: Global Survey on IT and HR trends and challenges

"Enterprise-Proven" is the Prerequisite for Enterprise SaaS Portal Solutions

AT&T Synaptic Storage as a Service. Expand on demand

Trend Micro ranked #1 against real-world malware. Read more.

Webinar: Jump-start your in-house e-discovery with Ringtail QuickCull from FTI Technology

Top Five CIO Challenges

Read the RSA report: Security for Business Innovation

64-page prescriptive guide to security, compliance, and IT operations.

Increase UPS efficiency without sacrificing protection.

eZine: A Roadmap to Reducing IT Complexity

Reduce risk, gain agility. See how Progress can help your business.

Virtualization Technology as a Business Solution

eZine: A Roadmap to Reducing IT Complexity