CIO Symmetry

A SearchCIO Small Business blog

» VIEW ALL POSTS Aug 21 2008   12:06PM GMT

Subway fail, Freedom fail



Posted by: The Weave
Tags:
CIO
Hacking
Midmarket CIO

Two weeks ago three MIT students were forbidden by a judge to give a presentation on how susceptible Boston’s subway fare system is to fraud.

Now another judge has allowed them to give the presentation. The problem is said presentation was scheduled for a hacker convention held two weeks ago. Funny how that works out.

Last week I commended the three students for their work and blasted the Massachusetts Bay Transportation Administration for its consistent incompetence in all matters related to running a transportation system.

But I also called one of the students out as being a bit bratty and self-important.

I’ve changed my mind. It’s a judge and an agency chief that deserve my ire. They are the ones who failed to do their jobs.

At 21, student Zack Anderson has been blasted at by a free-speech hating judge and sued by a financially-troubled public transportation agency, the same one that tried to hand executives 9% pay raises last week.

Now U.S. District Judge Douglas Woodlock’s ruling has been reversed and the MBTA – headed by general manager Dan Grabauskas – is admitting that the CharlieTicket can be hacked.

About 70% of MBTA riders use what’s known as a CharlieCard, which the students say can be cloned. Others use the CharlieTicket, which can be compromised to add value to. That appears to be the easier of the two hacks and the one the MBTA admits can be pulled off.

It only took a few days for both of these men to be proven wrong. There were some concerns voiced along the way that the prior restraint exercised by Woodlock would have a chilling effect on security research. But it has been pretty clear from the start that the students did nothing wrong and Woodlock’s decision would not stand. It just needed to stand long enough to keep them off the stage at the conference.

Media watchdog and Boston-area blogger Dan Kennedy took time out last week to quickly chronicle Woodlock’s history of First Amendment trashing.

And Grabauskas? This has been embarrassing all around for the MBTA. The students’ planned slide presentation was techy, to be sure, but it also featured photos of open doors, unmanned computer banks and unlocked padlocks from around the MBTA system.

Now the MBTA has changed its tune and claims to want to meet with the students to work toward fixing the gaping security holes in the fare system. As if Anderson and company area supposed to suddenly go all sweet on the same folks who just sued them.

In a statement quoted by the The Boston Globe, Grabauskas said that “my invitation to the students to sit down with us and discuss their findings. A great opportunity now presents itself.”

As a Massachusetts taxpayer and MBTA customer, Anderson owes me nothing. Publishing proof that it is way too easy to rip off the MBTA was pro bono work in the first place.

This kid worked his way into MIT and then managed an ‘A’ for his MBTA hack work. That stuff isn’t easy and it is legions beyond taking a few SQL classes.

A suggestion for Anderson, one he surely has already thought of: Shake Grabauskas’ hand,. Look him square in the eye. Name your price.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: