Shocking news: The RFID fare card system that the Massachusetts Bay Transportation Authority (MBTA) uses on its buses and subway is totally hackable.
This past weekend, three Massachusetts Institute of Technology (MIT) students (Alessandro Chiesa, RJ Ryan, and Zack Anderson) were supposed to deliver a presentation at Defcon, a hacker conference in Las Vegas, about how they hacked the MBTA’s “Charlie Card” fare card system. They created software that allowed them to create clones of the RFID cards that could allow them to ride for free on the transit system forever.
They made one mistake. Before delivering their presentation, they met with MBTA officials to warn them about the transit system’s insecurity and to offer tips on how to protect it. The MBTA responded by seeking and winning a court injunction, preventing the students from presenting their findings.
However, the injunction didn’t come through until after the students had already distributed copies of their PowerPoint presentation to all Defcon attendees. Those slides are now available online via The Tech, MIT’s student newspaper.
The slides reveal some very disturbing but unsurprising pieces of information. For instance, the turnstile control boxes in Boston’s subway stations are often unlocked and wide open. High-tech surveillance stations are often left unattended (I’ve seen this myself many times at the Back Bay T station.). Official MBTA materials, such as MBTA inspector coat patches, MBTA hats and MBTA license plates are available on eBay. The students were even able to find an unlocked room where the network switches that connect fare card vending machines to the MBTA’s internal network are located.
Was the MBTA trying to get hacked? Look at the photographs and see for yourself.
This should come as no surprise. After all, this is an organization that is running a $75 million deficit, despite a 27% fare increase in January 2007 and a 6.1% increase in ridership during the last fiscal year. Does anyone expect them to run a tight ship?
Any organization in Boston should be on its toes at all times. MIT is known for its hacking hijinx. Just look at the school’s own website, where you can find a gallery of Interesting Hacks to Fascinate People.
Last Friday, I held a conference call with a small group of network engineers to discuss some of their job challenges and interests. One topic that came up was the challenge of managing people in a technical job context. Someone recommended that we all check out a blog called Rands In Repose.
So today, I spent the better part of my afternoon reading some of the various essays on the blog, including The Nerd Handbook and a promo for his book, Managing Humans. I found out that I, along with many of my friends and co-workers, suffer from N.A.D.D.
It’s good stuff, and I’ll now share the recommendation with you as well. I just ask that you keep The Network Hub open in a separate browser tab; you’ll probably need to do that anyway if you have N.A.D.D. too.
|“The disappointing thing is there should be more ports, considering it’s so much larger on the inside.”|
> View all our IT Guy cartoons on SearchNetworking.com.
There’s one vendor out there who is poised to challenge Cisco Systems’ dominance in the data center networking market. No, it’s not Juniper with its new line of EX switches. ProCurve Networking by HP is strong, but it doesn’t have the high-end core switches that Cisco can now boast with its Nexus family of switches.
No, the real challenger to Cisco might just be a storage networking vendor: Brocade.
Brocade announced Monday night that it has reached an agreement to buy Foundry Networks for $3 billion. The new company formed by this merger will feature Brocade’s industry leading storage networking technology and Foundry’s line of high-end service provider and enterprise class data center network switching technologies.
Brocade had already signaled its intention to challenge Cisco in the data center when it unveiled its new DCX Backbone switch last January. This chassis-based switch supports 8 Gbps Fibre Channel and emerging converged Ethernet technology. Also known as data center Ethernet, converged Ethernet holds the potential to carry all forms of data center traffic on one fabric. Instead of having separate networks for storage and for servers, companies can have one unified fabric and one set of network devices to provide connectivity in their data centers. Several standards must be ratified before this technology becomes widely available to the market, but Brocade isn’t the only vendor to invest in it early. Cisco’s new Nexus switches also support converged Ethernet. Both Cisco and Brocade have signaled that this technology is the future of data center networking.
But Brocade’s expertise and breadth of offerings in Ethernet technology doesn’t extend very far beyond it’s DCX product. That’s where Foundry comes in. Established in 1996, Foundry has a reputation for building high-density core data center switches favored by very large enterprises, service providers and Internet-class companies. Foundry lists companies such as AT&T, Google, Yahoo, Apple, Discover, Citigroup, Wachovia, AOL, Ticketmaster, MorganStanley and the U.S. Internal Revenue Service as its customers.
With the Ethernet switching expertise of Foundry, Brocade now appears ready to stake out a solid number two position in the data center networking market. A lot will depend on how well Brocade absorbs Foundry. That will take some time. Cisco isn’t exactly shaking in its boots today, but it will have to stay on its toes.
In this video, Feng Meng, solutions manager from Cisco data center, gives a quick tour of WAAS 4.1, which incorporates ease of deployment, application-specific acceleration, branch-ready video delivery capabilities, and flexible branch services delivery through virtualization capabilities.
“In homes, a haunted apparatus sleeps,
that snores when you pick it up.
If the ghost cries, they carry it
to their lips and soothe it to sleep
with sounds. And yet, they wake it up
deliberately, by tickling with a finger.”
Who knew that the end of my last post would be a prelude to my time at Burton Group Catalyst Conference last June. I ended up unknowingly booking at a haunted hotel! (“In [hotels] a haunted [Tessa] sleeps…”)
And I’m not one to believe in ghosts, but the Travel Channel, hotel maids and several newspapers insist there is a presence of an other-worldly being at The Horton Grand Hotel — in the room next to where I stayed.
Though I didn’t end up seeing the so-called “roger the lodger” (the name of the mostly-friendly ghost), the other form of ghosts (described in the poem) did a bit of their own haunting…
Santos said “You can work from anywhere on earth and you can access just about anywhere on earth, [but] there are implications that go along with that.”
The implications were listed in Santos’ consequences of pervasive mobility: The first one being “the organization effect” where instead of ndividual knowledge we now have the ability to share knowledge across a group; knowledge is easily transferred from the individual to an organization. The second consequence was “message bloating:” One thought suddenly spawns many messages. Then came what Santos called “royalty syndrome:” Once a client or manager had your number they could call you at any time to ask you to work for them now. The last notable consequence was “total serfdom.” Santos said that “people have to have their devices.”
The last two consequences of mobility I find particularly vicious: If you have to have your device, then you consequently have to receive calls from your boss asking you to work for them then, which means you’re never fully away from work.
There were, of course, positives to having pervasive mobility. For instance, Santos said “there’s remote-ability, accessibility … and the ability to extend organizations,” which can not only save organizations, but also save individuals commuting fees.
Do these positives outweigh the negatives, though? In this information age, we are experiencing information overload — which is almost as bad as no information at all.
Worse still is the idea that “we’re leashed on a wireless leash,” said Santos.
This concept of a “wireless leash” is something even the general public feels the weight of. Take Jonathan Clare, for instance in his blog post on humans complicating their lives with technology:
“Cell phones are probably the most handiest and intrusive technology today. They are life savers when you need them, and they create stress when you don’t. You are always reachable… always. This leaves little space for privacy.”
What’s really unnerving is that people attached to their devices and computers all day and night are finding normal conversation difficult. “Live talk — conversation between real people — is awkward,” says Santos.
I can attest to this in my own experience when I work for prolonged periods of time by myself in my home office. I often find verbalizing thoughts extremely challenging. And human interaction isn’t made any easier when you realize it’s not acceptable to hold up a sign that says “BRB” — you have to figure out how to express your need to leave a conversation momentarily in a tactful manner. After a while you begin to forget what tact and acceptable exchange is.
I remember a person who would start a conversation, and midway through — without warning, excuse or farewell — would simply walk away. He did this with everyone he spoke to.
That loss of tact and respect was something Santos saw as a consequence of pervasive mobility: “We need to define a work in this culture of civility and respect … we’re losing these things.”
So how can we do this? Santos suggested we switch from pervasive mobility to pervasive civility. “Let’s not forget the human element,” he said. My personal suggestion is to start talking to people in the cubicle or desk next to you. Not IM — or, god forbid, text.
In Santos’ session synopsis he wrote: “Hammers will be given out at the end of the talk to destroy Blackberries, iPhones, and other mind-threatening paraphernalia that is ending life as we know it.”
They weren’t given out, but we were strongly urged through a march-like mantra to “turn off your mobile phones!” “turn off your devices!” “go to places where you don’t have service on the weekend.” — which was a tune I happily marched to, and have no qualms about singing now.
Those hoping for a major boost in IT budgets shouldn’t hold their breaths: Cisco CEO John Chambers said he doesn’t expect a sales rally for at least five quarters, sending the companies shares on a sharp tumble while stirring some grumblings that maybe it’s time to form a better succession plan to keep top talent.
As Reuters reports, Chambers’ results have been impressive:
Since Chambers took the CEO role in January 1995, Cisco has grown from a company with $1.2 billion in annual revenues to around $40 billion, as the expansion of the Internet fueled demand for routers and switches that direct Web traffic. Cisco also has been expanding into new areas such as online video.
However, his unusual longevity in the top spot might have spurred others to depart:
Analysts have speculated his retirement plan, or lack thereof, was behind the recent departures of strategy chief Charlie Giancarlo, who was widely seen as Chambers’ heir apparent, as well as No. 2 executive Mike Volpi and Jayshree Ullal. Ullal was a rising star who headed Cisco’s switching group, its biggest business.
Chambers addressed those concerns in the Reuters interview, saying he expected the top management spots to look very different in five years, both with new personnel and a new style of leadership. “The next CEO will probably be more a leader of a council than a ‘command and control,” he said, which would play off Cisco CTO Padmasree Warrior’s collaborative focus and Cisco’s “human network” strategy in general.
While it’s nice Chambers is taking the future seriously, not everyone was pleased with his plans: “If Cisco in fact takes a collaborative approach to the corner office, we believe they would have taken their management experiment a little too far and would expect more defections from the senior ranks,” wrote JPMorgan analyst Ehud Gelblum in a research note.
I promised to write more about Networkers, and here it is already almost two weeks later, and I haven’t followed through. For the moment, instead, I’ll share my personal videos from Orlando: One of the Peabody ducks, and two from the Journey cover band, Evolution, which performed at the Hard Rock Cafe during Cisco’s customer appreciation event — which, happily, media was invited to attend. I know it hasn’t much to do with networking, but network pros have to have fun once in a while, right?!
March of the Peabody Ducks:
Evolution — Oh Sherrie:
I got a chance to meet with the fine folks over at wireless networking vendor Colubris for the first time yesterday, and they were kind enough to give me a tour of their offices as well as explain some of their technology. Like most wireless networking vendors, they use a centralized controller to manage access permissions and hand offs, with what they say is an important difference.
The difference, Carl Blume, director of strategic marketing, and Tom Racca, vice president of marketing, said, is that Colubris avoids sending all the data traffic through the controller.
Instead, the controller first authenticates users on the wireless LAN, and then tells the acccess point (AP) how to route the data itself, which Carl and Tom said greatly cut down on the amount of redundant data flowing through the network. (They also said, like every other wireless vendor I have ever talked to, that they are the only ones who have solved 802.11n with standard PoE.)
Tom also relayed what I thought was an interesting story: Colubris access points can be set to work semi-autonomously, and if they get knocked offline they can be configured to automatically re-connect to the central controller. One school system, sick of APs wandering off, opened up a port in their firewall to let the devices reconnect even when they were out on the public Internet. Sure enough, a missing AP started phoning home, and the school was able to use the AP’s IP address to locate the missing access point … and arrest its thief.
We hear such “phone home” capabilities are going to become more common, and already stories of cameras and laptops photographing perps and posting their pictures are common. While maybe not a deal sealer, it’s certainly not bad as extra protection for devices that retail for $1000 and beyond.
Do you have any home phoning success stories?
|“Angelina looks cool, but a tattoo in binary would be so inefficient!”|
> View all our IT Guy cartoons on SearchNetworking.com.