Boston Subway System Stops Defcon Talk; But Paints Security Target On Its Back
from the yeah,-that'll-work dept
You would think after years and years of it backfiring every time some scared organization tries to shut down a talk concerning their security vulnerabilities, that people wouldn’t even bother any more. But never underestimate the short-sightedness of some execs. The Massachusetts Bay Transportation Authority uses a magnetic strip card system to access the subway system in Boston. That system is not particularly secure, and some enterprising MIT students planned to demonstrate just how weak the security was on the system this weekend at the Defcon conference… until the MBTA convinced a judge to ban the presentation and demand that all copies of the presentation not be released — which is problematic since all attendees at the conference already obtained CDs with a copy of the presentation. Also, somewhat ironically, a copy of the presentation was entered in as evidence in the case, and that copy is now publicly available as part of the court records system. Oops.
Of course, even if the court had actually been able to stop the distribution of the presentation, it’s silly to think that this would have stopped the dissemination of the methods for hacking the system. The truth is that the MBTA’s system uses woefully weak security, and rather than doing anything to strengthen it, it has to threaten some bright MIT students and get a court order to pretend the such security vulnerabilities don’t exist. And, of course, in doing this, all the MBTA has really done is painted a huge target on its back. Perhaps it should have just focused on making its system a bit more secure instead.