Judge Still Keeps MIT Students Gagged Over Subway Hacking Presentation

from the keep-quiet dept

The EFF tried to get the gag order lifted off the three MIT students who had planned a presentation on how Boston's subway system was vulnerable to some hacks. However, a judge has left the gag order in place, saying that it will be discussed at a hearing next Tuesday. He also ordered the students to hand over more information.

There's been a long debate in the security community about what is proper "disclosure." There are some who believe that you should wait until a vulnerability is fixed before disclosing it, while others believe that only by disclosing it are people really motivated to fix the vulnerability. However, most of those debates haven't taken place in court -- so this particular case should be quite interesting for those who are involved in security research, no matter which side of the "disclosure" debate you fall on.

Filed Under: boston, disclosure, gag rule, hacking, mit, subway


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    nonuser, 14 Aug 2008 @ 7:18pm

    the

    I don't think these guys, or their advisor Prof. Rivest, should be getting a lot of credit here. When someone publishes an exploit for Windows, Oracle, or DNS, they can (and generally do) claim that bad guys could've figured out the same hack independently, and done untold damage without anyone realizing it. Of course, it's quite debatable whether public exposure of the flaw is justifiable, but at least there are two sides to the argument.

    With these subway cards, sure someone criminal mind could've figured out how to hack them, but how could they have monetized it on a scale to make it worthwhile? They would've had to set up a black market - at about $5 a shot - and hoped that none of their customers or prospects would snitch.

    That's perhaps why the MBTA didn't worry too much about making the system absolutely secure. They must've figured that a few people might quietly crack it and take advantage, but they could write that off as cost of doing business.

    Now it's different. Now, college kids and others might suspect that paying to ride the T is for chumps, like paying to buy recorded music. And the MBTA can't afford to give out free rides - their trains are packed these days.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.