News Defcon: 'Subway Hack' talk gagged

[CardJoe]

http://www.bit-tech.net/news/2008/08...-talk-gagged/1

A presentation demonstrating major security weaknesses in the MiFare Classic-based CharlieCard RFID system has been gagged via court order this weekend.

[liratheal]

While I could understand if the Transit Authority chaps wanted to round-file this presentation for the sake of the system not being abused by people that way inclined, aren't they likely to lose more money though legal fees than they would if this was just ignored?

It's not like Defcon presentations are going to make huge news - I doubt if anyone would bother picking the story up if there weren't any legal goings on.

[Mentai]

So whats the security compromise? If it's just using the subway for free, this is a big over reaction. If you can do something more, I don't think it should be made public in anyway except that there is a compromise, and the students could go on their payrole to help fix it?

[liratheal]

Quote:

Originally Posted by Mentai

So whats the security compromise? If it's just using the subway for free, this is a big over reaction. If you can do something more, I don't think it should be made public in anyway except that there is a compromise, and the students could go on their payrole to help fix it?

Flicking through the slides it seems to be more focused on how easy it is to defraud the system and, as one of the slides puts it, 'get free subway rides for life'.

The warcart picture I've seen is hardly.. Subtle, though.

[TreeDude]

Even with the info on the net, it is only going to be a few people who actually use it for free rides. They should just use the info to fix the hole and move on.

[DXR_13KE]

with this they have taken a spotlight the size of the moon and pointed it to the flaw, that is great thinking guys!!!

[seanap]

http://www-tech.mit.edu/V128/N30/sub...esentation.pdf

*nudge nudge*