- Windows HPC hits top 10 among supercomputers
- Ruby on Rails rolls into the enterprise
- Mobile phone chargers are energy vampires
- 10 IT security companies to watch
- Researchers getting the lead out of electronics
A federal judge in Boston will decide on Tuesday whether to extend or let expire a restraining order enjoining three students at MIT from publicly speaking about security flaws they discovered in the electronic fare-payment system used by the city's mass transit agency.
The 10-day gag order was imposed by another judge on Aug. 9, one day before the three students were scheduled to detail the flaws in a presentation at the Defcon hacker convention in Las Vegas. The order was issued in response to a motion by the Massachusetts Bay Transportation Authority (MBTA), which sued both MIT and the students, claiming that they hadn't given it enough time or information to assess and mitigate the vulnerabilities.
The agency argued that the presentation would cause "significant damage to the MBTA's transit system" by describing a variety of techniques that could be used to ride for free ? for instance, by adding fares to the MBTA's smart cards and electronic tickets without paying for them.
The Electronic Frontier Foundation, a high-tech civil rights group that is representing the three students, last week filed a motion asking U.S. District Judge George O'Toole to lift the restraining order, which the EFF said violated the students' First Amendment rights to free speech. But O'Toole, who will preside over Tuesday's 10:30 a.m. EDT hearing, refused to lift the order and instead asked the three students to submit additional information related to their research, as requested by the MBTA.
Among the arguments that attorneys at the EFF are likely to make for lifting the order are the following:
Much of the vulnerability information is already in the public domain and common knowledge within the security community. The slides that the students put together for their aborted Defcon presentation were included on a CD given to Defcon attendees and have been posted online. And the MBTA itself released many of the details in a court document as part of its lawsuit against the students.
The three undergrads, who discovered the security holes in independent penetration tests that they did as part of a class project, have repeatedly assured the MBTA that they won't publicly disclose the level of detail needed for anyone to actually take advantage of the vulnerabilities.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (1)
Security by obscurityBy Zeeshan Ali Shah on August 20, 2008, 5:45 amGreat example of "Security by obscurity" . Why not transport company funds MIT students to fix that bug. I donot know what this type of verdict try to secure .....
Reply | Read entire comment
View all comments