Aug 14 2008

MBTA exposed more than the talk would have

Published by at 3:20 pm under Government,Hacking,Simple Security

It’s funny, I overheard the students who were researching the MBTA vulnerabilities say this at Defcon: By placing the initial report in the court documents, the MBTA was releasing more information than would have been shown in the presentation itself. They’d planned on keeping some of the information that had been in the report to keep people from making their own passes, or at least slowing down the effort. What I hadn’t realized at the time was that Jennifer Granick from the EFF has warned the MBTA of this and they went ahead with it anyways. They ignored her warnings and published the final keys needed to take the talk from theoretical to possible.

Not that this temporary restraining order was all that effective in any case. The presentation slides had already been distributed to more than 7000 attendees with the Defcon DVD. Rumor has it that the entire preso with the missing checksum information had alreay been sent to the Full Disclosure list. And a presentation that would have been well attended suddenly became important news for weeks to come. I think they call that the “Streisand Effect”.

Some people never learn.

[Slashdot] [Digg] [Reddit] [] [Facebook] [Technorati] [Google] [StumbleUpon]

One response so far

One Response to “MBTA exposed more than the talk would have”

  1. Security4allon 15 Aug 2008 at 4:14 pm

    Yep, based on Barbara.

    The Streisand effect is a phenomenon on the Internet where an attempt to censor or remove a piece of information backfires, causing the information to be widely publicized. Examples are attempts to censor a photograph, a file, or even a whole website, especially by means of cease-and-desist letters. Instead of being suppressed, the information sometimes quickly receives extensive publicity, often being widely mirrored across the Internet, or distributed on file-sharing networks.

    A lot of people (or corporations) don’t know about this. They should because this backfires every time.

    The slides from the replacement talk are online too (from Brenno De Winter) on the OV card in the Netherlands

%d bloggers like this: