Charlie Card hacking talk Barred

Judge orders halt to Defcon speech on subway card hacking
Posted by Declan McCullag

(snip)
LAS VEGAS--A federal judge on Saturday granted the state of Massachusetts' request for an injunction preventing three MIT students from giving a presentation about hacking smartcards used in the Boston subway system.

The undergraduate students were scheduled to give a presentation Sunday afternoon at the Defcon hacker conference here that they had said would describe "several attacks to completely break the CharlieCard," an RFID card that the Massachusetts Bay Transportation Authority uses on the Boston T subway line. They also planned to release card-hacking software they had created.

U.S. District Judge Douglas Woodlock on Saturday ordered the students not to provide "program, information, software code, or command that would assist another in any material way to circumvent or otherwise attack the security of the Fare Media System." Woodlock granted the MBTA's request after a hastily convened hearing in Massachusetts that took place at 8 a.m. PDT on Saturday.
(snip)

(snip)
The Electronic Frontier Foundation, which is providing legal assistance to the defense, is planning a press conference at Defcon at 2 p.m. PDT. The students' talk was pulled from the schedule after an EFF lawyer recommended that they not give it, a Defcon spokeswoman said.


The MBTA, which is a state government agency, claims that "disclosure of this information will significantly compromise the CharlieCard and CharlieTicket systems" and "constitutes a threat to public health or safety."
(snip)

(snip)
Also released as part of the public record was a document marked "confidential" and written by the researchers that explains exactly how the Charlie cards can be cloned and forged. "Our research shows that one can write software that will generate cards of any value up to $655.36," the document says.

The document also discusses the lack of physical security at the MBTA. "Doors were left unlocked allowing free entry in many subways," the document says. "The turnstile control boxes were unlocked at most stations. Most shocking, however, were the FVM control rooms that were occasionally left open.
(snip)


http://news.cnet.com/8301-1009_3-10012612-83.html?part=rss&subj=news&tag=2547-1_3-0-20

The MBTA, which is a state government agency, claims that "disclosure of this information will significantly compromise the CharlieCard and CharlieTicket systems" and "constitutes a threat to public health or safety."

Uhm...

No.

The problem is, that the CharlieCard is significantly compromised, and killing the messenger is cheaper than actually fixing the problem.

But now, instead of these guys giving their lecture and demonstration, someone will quietly figure it out on their own and keep their exploit a secret.

or I should say sillier than that. It isn't much of a secret this style hack has been known for months, there's already 'script-kiddie' level tools out there.

So by stopping this lecture all they are doing is censoring these people at this one event, the info is already out in the wild.