when you can just sue people and pretend the problem does not exist.

Paris because she loves a good fixing

A correct action - "A Dutch judge rejected the request.", good for dutch! Any corporation that skimps in security should be responsible. It is not that it is difficult, expensive, or whatever, especially today, we have a technology for security, just don't go and buy from next guy who promises free air-miles or whatever perks, design it if you need it! Security is NOT a product, tool or toy - get real! The more the failures in security and other areas in IT are published, the better. It is not just RFID cards, look around - the corporations are slacking instead of working.

It doesn't make any sense to go around failing suits when the problem is in own house. A tiring subject - comes out more and more. I hope that MIT, etc fights this - there are problems and they have to be found. Lately it seems that corporations are not taking the business seriously - and the security is not the only one!

Maybe some of these authorities should think about taking action against the vendors of supposedly "secure" systems, mentioning no names, rather than action against the people who discover that the systems are insecure...

In a parallel story, lawyers acting on behalf of the king filed for an injunction preventing a small boy from publishing a revealing paper. In this paper, the small boy analyses the "Fine New Clothes" range, finding that far from providing the king with protection from the elements, these new clothes give no protection whatsoever, and that even a light shower will result in the king being wet through.

A spokeseman for the king issued a statement: "The grand parade has been organised to show the Fine New Clothes, provided to the king by A. Charlatan and co. which are clearly a central component. This mendacious attempt by a subversive individual to undermine the parade must be resisted, and the king will take all necessary steps".

There is an IT angle, but the story really is nothing new - it's just that nowadays the king sometimes get away with it.

Release it on Sourceforge.

Fuck 'em.

the transit system in my city is subsidized by the taxpayer around 40 percent. There's and old saying, taxpayer's money=nobody's money. For sure, it's nobody's money the way they waste it. The wrong people are being sued. I'm glad tokens are still used over here.

Sounds to me like the students were simply baiting the agency and that action finally got a response. Starting the paper with an invitation to illegal action is not the brightest idea. I suspect they were just out to get your attention, but it still was a childish comment.

Let the courts have their say, it doesn't matter. Data gets leaked all the time and if this is a true exploit sooner or later real crooks will use it and that will be that.

As far as the students..... If you're going to be dumb; you better be tough.

I know there are important issues at stake here but "ridership"? Did I have to be forced to see such a horrible word .... yours, cancelling subscription etc

I'd never heard of it, until now. Time to dust off those "diagnostics" programs? :D

'nuf said

"We have no intention of releasing details that would allow someone to replicate the attacks that can be done."

Why the hell not? Public transport *should* be free. Don't see cartards directly paying for the use of the roads.

...for the MBTA (known locally simply as “the T”) anyway.

In light of the Mifare incident, there's a good argument that much of information they're likely to present is already public knowledge. Then there's that pesky first amendment to the US constitution - you know, the one that guarantees freedom of speech – that the T's lawyers will have to somehow argue their way around. They'll have to argue that security by obscurity trumps freedom of speech. However, that dog doesn't hunt unless that speech can create a situation that puts public safety at risk. The classic example of this is yelling 'fire!' in a crowded theatre or nightclub. I doubt that they can come anywhere near that standard here.

I wouldn't be too worried about MIT and it's undergrads here. The suit is *alll* about pin headed high level transit authority bureaucrats – who, not coincidentally, are appointed by the Governor in that state – trying to cover their collective backsides.

As for the T being any kind of a business, it's not. It's a state authority, created by an act of the legislature of the Commonwealth of Massachusetts, and is subsidized by state taxes, as well as by levies paid by the taxpayers of the cities and towns it serves. To my knowledge, its revenues have never exceeded its operating costs. Any “losses” they might incur from the dissemination of this type of information would simply be made up by Massachusetts' taxpayers - who will, quite reasonably, ask “WTF did you tw@ts implement a system with security holes big enough to drive a bus through!??” Or a close approximation of that, in tone and meaning.

As for you MIT students: polish up your resumes guys! The T will be letting a consultancy contract on this stuff very soon. People will be calling you waving money. Be sure to ask for an outrageous sum - you only get one chance per contract - and you don't want the regret of having asked for too little.

This should be fun to watch.

I support the MIT students, and if there is a legal defense fund for them, I will contribute. Massachusetts Bay Transit Authority (MBTA) is an ostrich with their heads stuck up their asses. It is a state government organization being most likely union run and mafia-infected, so this approach of hiding the truth is a no surprise.

Look at their "About MBTA" (www.mbta.com) and access their financials. It states the following: "The documents contained in this section make "forward looking statements" by using forward-looking words such as "may", "will", "should", "expects", "believes", "anticipates", "estimates" or others. You are cautioned that forward-looking statements are subject to a variety of uncertainties that could cause actual results to differ from the projected results. Those risks and uncertainties include general economic and business conditions, receipt of funding grants, and various other factors that are beyond our control. Because we cannot predict all factors that may affect future decisions, actions, events, or financial circumstances, what actually happens may be different from what we include in forward-looking statements."

You think that means a forward-thing organization that wants to do things correctly? No. The only forward thing is covering their butts legally and intimidate through the courts.