Here's a good reason to secure your wireless internet. Hari Balakrishnan and Samuel Madden have been helping themselves to your WiFi to collect traffic data, a lucrative commercial field. They've been doing it for more than a year, rather than pay for internet connectivity like everyone else.
The Globe reports that Frank Wilczek, a Nobel-winning physicist at MIT, has been getting death threats because he's publicly said he doesn't think the world will actually end tomorrow when Europeans turn on the world's largest particle collider.
Wilczek is discussing his new book, on the latest advances in physics, tonight, at the Harvard Bookstore.
So they won't be needing a sign like this one (on a state office building in Montpelier, Vt).
Steve Nadis reports on his smashing meeting with an MIT bicyclist at Mass. Ave. and Memorial Drive.
Associated Press reports they can now talk about their own documents, the ones the MBTA put into the public record, on insecurity at T stations and with the CharlieCard and CharlieTicket system.
Via Dave Wieneke.
Electronic Frontier Foundation: The Court found that the MBTA was not likely to prevail on the merits of its claim under the federal Computer Fraud and Abuse Act.
Dan Kennedy: [N]ot much of a victory for the First Amendment:
... It makes a mockery of the principle that prior restraint is to be reserved only serious issues of national security, obscenity and incitement to violence.
This Globe story is a decent enough, if largely repetitive, background piece on those three MIT students and the MBTA. Reporter Michael Levenson actually talked to one of them - even if mainly to reveal the guy's been playing with computers since fourth grade and likes doing uber-geeky stuff.
But the headline is: T hacking exposes a deeper clash
What clash has been laid bare here? I think it might be the reference, way, way down in the story, past the recap of the whole incident, to the three types of hackers: "White hat" hackers, "Black hat" hackers and "gray hat" hackers, who are sort of the Snapes of hackerdom.
Only thing is, that's not new and there's no clash of ideas over the point in the story, unless you count a mild comment from an "old" hacker (dude was hacking way back in the 1990s) about how he can see how the T might not like being hacked.
Here is the T's latest filing in its effort to shut up those three MIT students. And here is part of the T's arguments to force the students to tell all:
It is unlikely that Professor Rivest would award an "A" for the work represented in the Report and the Presentation, indicating that additional sensitive materials exist in the possession of the Individual Defendants. The MBTA notes that the Individual Defendants have been unwilling, to date, to produce the "A" paper they prepared for Professor Rivest.
But keep reading the brief, down to the part where the T argues the students have forfeited their First Amendment rights, in part because their talk was "commercial speech" and in part because they were planning on giving their talk to a convention of hackers (and also computer security experts, most of whom probably aren't working for the MBTA), and that alone shows how they would have incited illegal activity. The T also cites as proof a photo the students took of an MBTA networking switch - without noting that the students were able to take the photo because the T failed to lock the room at Park Street where the switch was located.
The T got its temporary restraining order extended to at least Tuesday.
Janice Loux distributes a report by those MIT students, calls for an external audit, the Globe reports.
EVIL MIT HACKER steathily infiltrates the T with EVIL MIT HACKER SHOPPING CART (Source).
In focusing on the OMG EVIL MIT HACKERS angle (but also, to give them credit, the First Amendment/prior restraint angle), the media are completely overlooking the first part of the students' presentation, which discusses how easy it is to get on the T for free without using EVIL MIT HACKER WAREZ, such as, for example: Walking through unattended Charliegates and Green Line rear doors, looking through the windows in those high-tech all-seeing security kiosks, walking into unlocked rooms at Park Street that house switches connecting Charliegates to the MBTA network, etc. In case you missed it, Kaz has more.
For some reason, Dan Grabauskas doesn't seem upset about this, or maybe reporters just aren't asking him about it, because it's not as sexay as OMG EVIL MIT HACKERS or they haven't actually read the presentation themselves, or both.
Wired reports the T wants to stop three MIT students from giving a talk at a hacker convention this weekend on their efforts to crack the CharlieCard system.
The transit authority, known as the MBTA, is also seeking to prevent the students from "publicly stating or indicating" that electronic passenger tickets used on the transit system have been compromised until the MBTA can fix security flaws in the system. It further seeks to bar the students from releasing any tools or providing any information that would allow someone to hack the transit system and obtain free rides.
A hearing is scheduled for 11 a.m. in U.S. District Court in Boston on the T's request for a temporary restraining order to keep Zack Anderson, RJ Ryan and Alessandro Chiesa from giving a talk at the DefCon conference in Las Vegas on Sunday on The Anatomy of a Subway Hack: Breaking Crypto RFID's and Magstripes of Ticketing Systems:
In this talk we go over weaknesses in common subway fare collection systems. We focus on the Boston T subway, and show how we reverse engineered the data on magstripe card, we present several attacks to completely break the CharlieCard, a MIFARE Classic smartcard used in many subways around the world, and we discuss physical security problems. We will discuss practical brute force attacks using FPGAs and how to use software-radio to read RFID cards. We survey 'human factors' that lead to weaknesses in the system, and we present a novel new method of hacking WiFi: WARCARTING. We will release several open source tools we wrote in the process of researching these attacks. With live demos, we will demonstrate how we broke these systems.
Human factors? So they managed to sweet-talk some T employees to inadvertently help them out.
Anderson told the Register the trio initially contacted the T to offer their help in fixing the vulnerabilities and that they weren't planning to release specific enough details to let somebody else replicate their feats.
JPBeat photographs an only-at-MIT happening:
In addition to great bike-paths, the MIT campus provides generous right-of way for freight trains. My son and I watched this CSX engine 6241 pull a load of shredded scrap metal and refrigeration cars through the campus last weekend. A few cars, including a police cruiser, ignored the flashing Railroad Crossing lights and bell. ...
Note to Harvard folks: Locked-down campus wifi unavailable to visitors doesn't make you any friends in this discussion.
One guess what the author of that review of John Silber's harangue about new buildings at MIT and Harvard thinks about former BU strongman Silber's own fleet of new buildings across the river.
... Is he angry that his 13 million square feet have risked nothing, aspired to nothing and achieved no glory for the institution he led for so long?
He ought to be.
Via Geoff Edgers.
Leslie Turek reports she worked with one of the original card counters (she was his supervisor, in fact):
Dave Alpert requests the city of Cambridge get its act together and figure out how many lanes go in which direction on Mass. Ave. near the Charles before somebody fails "this MENSA field sobriety test."