Federal Judge Silences Defcon Presenters

http://news.cnet.com/8301-1009_3-10012612-83.html?part=rss&subj=news&tag=2547-1_3-0-20

Smooth move. Now instead of allowing a low-key presentation, this has become huge news and made thousands of more people aware of it. Oh, and the presentation slides and other information has already managed to find they're way out to the internet.

It's sort of unsettling that this went through though. Free speech and all...

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

Vogon Poet

Thanks for the post dynamik. Very interesting. Sounds like the MBTA will be attracting some unwanted attention.

snadam

dynamik wrote:

http://news.cnet.com/8301-1009_3-10012612-83.html?part=rss&subj=news&tag=2547-1_3-0-20

Smooth move. Now instead of allowing a low-key presentation, this has become huge news and made thousands of more people aware of it. Oh, and the presentation slides and other information has already managed to find they're way out to the internet.

It's sort of unsettling that this went through though. Free speech and all...

good read. It just seems that they didn't want people "exploiting" their bad design more than anything...shame. I would have turned it around and pad for their services to fix it...

JDMurray

Well, the lawyers really screwed this one up. They restrained the MIT "hackers" from presenting their materials at Defcon 16, but the materials they sought to repress are a matter of public record, so a reporter working on the story--and NOT covered by the restraining order--presented for them instead. There should be blog articles and news postings about this almost immediately.

I'm at Defcon 16 now, and I didn't see the subway presentation, but there was quite a bit of buzz about it. It may have been at the same time as Dan Kaminski's excellent talk about the new DNS poisoning attack he discovered. He gave an excellent talk about how DNS is exploitable, and since practically everything running on the Internet uses DNS, the whole Internet is basically screwed. And not even the use of SSL can save us from this one. Far more thrilling than a hack for riding the Boston subways for free.

shednik

JDMurray wrote:

I'm at Defcon 16 now, and I didn't see the subway presentation, but there was quite a bit of buzz about it. It may have been at the same time as Dan Kaminski's excellent talk about the new DNS poisoning attack he discovered. He gave an excellent talk about how DNS is exploitable, and since practically everything running on the Internet uses DNS, the whole Internet is basically screwed. And not even the use of SSL can save us from this one. Far more thrilling than a hack for riding the Boston subways for free.

Did he use the same slides that he posted on his blog from black hat?

JDMurray

Yes, these are the slides he used: http://www.doxpara.com/DMK_BO2K8.ppt

dynamik

Looks like the judge let this slide: http://yro.slashdot.org/yro/08/08/19/1848245.shtml

JDMurray

"Second, the MBTA couldn't prove the students had caused at least $5,000 damage to the transit system."

A lot of these hacking cases requires proof that actual damages quantifiable in dollars has occurred. Just saying that the public disclosure of the information presents a real an imminent threat is like saying anyone buying a gun is automatically guilty of attempted murder. Intent still needs to be proven, if not tangible damages, before the act is considered to be a crime.

supertechCETma

Judge lifts MIT students' card-hacking gag order

In a ruling certain to be cheered by computer researchers, a federal judge here Tuesday let the 10-day-old gag order expire. U.S. District Judge George O'Toole Jr. refused to grant a preliminary injunction requested by the Massachusetts Bay Transportation Authority that would have blocked the students from talking about their findings until January 1, 2009.

Judge O'Toole said he disagreed with the basic premise of the MBTA's argument: that the students' presentation was likely a violation of the Computer Fraud and Abuse Act, a 1986 federal law meant to protect computers from malicious attacks such as worms and viruses.

Despite the First Amendment implications of the case, O'Toole made it clear he intended to steer clear of the Bill of Rights. "I appreciate the breadth of views of others," he said, "but my views are considerably more limited." (Federal judges generally try to avoid constitutional issues if the dispute can be resolved by interpreting the text of a statute. In this case, it was a 1986 law that he decided didn't properly apply in this case.)