New [GAS] Post: Hacking Boston’s Subways
The new post I wrote for GeeksAreSexy is about the MIT students who were legally gagged at DefCon from talking about vulnerabilities they discovered during a penetration test of Boston’s Subway System. I even link to the forbidden slide show that documents how the students were able to forge a farecard and dump a thousand bucks onto it, basically giving them unlimited rides.
What I was most upset about was the complete lack of physical security and the fact that whoever is supposed to be running security for the Massachusetts Bay Transportation Authority should be FIRED. They made a habit of leaving keys in locks where they could be copied and leaving doors wide open that should be locked. The threats this poses to the safety of the people of Boston could not be stressed enough.
Read the rest of the post at [GAS].