Gagging order in place
Last modified on Tuesday, 19 August 2008 04:20
Three college students who discovered a way to hack into the Boston subway system's payment cards and add hundreds of dollars in value to them were ordered by a court to shut up about it.
A federal judge in Boston kept in place a temporary restraining order preventing the Massachusetts Institute of Technology students Zack Anderson, R.J. Ryan and Alessandro Chiesa from spilling the beans about the security holes they found. Next week a judge will decide if the restraining order should be lifted altogether or modified to cover only "nonpublic" information. This is because details of the hack have already been made public on the internet.
The Boston Transport Authority sued the students and won a restraining order after the agency said it needed time to fix the problems. Judge George O'Toole Jr. also ordered the students Thursday to turn over more information about their findings, including a report they submitted to their professor, cryptography pioneer Ronald Rivest, and computer code they planned to release as part of their presentation.
The students argue they gave the transit agency shedloads of time to sort out their flaccid security before the talk and anyway they were going to keep secret the details of how they cracked a key security feature that protects against some of the breaches they describe.