Judge approves TRO to stop DEFCON presentation

David G. Koontz david_koontz at xtra.co.nz
Sat Aug 9 22:31:50 EDT 2008

Jim Youll wrote:
> these have been circulating for hours, but they are content-free title
> slides...
> On Aug 9, 2008, at 7:38 PM, Ivan Krstić wrote:
>> On Sat, 09 Aug 2008 17:11:11 -0400, "Perry E. Metzger"
>> <perry at piermont.com>
>> wrote:
>>>    Las Vegas - Three students at the Massachusetts Institute of
>>>    Technology (MIT) were ordered this morning by a federal court
>>>    judge to cancel their scheduled presentation about vulnerabilities
>>>    in Boston's transit fare payment system, violating their First
>>>    Amendment right to discuss their important research.
>> <http://www-tech.mit.edu/V128/N30/subway/Defcon_Presentation.pdf>

There's also the synopsis as an exhibit to the case found in the Wired
article.  Note the recommendations for corrective action are familiar from
the  previous reported weaknesses to the MIFARE system.

DefCon: Boston Subway Officials Sue to Stop Talk on Fare Card Hacks --
Update: Restraining Order Issued; Talk Cancelled

Vulnerability Assessment of the MTBA System (Exhibit 1 to Case

A report on the Dutch Public Transit Card:

Recently updated Dutch information by Andy Tanenbaum:

The fellows at Raboud University Nijmegan:

(Where we'll probably be able to find the Esorics 2008 presentation.
'Dismantling MIFARE Classic', in October.)

I'd imagine there is sufficient information available to replicate the
attack, there's info on the MIFARE Classic cryptographic algorithm.


Algebraic Attacks on the Crypto-1 Stream Cipher in MiFare Classic

Security Evalution of the disposable OV-chipkaart v1.7  updated 13 April 08
(which has a description of the memory structure found on the cards as well
as a lot of useful protocol information.)

And the Translink Netherlands report on why disclosure doesn't matter:
(translation: security through obscurity? still obscure enough)

And of course we've seen the Raboud video link found on Youtube:

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list