Oyster Card Hack To Be Released, In Good Time 246
DangerFace writes "A little while ago some Dutch researchers cracked the Oyster card, meaning they could get free public transport around London. The company that makes the cards, NXP, sought and got an injunction to stop the exploit being published, but that has now been overruled by a Dutch judge. The lovely Dutch blokes are holding off from releasing the hack for the time being, to give NXP time to secure their systems."
Key line (Score:5, Insightful)
While I have mixed feelings about the publishing of exploits, this line hits the nail on the head:
This is an important lesson to companies like Diebold.
Are they serious? (Score:5, Insightful)
So let me get this straight.
1. Researchers discover hole in Oystercard implementation.
2. Oystercard operator ignores warnings from researchers.
3. Oystercard operater takes researchers to court instead of working to fix identified vulnerabilities.
4. Injunction granted.
5. Injunction overturned.
5. Researchers continue to give Oystercard operator time to fix their system, in addition to the time they had prior to the court action.
Were I in their situation I would have publically released information on the hack the moment the injunction was overturned. If vendors of ANY type of system want to fuck with people who show every intention of trying to HELP them, they deserve everything they get.
Re:Key line (Score:5, Insightful)
I could be wrong, but I don't think the Diebold fiasco was ever officially denounced and called a bad thing. It got certain people in office and kept others in. I think the powers that be would consider that a rousing success.
Re:let em release it (Score:5, Insightful)
Re:Not just Oyster (Score:1, Insightful)
similar != same
This is a perfect example... (Score:5, Insightful)
This is a perfect example of how hacking can benefit the greater good. While it would be great to ride Dutch trains for free, it's obviously not sustainable and therefore I don't mind paying for services I receive. It is rather frustrating however to see companies attack the hackers that have found this weakness. Fixing the weakness will obviously cost money and time, but that is far superior to months of unscrupulous individuals taking free train rides all over the country. The students could have easily distributed this to their friends and community members quietly and cost the rail system thousands (perhaps hundreds of thousands) in free trips before it was discovered.
The rail company may have been duly diligent in their security assessment of the system, but obviously missed this problem. In this case, the students have provided a very valuable service for FREE. This can potentially improve the overall quality of the rail system. Obviously the rail company needs to spend capital to repair the flaw in the system, but that is superior to discovering and repairing the flaw after thousands of free trips have already been lost. In this case, the money lost in free trips can be reinvested into the service to improve it, rather than just flushed down the drain.
If companies can change their opinion of hackers that voluntarily point out security flaws to be more positive and less adversarial, everyone can potentially benefit.
Why yes, they do (Score:5, Insightful)
The sidewalks are great for walking on. At no cost!
Re:let em release it (Score:5, Insightful)
They've cut all the bus routes into a quarter of the length they used to be - meaning that you have to take 4 times as many buses to complete your journey, at 4 times the price and a much longer journey time.
London's bus companies have been privatised. Does this mean that any efficiency savings are passed on to the passenger? I won't bother to answer that one... just have a surf around and see how much subsidy they're getting.
You'd think, then, that local taxes in London would be real cheap. Oh dear me no, that would be a wrong assumption. One pays local tax (Council Tax) to the borough in which one lives, and then a further tax to the Mayor of London's Office. The *average* charge across outer London for this year is nearly US$3000 per annum.
In London, there is no such thing as a free ride.
Re:Why yes, they do (Score:5, Insightful)
Until the ID card surveillance system comes in. Then we pay to walk. To breathe. To exist.
Re:Key line (Score:4, Insightful)
No, I think that the poster was hoping that the commonsense ruling and notation made by the Dutch court would somehow transcend political and oceanic boundaries to the United States. But, unfortunately, it probably never would and if it did, the judge making the ruling would be condemned as a traitor and heretic.
Re:let em release it (Score:5, Insightful)
And then there's the Tube. A single journey within Zone 1 costs four pounds. This could be as short as 100 metres if you're stupid enough to travel between Charing Cross and Embankment.
And who's stupid enough to do that when you could buy an Oyster card and save a packet? Why, tourists, of course. And tourists don't vote. So they gouge 'em.
Re:let em release it (Score:5, Insightful)
If the bus isn't full and you otherwise wouldn't have paid, then what's the problem?
Sometimes it's hard to tell if people are posting ironically, but I'm going to go ahead an answer as though you were serious.
The philosophical reason you don't take free rides on buses is that paying your bus fare is a Kantian categorical imperative [wikipedia.org]. The ability to take a free ride on a bus presupposes the existence of a bus service, but were everybody to ride for free, the bus service would cease to run, negating the possibility of a free ride.
Actually, the real reason is a lot simpler: You're getting something of value, so you have an obligation to give something of value in return. Only parasites and slavers fail to abide by this principle. Which would you like to be?
Re:Why yes, they do (Score:4, Insightful)
Re:Only London air visible? (Score:5, Insightful)
Re:Are they serious? (Score:3, Insightful)
Personally, I'd publish the details the very same day, just because they tried to screw them with a court case. They could have just asked nicely.
On the other hand, these are not a bunch of semi-anonymous hackers, these are academics who have to think about their own future as well, which may explain this "no hard feelings" attitude.
The good news in this story is that we somehow seem to have at least one sensible judge left.
Comment removed (Score:4, Insightful)
Re:let em release it (Score:1, Insightful)
"You're getting something of value, so you have an obligation to give something of value in return"
Yet when you replace 'bus ride' with 'music', 'films', 'software', I think you will find many who say that getting something for free is a-ok and it's the developer/publisher's fault for being in a business in which bits can be copied for zero or near-zero cost by the copier.
See also:
http://tech.slashdot.org/comments.pl?sid=619989&cid=24265233 [slashdot.org]
More seriously... (Score:3, Insightful)
Re:cards will be cancelled within a day (maybe!) (Score:3, Insightful)
TFL have been saying that whilst the hack does work and is a concern they'll be able to identify cloned or reloaded cards and cancel them, so the most you'd get for your effort is a free travel card for the day.
If they increase the deposit on an Oyster card to £5 that should deter people who just want a free travelcard for a day.
Re:I'm not surprised (Score:3, Insightful)
Re:let em release it (Score:3, Insightful)
You realise that London is trying to reduce car usage and a possible effect might be to reduce traffic congestion and pollution. Why drive when you can get a free bus?
back in the mid 80's sheffield had a fairly unique bus service with 5p adult fares the result was packed buses going into and out of the city center and free flowing traffic. often you would have to wait 10 minutes for a bus since the first 3 that came were full.
unfortunately Margret thatcher deregulated the buses and privatized them resulting in higher fares more and mostly empty buses and the return of traffic jams to Sheffield streets.
While free rides might be wrong after all its theft of service, for london it could be a very good thing. reducing pollution and congestion.
Incidentally pensioners (65 60 years +) tend to get a free bus pass in most of the uk so already there are some existing free rides.