Judge George O’Toole Jr has lifted the gag order preventing three MIT students from publicly discussing MTBA security flaws. As noted here, the MBTA made the student’s report public in their petition to gain the restraining order in question.

The MBTA, which had earlier denied that security flaws existed, had asked the judge to prevent the students from discussing their findings for five additional months. They also today said that the assessment by MIT students Alessandro Chiesa, R.J. Ryan, and Zack Anderson has persuaded them that the Charlie Card security system is flawed.

This of particular concern since the contract for Charlie Cards was awarded through a no-bid process to a former government employee. Janice Loux, a member of the MBTA’s board of director is on record as having lost confidence in MBTA General Manager, Dan Grabauskas.

The MBTA board is set to discuss an audit in light of security breaches, which included unlocked turnstile controls, unattended control rooms, and keys left in view which could be photographed and copied.

The Sanfrancisco Chronicle reports that after a secret visit by the mayor of San Francisco, the network administrator who locked the cities technology staff out of the network surrendered his password.
See earlier coverage of this story.

Terry Child’s defense attorney, Erin Crane, claimed that Mr. Childs was merely protecting the network from incompetent staff, and there was no clear policy who he was authorized to release the systems master password to in such a situation.

Continued

There has been commentary, criticism, and even worry about ICANN’s proposed laissez-faire policy to allow a broad range of top-level domains. Our friends at Circle ID try to calm the waters by reminding us that ICANN’s byzantine committee structure, and its tendency to avoid both conflict and even the clearest paths of action, can make its proceedings downright glacial.

Besides, ICANN has challenges beyond running the world’s domains. Lately, just running their own domain has been a challenge. Shortly after the announcement of the new gTLD’s, Turkish hackers seized control of ICANN’s website by … changing their domain record and redirecting ICANN’s traffic.

Continued

Who controls the software you use: you, or the software’s producer? That’s the question at the heart of a lawsuit by Blizzard, creator of World of Warcraft (WoW), against MDY Industries. Apparently, MDY has developed software called Glider that allows a WoW player to cheat by having their computer play for them in their stead. In other words, it enables players to gain experience points without playing or experience.

Continued

Credit card numbers were selling for as little as 40 cents each and access to bank accounts was going for $10 in the second half of 2007, according to the latest twice-yearly Internet Security Threat Report from Symantec, which you may download here.

As highlighted in our earlier article, Big Business Big Brother, data breaches now take place on a nearly daily basis. Last month, my grocery store leaked my credit card information; this month my ISP allowed access to another site’s domain record. While I’d rather be funny than alarmist, the falling price for stolen data suggests that access to your personal information is so easy, it’s becoming a commodity. That’s not funny.

However, also today, The New York Times reports that, nationally, burglary is down by 50% from 1980 figures. Isn’t breaking and entering simply the 20th-century analogue to identity theft? It seems criminals are opting for a less physically risky version of the same crime. What do you think?