Tag Archives: hack

Analysis: 0-Day NYC Transit System “Free Ride” Bug

I found this bug by accident on my way home from work tonight. The reason I am writing this even though it’s a 0-day:

  1. I do not think it’s widely exploitable.
  2. And if it is, NYC isn’t losing any money over it as far as I could tell.
  3. It will help the MTA/NYC Transit find and fix the problem
  4. I’m not sure it’s reproducible since I wasn’t about to spend my own time and money to test it

Technically what I describe below is a security issue because it denies legitimate users entry/access and could allow a non-legitimate user a “free ride” if they happen to be in the right place at the right time. It might also cost a legitimate user an extra fare since they might swipe again at a different turnstile since they will assume they just swiped at a broken one.

Here’s the scenario that happened to me coming home from work tonight at around 7PM. Imagine three turnstiles lined up in a row.

  1. I swiped my unlimited metrocard at right most turnstile to enter subway system. I was denied access. It said ‘Go’ on the green readout but the turnstile wheel was locked. I swipe again and received the ‘Just Used’ message.
  2. Woman behind me swipes and turn style denies her access in the same way. (She then “hops the turnstile” and enters subway system.)
  3. As I try to swipe my card again and on the other turnstiles I continue to receive the “Just Used” Message. The left most turnstile readout says, “Just Usedd” with two Ds. I probably try around 5 times in the next few minutes. (I know I need to wait 15 min for the ‘Just Used’ flag to clear but I worked late and thought I might get lucky!)
  4.  Legitimate users enter and leave the subway system through turnstiles. I don’t recall how many or which one’s they used. Although tired I don’t recall this watching and step 3 combined being more than 5 minutes.
  5. A legitimate user swipes card in middle turnstile to enter the subway and the right turnstile — without prompting or a card swipe (no one is in proximity) — lights up ‘Go’ on the green readout and allows access.

If NYC transit wants to contact me I’ll give them the location of the turnstile for them to investigate.

2000% Increase in Attacks on Israeli Websites

Interesting stats…. (Please do not post political propaganda on my site: it’s about information security not Middle East politics):

An increase of 2000% in attacks on pro-Israel and Israeli government websites was recorded in the first few days after the IDF takeover of the Turkish ship ‘Marmara’ headed for Gaza. Most of the attacks originated from Turkish and Palestinian sources.

Tests conducted by Internet security experts from IBM also found that the attackers managed to breakthrough to 500 Israeli websites and make changes or to plant propaganda on them.

IBM also found that Israeli government sites held up well to the attacks and most of the break-ins were into sites of companies and organizations in the private sector.

Rolling Stone Chronicles Criminal Hackers

Rolling Stone chronicles the lifestyle exploits of Albert Gonzalez, which you can find here in the USA Today article here.  Unfortunately I cannot provide a link to the actual RS article because it is paid only. You can find it at your local newsstand.

Unannounced Ethical Hacking

The French Twitter hacker claimed it was an ethical hack. This defense has rarely been credible in the US since 9/11 due to the uptick in professional services and change in cultural mindset.

… he wanted to reveal just how vulnerable online data systems are to break-ins — and he says he didn’t mean any harm.”I’m a nice hacker,” suspect Francois Cousteix told France 3 television Thursday, a day after he was released from police questioning, adding that his goal was to warn Internet users about data security.

Here is why I no longer report security vulnerabilities I find.

Google Teams with NSA over China Hack

According to the Wall Street Journal.

Officials at the National Security Agency have been working with Google Inc. to investigate the cyber attacks that Google announced publicly last month, according to people familiar with the investigation.

A Google spokeswoman declined to comment. NSA didn’t immediately respond to requests for comment.

Kremlin Possible Source of Newspaper Hack

So says this story.

Novaya Gazeta’s reporters have been harassed, attacked and even killed in crimes that police rarely solve.

In recent years, online resources of Russian opposition and independent media have been debilitated by similar hacker attacks that some analysts claimed were organized by the Kremlin.