[TUHS] Happy birthday, Ken Thompson!

Theodore Ts'o tytso at mit.edu
Tue Feb 6 14:58:22 AEST 2018


On Mon, Feb 05, 2018 at 05:54:57PM -0500, Dan Cross wrote:
> Speaking of things like that...This just landed in my inbox:
> 
> http://www.mymtaalerts.com/m?78F2F
> 
> The metrocard vending machines in the NYC subway are little PCs. I could
> swear I've seen either an OS/2, Windows, or Linux startup sequence on one
> or more of them before (maybe all three).
> Anyway, what do you want to bet that the MTA is making people go around
> with media and manually install updates for Spectre/Meltdown across the
> transit system?

No bet.  How much do you want to bet the MTA isn't bothering to update
gazillions of *other* already published and known security holes that
were zero days years ago?  Holes that are probably *Way* easier to
exploit than those using Spectre/Meltdown?

If it's anything like the MBTA in Massachusetts their security is
limited to trying to sue graduate students[1] in an attempt to impose
prior restraint on their research (and including the presentation[2]
as an exhibit on the lawsuit and letting it be published on the
court's website for all to see?).

[1] https://en.wikipedia.org/wiki/Massachusetts_Bay_Transportation_Authority_v._Anderson
[2] http://tech.mit.edu/V128/N30/subway/Defcon_Presentation.pdf

						- Ted


More information about the TUHS mailing list