mendax.org

Two researchers scheduled to talk about security flaws in university “card” programs were given a cease and desist order by Blackboard, the developers of the card system used on numerous campuses nationally. The card system allows students to purchase food from vending machines, access meal plans, and sometimes even unlock their doors.

Lawyers citing the DMCA and the Economic Espionage Act don’t want information about the card system’s security flaws leaking out to the public. The talk, to be given at a hacker’s convention, would have included information on how circumvention could take place, but efforts made back in 2001 to inform Blackboard of their system’s vulnerability resulted in no action having taken place.

Security issues are not just related to “spoofing” messages to get free things out of vending machines, but go so far as to allow users to create new cards, new balances, and even access user information like social security numbers. Given the added risk of giving access to some student’s rooms, Blackboard’s system is hardly as secure and safe as their advertising suggests.

While the exploits may not be available to individuals without some technical background, there’s still no excuse for the suppression of information about the system in question. That laws like the DMCA can be referred to in order to squash information that the public has a right to know about (let alone academic researchers), is rather indicative of a bad trend.

Some information is still mirrored, though hopefully when the issue goes to court, the cease and desist order will be lifted.

Popularity: 1% [?]