Interesting People mailing list archives
Blackboard story in the Washington Post
From: Dave Farber <dave () farber net>
Date: Fri, 18 Apr 2003 07:57:22 -0400
------ Forwarded Message From: John Adams <jadams01 () sprynet com> Date: Fri, 18 Apr 2003 07:48:47 -0400 To: dave () farber net Subject: Blackboard story in the Washington Post http://www.washingtonpost.com/wp-dyn/articles/A48214- 2003Apr17.html?referrer=email Here's the paragraph that annoys me no end: "We weren't really worried about security of the system. We were worried about the reputation of the system," Baker said. The company said that, to its knowledge, no one has ever hacked into its card systems, used on college campuses since the 1980s. I know, I know, perception is reality, and all that pomo-corpocrap--but these guys _clearly_ said they could compromise the security of the system, and wrote a paper detailing the weaknesses which allow those compromises. My perception, which may not be reality, is that paragraph above is spin designed to impede communication. The whole story follows. All the best, John A see me fulminate at http://www.jzip.org/ Blackboard Gets Gag Order Against Smart-Card Hackers By Anitha Reddy Washington Post Staff Writer Friday, April 18, 2003; Page E01 A D.C.-based company that sells a "smart card" network used on more than 200 college campuses has blocked two students from publicly describing how to override the system to circumvent building security, obtain free soft drinks and avoid paying for laundry. Blackboard Inc. obtained a court order last weekend preventing Billy Hoffman, a computer science major at Georgia Tech, and Virgil Griffith, a student at the University of Alabama, from discussing vulnerabilities in the card system at a hacker convention in Atlanta. The case has prompted heated discussion online among hackers and technology groups, because it touches on a controversial federal law that forbids people to pick the virtual locks protecting electronic content. Hoffman described breaking into a card reader installed in a dorm laundry room "with a cheap metal knife" and discovering how to trick the system into doling out free washes in an article last year in 2600, a hacker magazine. "Hopefully, this article will force Blackboard to change to a more secure system," Hoffman wrote. Hoffman has spoken at several hacker conventions on the topic in the past two years, according to his online résumé and Bob Roth, the chief executive of another campus card provider, NuVision Networks Corp. Blackboard did not sue Hoffman immediately after the article was published because it understood that Georgia Tech had punished him, said Greg Baker, vice president of product development for Blackboard Transaction System. Georgia Tech would not say whether it sanctioned Hoffman. But now, the company says Hoffman's talks provide a "blueprint" for vandalism and copyright infringement and mislead clients about the safety of its systems. "We weren't really worried about security of the system. We were worried about the reputation of the system," Baker said. The company said that, to its knowledge, no one has ever hacked into its card systems, used on college campuses since the 1980s. In a statement, the company accused Hoffman and Griffith of "promoting methods to dismantle secure hardware installations by vandalizing and gaining access to wiring of Blackboard Transaction Systems." "These flaws don't necessarily just extend to silly things such as tricking a Coke machine -- they have much more important implications to physical security," Hoffman said in an Associated Press report yesterday. Hoffman and Griffith declined to be interviewed yesterday through their lawyer, Pete Wellborn. Blackboard cards go by a variety of names and have a variety of uses. At some schools, such as Ohio State University, students swipe their Blackboard cards to enter dormitories and other secured buildings. At Georgia Tech, Blackboard's cards are called BuzzCards, a reference to the school mascot, the yellow jacket, and they are carried by all students, faculty and staff. They are the school's main ID card and serve as library cards, meal cards and campus debit cards that can be used in vending machines and laundry rooms. The computer system that stores BuzzCard balances isn't linked to the same databases that store students' financial, academic and health records, according to university spokesman Bob Harty. Wellborn, the attorney for Hoffman and Griffith, said Blackboard rested its case on several federal and state statutes, but not the 1998 Digital Millennium Copyright Act. That act set off a debate between proponents who argued it safeguarded intellectual property and legal experts who declared it would smother innovation. It remains controversial in the technology community. Blackboard's lawyers cited the act in their letter last week demanding the pair call off their presentation. Wellborn, who has an undergraduate degree in computer science and teaches Internet law at Georgia Tech, said it could come up in the case. Last month, Hoffman attended a trade show for campus card users as a paid consultant for Blackboard competitor NuVision Networks. Roth said the company had invited Hoffman to the New Orleans event after using excerpts from his article on Blackboard's card system in its promotional literature for the past two years. In fact, Hoffman peppered Blackboard's Baker, who was manning a booth at the show, with questions about Blackboard's security before identifying himself, Baker said. He added that Hoffman "seemed nice and pleasant." A hearing on the case is scheduled for May 30 before DeKalb County Superior Court Judge Anne Workman, who issued the restraining order. ------ End of Forwarded Message ------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- Blackboard story in the Washington Post Dave Farber (Apr 18)