Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Submission + - New Dutch Public Transport card claimed unhackable (www.nu.nl)

TESTNOK writes: Since traveling daily by public transport because of a new job half a year ago, my interest in the dutch public transport card system ("ov-chipkaart") has been more than casual. In the past few years, this card system has attracted quite some attention because of the friendly opportunity it offers for fraud.

As early as 2008, before it was introduced for real outside some pilot projects, the card's chip was spectacularly hacked by some German researchers, as posted back then on slashdot (thank goodness for search) with link to bbc-news article and wikipedia entry. This hack ended up in the international news (PCworld article, with links to video demonstration and paper of University of Virginia).

A similar hack on the same chip was published by Dutch researchers from Radboud Univeristy in Nijmgen, in the Netherlands. This case attracted additional attention because the company making the Mifare chip, NXP (formerly Phillips semiconductors), tried to block publication of the hack and was denied this in a Dutch court of law (security guru Bruce Schneier on this).

Even more recently, the " improved" system, but still using the same chip on the cards, was targeted by Dutch investigative journalist Brenno de Winter who was cleared from prosecution by a judge as recently as three weeks ago. His research showed that hacking was possible by using some freely downloadable windows programs and a reader (you-tube video of his sadly over-long presentation at DefCon 16)

Today it became public that the company responsible for the system, Trans Link Systems (not very informative site) has silently been introducing cards using a different chip for two months now. It uses the Infineon SLE-66 chip, that can have software installed. The software that was installed by TLS is to block any tampering. Dutch news site nu.nl has had such a card for two weeks and was not able to hack it with the currently known methods (their article, dutch only, I'm afraid. Old cards are still in production until he end of the year for subscriptions (linked to personalized accounts) but the new cards are used for the anonymous day cards. Equipment of public transport personnel has been adapted to reveal hacking attempts.

So, the big question to all the security experts hovering around slashdot: how realistic is the claim that this card will prevent fraud? Let's be realistic and assume that it can eventually be hacked in the lab, but that practical application of this hack is not feasible. The interesting case is a hacking method that would make free transport available on a large scale, as is the case now. Can chip-installed software block such tampering attempts?

Phew. First post. I feel like I've handed in exam papers ...


Submission + - does being 'loyal' pay as a developer? 11

An anonymous reader writes: Does loyalty pay as a developer?

As a senior developer for a small IT company based in the UK that is about to release their flagship project, I know that if I was to leave the company now it would cause them some very big problems.

Mostly because I’m currently training the other two ‘junior’ developers , trying to bring them up to speed with our products. Unfortunately however they are still a long way from grasping the technologies used – not to mention the ‘interesting’ job the outsourced developers managed to make of the code (but I’ll leave that for another post)

Usually I would never have considered leaving at such a crucial time, I’ve been at the company for several years and consider many of my colleagues, including higher management, friends.
However I have been approached by another company that is much bigger, and they have offered me a pay rise of £7k to do the same job, plus their office is practically outside my front door (as opposed to my current 45 minute commute each way)

This would make a massive difference to my life, and naturally the other half wants me to snatch their hands off!
But I can’t help but feel that to leave now would be betraying my friends and colleagues, some friends have told me that I’m just being ‘soft’ – however I think I’m being loyal.

Some of you fellow slash-dotters must have had similar experiences over the years, any advice?

Submission + - Open source in academia

An anonymous reader writes: Having recently been approached to help come up with some guidelines to introduce the open source software model to graduate level computer science students, I decided this is something that could best be answered by the Slashdot community as a whole, as while I am currently myself a student, I'm sure there is a wealth of insight out there that I am missing.

Unfortunately the subject of open source software would not have its own course, and would be part of one that serves as an overview of different 'real world' coding applications, the idea being to give students a feel for things beyond your typical computer science assignments, with open source being covered for four to six weeks.

Are there any suggestions for good open source projects that students could rather quickly get acclimated with and contribute to? How do you go about grading something like open source code contributions? What level of community interaction should be expected of students with no previous open source experience?

For you other students out there, do any of your universities currently offer courses covering open source software, and if so, how is it handled there?

Slashdot Top Deals

"There is no distinctly American criminal class except Congress." -- Mark Twain