MIT subway hack a lesson for L.A. Metro?

I just read through the entire dramatic 87-page PowerPoint presentation by the kids who hacked Boston's T subway ticketing system -- and then got sued for it [via Globe] (they got sued, not me). 

If you've ever wondered how to reverse engineer those magnetic fare cards to give yourself unlimited funds, or how to use sophisticated radio wave sniffing equipment to crack the turnstile computers (see image), or even yearned to discover the location of vulnerable network jacks inside open rooms at T stations -- it's all here.

The three students behind the hack, which T officials said could cause "significant damage to the transit system," will participate in a federal hearing Tuesday where the T has named MIT as a negligent party in the creation of the offending project. 

You can understand why the Boston transpo authorities would be in hot water: Suddenly the major vulnerabilities of their new and expensive ticketing system are all over the Internet. And worse, the system whose security they were responsible for was turned into shredded wheat by a bunch of greenhorn engineering students (smart ones, mind you -- but still). 

If you follow the way the students interpret the bar code on the cards, you'll see that the magnetic data they contain is unencrypted. It's sort of like the T's card reading system is built like a closed door -- that someone left unlocked. 

It might be an expensive lesson for the T, but it's probably worth it for the rest of us. Transportation officials all over the place will no doubt be conducting audits of their own systems to avoid similar humiliation. And the L.A. Metro system -- which if you're ever been a rider and seen how poorly enforced its "honors system" riding rules are -- should be the first to peek in the mirror.