Blackboard Campus IDs: Security Thru Cease & Desist
Full article [ here ]
On Saturday night, Virgil and Acidus, two young security researchers, were scheduled to give a talk at Interz0ne II on security flaws they'd found in a popular ID card system for universities. It's run by Blackboard, formerly by AT&T, and you may know it as OneCard, CampusWide, or BuzzCard. On Saturday, instead of the talk, attendees got to hear an Interz0ne official read the Cease and Desist letter sent by corporate lawyers. The DMCA, among other federal laws including the Economic Espionage Act, were given as the reasons for shutting down the talk (but -- update -- see the P.P.S below). I spoke with Virgil this morning.
I came across this and I figured alot of the college students here could benefit from being aware of the weakness in the Blackboard system before they find their identity stolen and account drained mysteriously. Looks like another example of where the DMCA is botching things up rather than protecting likes its *supposed* to. Just out of curiosity, how many students here know if their school uses Blackboard, I know mine does and I'm definately going to be wary of it from now on.
Here is FAQ in the Blackboard fiasco