|
Oystercard article
http://www.theregister.co.uk/2006/02...ecurity_flaws/
Based on what I have read in this group over the years this is not a very accurate article. Maybe Paul C would like to comment to them? -- Chris |
Oystercard article
Chris! wrote: http://www.theregister.co.uk/2006/02...ecurity_flaws/ Based on what I have read in this group over the years this is not a very accurate article. Maybe Paul C would like to comment to them? -- Chris TfL claims that they keep the data for a few months and then discard it. There are some obvious reasons for this which actually protect "customers", such as if there is a dispute or if the card is lost. But the intentions of TfL, whether or not this article is true, are not really relevant. Given that the information necessarily is being stored, the policy could change or someone else could get hold of it. This was also true with paper season tickets but, like the plan for ID cards, Oysters are being forced on a higher proportion of travellers by making it difficult to travel without them (maybe NR is holding out in the name of civil liberties?). |
Oystercard article
MIG wrote: Chris! wrote: http://www.theregister.co.uk/2006/02...ecurity_flaws/ Based on what I have read in this group over the years this is not a very accurate article. Maybe Paul C would like to comment to them? -- Chris TfL claims that they keep the data for a few months and then discard it. There are some obvious reasons for this which actually protect "customers", such as if there is a dispute or if the card is lost. But the intentions of TfL, whether or not this article is true, are not really relevant. Sorry, my fault for not explaining well in the original post. By talking about accuracy I was refering to things such as the article saying our journey history is available online... it isn't |
Oystercard article
In reply to news post, which Chris! wrote on
Mon, 20 Feb 2006 - http://www.theregister.co.uk/2006/02...ecurity_flaws/ Based on what I have read in this group over the years this is not a very accurate article. Maybe Paul C would like to comment to them? The article indicates you can see where you have travelled with your Oyster card via the web site. I have never found this feature, does it exist? -- Matthew P Jones - www.amersham.org.uk My view of the Metropolitan Line www.metroland.org.uk - actually I like it Don't reply to it will not be read You can reply to knap AT Nildram dot co dot uk |
Oystercard article
http://www.theregister.co.uk/2006/02...ecurity_flaws/ Based on what I have read in this group over the years this is not a very accurate article. Maybe Paul C would like to comment to them? The article indicates you can see where you have travelled with your Oyster card via the web site. I have never found this feature, does it exist? No. You can request a statement via the email feature in "Ask Oyster". You have to provide your Oyster Card number, security answer and home address. They send you the statement in the post. |
Oystercard article
On 20 Feb 2006 15:54:54 -0800, "Chris!" wrote:
http://www.theregister.co.uk/2006/02...ecurity_flaws/ Based on what I have read in this group over the years this is not a very accurate article. Maybe Paul C would like to comment to them? I've read the above and the linked IOS article. There are two statements that I recognise as something that was specified when I was involved a long time ago. One was the deliberate decision to split usage and card holder details in the tracking system. The second is the ability to read the last few journey details from the card at a ticket machine. I don't see a problem with either feature. A lot has happened since I was involved in terms of the Oyster website, off system purchasing of cards / value / tickets etc. While I understand the point that both articles are making I think this is a classic case of making a mountain out a mole hill. I don't understand what it is that TfL are supposed to do to seemingly stop people being able to see what is on their cards or how their card has been used. That feature is provided to allow users to see that the ticket and / or pre-pay that they have purchased and used is being accounted for correctly. In other words it is a way of providing reassurance - not unlike being able to get a transaction slip or mini statement from a cash machine. The implication seems to be that access to card information has to be much harder thus disadvantaging the average passenger and that somehow TfL has to design systems to prevent people getting divorced or to somehow foresee the current legislative position concerning terrorism. I cannot recall us examining those risks in any detail at the time I was on the team but whether they were subsequently I do not know. Why is this something that TfL has to do with public funds when it is the card holder that is the person who is most likely to reveal details that would allow the standard security features to be compromised or even basic information to be accessed by someone they know? I don't see how this would be a good use of public funds. The articles seem to be trying to stoke up "public fears" so that "something has to be done" - a classic newspaper tactic so it can claim the credit for "doing something for the public good" against an "unresponsive bureaucratic public sector quango" or somesuch. If Oyster becomes E Money then we are in an entirely different situation and other legislation and controls come into play. I would agree that security would need to be re-assessed as the desirability of the system to criminals would increase hugely and thus the risk profile for everyone involved with the system changes. -- Paul C Admits to working for London Underground! |
Oystercard article
In message .com, at
16:32:07 on Mon, 20 Feb 2006, Chris! remarked: By talking about accuracy I was refering to things such as the article saying our journey history is available online... it isn't I think what they mean is that you can get the information by going online (needing access to the person's email) and having the information sent to you (if necessary by changing the registered address too): "access to the individual's email account would probably be enough for a snooper to change passwords and gain access to the account itself." -- Roland Perry |
| All times are GMT. The time now is 09:15 AM. |
Powered by vBulletin®
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2006 LondonBanter.co.uk