|
Oyster Card System Failure
http://news.bbc.co.uk/1/hi/england/london/7524754.stm
The Oyster system used on London's transport network has broken down two weeks after another fault left 40,000 customers with corrupted cards. The latest problem has affected pay as you go Oystercards on the Tube network. Barriers are being kept open at all stations until the problem has been rectified, Transport for London (TfL) has confirmed. |
Oyster Card System Failure
On Jul 25, 8:16 am, "dB" wrote:
http://news.bbc.co.uk/1/hi/england/london/7524754.stm The Oyster system used on London's transport network has broken down two weeks after another fault left 40,000 customers with corrupted cards. Oh dear, the system hardening against the MiFARE hack just isn't working is it boys? When that exploit gets published in full in october you're going to be well and truly screwed. B2003 |
Oyster Card System Failure
|
Oyster Card System Failure
On Jul 25, 9:24 am, Adrian wrote:
gurgled happily, sounding much like they were saying: The Oyster system used on London's transport network has broken down two weeks after another fault left 40,000 customers with corrupted cards. Oh dear, the system hardening against the MiFARE hack just isn't working is it boys? When that exploit gets published in full in october you're going to be well and truly screwed. You really think there'll be anything in that disclosure that the black- hats haven't _long_ known? Quite possibly. Black hats arn't super human genuises plus if you read the details this exploit required access to lab equipment to strip the chip layers and look at it under (I think) electron microscopes. Besides which , its only now that the exploit has come out and TfL are panicking. When/if it was underground (excuse the pun) before , they'd have been in blissful ignorance. Heres a video of the guys explaining what they did. Its quite long but interesting: http://www.hackaday.com/2008/01/01/2...letely-broken/ B2003 |
Oyster Card System Failure
|
Oyster Card System Failure
On Jul 25, 9:35 am, Adrian wrote:
gurgled happily, sounding much like they were saying: Besides which , its only now that the exploit has come out and TfL are panicking. When/if it was underground (excuse the pun) before , they'd have been in blissful ignorance. Which is precisely why disclosure is good. Indeed. Though from what I've read theres probably not all that much that can be done against this exploit without changing the hardware. I'll bet a fiver that they'll have to slowly migrate over to the newer cards using 3DES for Oyster in the coming years. B2003 |
Oyster Card System Failure
wrote in message
... On Jul 25, 9:35 am, Adrian wrote: gurgled happily, sounding much like they were saying: Besides which , its only now that the exploit has come out and TfL are panicking. When/if it was underground (excuse the pun) before , they'd have been in blissful ignorance. Which is precisely why disclosure is good. Indeed. Though from what I've read theres probably not all that much that can be done against this exploit without changing the hardware. I'll bet a fiver that they'll have to slowly migrate over to the newer cards using 3DES for Oyster in the coming years. B2003 Isn't it an immutable law that anything designed by people can be cracked by people - it's just a question of how long it takes! MaxB |
Oyster Card System Failure
On Jul 25, 8:16 am, "dB" wrote:
http://news.bbc.co.uk/1/hi/england/london/7524754.stm The Oyster system used on London's transport network has broken down two weeks after another fault left 40,000 customers with corrupted cards. The latest problem has affected pay as you go Oystercards on the Tube network. Barriers are being kept open at all stations until the problem has been rectified, Transport for London (TfL) has confirmed. According to http://news.bbc.co.uk/1/hi/england/london/7525894.stm The problem existed between 6am and 10am. Interestingly, I travelled on London Midland (Watford Junction to London Euston) using PAYG during this time. Both the touch in and touch out appeared to work correctly and the machine at touch out reported the correct fare. I didn't notice anyone having any problems at Watford Junction. And people seemed to be touching out normally at Euston judging by the beeps - although as that was platform 16-18 it's possible that things weren't actually working properly for everybody. Tim. |
Oyster Card System Failure
On 25 Jul, 16:33, " wrote:
On Jul 25, 8:16 am, "dB" wrote: http://news.bbc.co.uk/1/hi/england/london/7524754.stm The Oyster system used on London's transport network has broken down two weeks after another fault left 40,000 customers with corrupted cards. The latest problem has affected pay as you go Oystercards on the Tube network. Barriers are being kept open at all stations until the problem has been rectified, Transport for London (TfL) has confirmed. According tohttp://news.bbc.co.uk/1/hi/england/london/7525894.stm The problem existed between 6am and 10am. Interestingly, I travelled on London Midland (Watford Junction to London Euston) using PAYG during this time. Both the touch in and touch out appeared to work correctly and the machine at touch out reported the correct fare. I didn't notice anyone having any problems at Watford Junction. And people seemed to be touching out normally at Euston judging by the beeps - although as that was platform 16-18 it's possible that things weren't actually working properly for everybody. Tim. Today I used Cannon Street NR, where the barriers were working and I didn't see crowds of people with travelcards on Oyster waiting to be let through. I am on paper at the moment, so I didn't test it with an Oyster Travelcard. Then I used the Underground from Bank, and found that the gates were open and completely switched off at both ends. Maybe they spotted the conditions for another corruption of everyone's cards in time to switch off instead? I haven't managed to exploit any of this yet, because I've been covered by a travelcard both times the system was switched off. |
Oyster Card System Failure
On 25 Jul, 16:47, MIG wrote:
Today I used Cannon Street NR, where the barriers were working and I didn't see crowds of people with travelcards on Oyster waiting to be let through. *I am on paper at the moment, so I didn't test it with an Oyster Travelcard. The problem was only affecting PAYG, which isn't available at Cannon Street NR. U -- http://londonconnections.blogspot.com/ A blog about transport projects in London |
Oyster Card System Failure
"Mr Thant" wrote in message
... On 25 Jul, 16:47, MIG wrote: Today I used Cannon Street NR, where the barriers were working and I didn't see crowds of people with travelcards on Oyster waiting to be let through. I am on paper at the moment, so I didn't test it with an Oyster Travelcard. The problem was only affecting PAYG, which isn't available at Cannon Street NR. U -- http://londonconnections.blogspot.com/ A blog about transport projects in London Somewhat amusingly BBC South East were trying to do a slagging off report on the incident and both times they failed to get any sound with their picture. Another report was also delayed and ended suddenly. I don't know if the irony will have struck them - maybe there will be a report at 1030 on how the BBC systems failed. MaxB |
Oyster Card System Failure
On Fri, 25 Jul 2008 08:16:34 +0100, "dB" wrote:
http://news.bbc.co.uk/1/hi/england/london/7524754.stm The Oyster system used on London's transport network has broken down two weeks after another fault left 40,000 customers with corrupted cards. The latest problem has affected pay as you go Oystercards on the Tube network. Barriers are being kept open at all stations until the problem has been rectified, Transport for London (TfL) has confirmed. It was only LU that was affected - nothing else. A notice was issued this afternoon indicating an incorrect file had been loaded to the LU system by Transys. It's been corrected and the gates are working properly now. While everyone is enjoying the card hacking speculation I don't think this problem is anything to do with it. -- Paul C Admits to working for London Underground! |
Oyster Card System Failure
On 25 Jul, 18:45, Paul Corfield wrote:
While everyone is enjoying the card hacking speculation I don't think this problem is anything to do with it. I'd be interested in hearing then why suddenly oyster goes down twice in 2 weeks , the 1st time trashing 60K cards, if it was just some "data upload error" that was being bounced around as the official excuse. Data errors don't mess up hardware. B2003 |
Oyster Card System Failure
On 25 Jul, 20:28, wrote:
On 25 Jul, 18:45, Paul Corfield wrote: While everyone is enjoying the card hacking speculation I don't think this problem is anything to do with it. I'd be interested in hearing then why suddenly oyster goes down twice in 2 weeks , the 1st time trashing 60K cards, if it was just some "data upload error" that was being bounced around as the official excuse. Data errors don't mess up hardware. B2003 Of course they can - incorrect data downloaded to cards can easily makethem inoperable. Both today anda couple of weeks ago are being put down to Transys.& no hacking fix. |
Oyster Card System Failure
"Chris" wrote in message ... On 25 Jul, 20:28, wrote: On 25 Jul, 18:45, Paul Corfield wrote: While everyone is enjoying the card hacking speculation I don't think this problem is anything to do with it. I'd be interested in hearing then why suddenly oyster goes down twice in 2 weeks , the 1st time trashing 60K cards, if it was just some "data upload error" that was being bounced around as the official excuse. Data errors don't mess up hardware. B2003 Of course they can - incorrect data downloaded to cards can easily makethem inoperable. Only if you design your systems wrongly. Incorrect data in the validators could easily make them not accept cards, but it shouldn't cause cards to be trashed unless it has been specifically designed to do so. Both today anda couple of weeks ago are being put down to Transys.& no hacking fix. Hm, so we are told. It doesn't seem entirely believable. tim |
Oyster Card System Failure
On Jul 25, 5:57*pm, Mr Thant
wrote: On 25 Jul, 16:47, MIG wrote: Today I used Cannon Street NR, where the barriers were working and I didn't see crowds of people with travelcards on Oyster waiting to be let through. *I am on paper at the moment, so I didn't test it with an Oyster Travelcard. The problem was only affecting PAYG, which isn't available at Cannon Street NR. Well you know that and I know that ... It's evidence for whoever can work out what the problem was. So we know that touching an NR barrier at a station that never accepts PAYG won't corrupt your Oyster if there is a valid travelcard on it. But we don't really know anything else, like whether LU barriers would have let travelcards through if they were switched on. Or the same about NR barriers at, say, Liverpool Street. |
Oyster Card System Failure
On Jul 25, 10:29*pm, "tim....." wrote:
"Chris" wrote in message ... On 25 Jul, 20:28, wrote: On 25 Jul, 18:45, Paul Corfield wrote: While everyone is enjoying the card hacking speculation I don't think this problem is anything to do with it. I'd be interested in hearing then why suddenly oyster goes down twice in 2 weeks , the 1st time trashing 60K cards, if it was just some "data upload error" that was being bounced around as the official excuse. Data errors don't mess up hardware. B2003 Of course they can - incorrect data downloaded to cards can easily makethem inoperable. Only if you design your systems wrongly. Incorrect data in the validators could easily make them not accept cards, but it shouldn't cause cards to be trashed unless it has been specifically designed to do so. Both today anda couple of weeks ago are being put down to Transys.& no hacking fix. Hm, so we are told. *It doesn't seem entirely believable. The whole point of consultants is to be paid obscene amounts of money to take the blame for management decisions that were made before the consultants were hired. (I generally think of New Labour as consultants to the ruling business interests of this country.) |
Oyster Card System Failure
On Fri, 25 Jul 2008 14:34:05 -0700 (PDT), MIG
wrote: On Jul 25, 5:57*pm, Mr Thant wrote: On 25 Jul, 16:47, MIG wrote: Today I used Cannon Street NR, where the barriers were working and I didn't see crowds of people with travelcards on Oyster waiting to be let through. *I am on paper at the moment, so I didn't test it with an Oyster Travelcard. The problem was only affecting PAYG, which isn't available at Cannon Street NR. Well you know that and I know that ... It's evidence for whoever can work out what the problem was. So we know that touching an NR barrier at a station that never accepts PAYG won't corrupt your Oyster if there is a valid travelcard on it. But we don't really know anything else, like whether LU barriers would have let travelcards through if they were switched on. Or the same about NR barriers at, say, Liverpool Street. I travelled from Paddington to Ealing Broadway on the 0645 and thence on the 65 bus without any problem (with Z1-3 annual). Had no problems using the Tube today - but I suppose I should check my PAYG balance! |
Oyster Card System Failure
"MIG" wrote in message ... On Jul 25, 10:29 pm, "tim....." wrote: "Chris" wrote in message ... On 25 Jul, 20:28, wrote: On 25 Jul, 18:45, Paul Corfield wrote: While everyone is enjoying the card hacking speculation I don't think this problem is anything to do with it. I'd be interested in hearing then why suddenly oyster goes down twice in 2 weeks , the 1st time trashing 60K cards, if it was just some "data upload error" that was being bounced around as the official excuse. Data errors don't mess up hardware. B2003 Of course they can - incorrect data downloaded to cards can easily makethem inoperable. Only if you design your systems wrongly. Incorrect data in the validators could easily make them not accept cards, but it shouldn't cause cards to be trashed unless it has been specifically designed to do so. Both today anda couple of weeks ago are being put down to Transys.& no hacking fix. Hm, so we are told. It doesn't seem entirely believable. The whole point of consultants is to be paid obscene amounts of money to take the blame for management decisions that were made before the consultants were hired. (I generally think of New Labour as consultants to the ruling business interests of this country.) ------------------------------------------------- I was referring to the reason for the update, not the buck passing. tim |
Oyster Card System Failure
"MIG" wrote in message ... On Jul 25, 10:29 pm, "tim....." wrote: "Chris" wrote in message The whole point of consultants is to be paid obscene amounts of money to take the blame for management decisions that were made before the consultants were hired. (I generally think of New Labour as consultants to the ruling business interests of this country.) I always thought consultants were paid obscene amounts of money to waste employees time asking them how to solve a problem, ignore their wisdom, write a report based on the solution they had decided on beforehand and depart before the whatsit hit the thingy! MaxB |
Oyster Card System Failure
I always thought consultants were paid obscene amounts of money to waste
employees time asking them how to solve a problem, ignore their wisdom, write a report based on the solution they had decided on beforehand and depart before the whatsit hit the thingy! MaxB Yes, that sounds familiar. It's no coincidence that consultancy begins with con ;-) |
Oyster Card System Failure
On Sat, 26 Jul 2008 13:28:41 +0100, "dB" wrote:
I always thought consultants were paid obscene amounts of money to waste employees time asking them how to solve a problem, ignore their wisdom, write a report based on the solution they had decided on beforehand and depart before the whatsit hit the thingy! MaxB Yes, that sounds familiar. It's no coincidence that consultancy begins with con ;-) Consult: A cross between "con" and "insult". (With thanks to Scott Adams). |
Oyster Card System Failure
On 25 Jul, 21:43, Chris wrote:
Of course they can - incorrect data downloaded to cards can easily makethem inoperable. I've not yet come across r/w memory that can't be reset if theres dodgy data on it so unless they're upgrading any software there may be on it I can't see how it could happen. And if thats the case you have to ask yourself why. Both today anda couple of weeks ago are being put down to Transys.& no hacking fix.# Yes , because I'm sure TfL would release a statement saying "transys have been attempting a workaround for the MiFARE hack but have so far failed miserably". B2003 |
Oyster Card System Failure
On Jul 26, 2:22*pm, James Farrar wrote:
On Sat, 26 Jul 2008 13:28:41 +0100, "dB" wrote: I always thought consultants were paid obscene amounts of money to waste employees time asking them how to solve a problem, ignore their wisdom, write a report based on the solution they had decided on beforehand and depart before the whatsit hit the thingy! MaxB Yes, that sounds familiar. It's no coincidence that consultancy begins with con ;-) Consult: A cross between "con" and "insult". (With thanks to Scott Adams). It's not incompatible with my version if the management decision is to hire consultants to override the wisdom of the staff and to produce the solution that management hired them to produce (possibly on the grounds that it's the solution that the particular consultancy always produces). |
Oyster Card System Failure
In message
, at 12:25:39 on Sat, 26 Jul 2008, MIG remarked: It's not incompatible with my version if the management decision is to hire consultants to override the wisdom of the staff and to produce the solution that management hired them to produce (possibly on the grounds that it's the solution that the particular consultancy always produces). The other common scenario is that the consultants produce the solution that the staff recommend, but the management weren't listening to the staff. So everyone wins! Call it a catalyst. -- Roland Perry |
Oyster Card System Failure
The other common scenario is that the consultants produce the solution that the staff recommend, but the management weren't listening to the staff. So everyone wins! Call it a catalyst. Except it cost the company a lot of money for someone to state the obvious. |
Oyster Card System Failure
In message , at
20:52:55 on Sat, 26 Jul 2008, dB remarked: The other common scenario is that the consultants produce the solution that the staff recommend, but the management weren't listening to the staff. So everyone wins! Call it a catalyst. Except it cost the company a lot of money for someone to state the obvious. But without paying the money the "obvious" goes un-stated. You probably wouldn't be surprised to learn how many managements are convinced that no good ideas will ever come from the staff, so those ideas end up being laundered through a consultant. The consultant doesn't have zero work to do, of course; he has to listen to all the staff, then select the ideas that makes sense. But the chances are that many times there will be some non-trivial subset of the staff who will recognise it as "their" idea. -- Roland Perry |
Oyster Card System Failure
Roland Perry wrote:
You probably wouldn't be surprised to learn how many managements are convinced that no good ideas will ever come from the staff, so those ideas end up being laundered through a consultant. I have to say I (as a staff member with ideas) only realised the usefulness of this relatively recently. The consultant, having been brought in to have ideas but without any idea of how the place runs, is going to reach for anyone willing to explain things to him like a drowning man for a lifebelt. If you can get a couple of hours alone with him you have a good chance of getting your ideas in front of people with far less effort than it would normally take through conventional bureaucracy. This does require that you aren't expecting to be thanked or recognised for you contribution, and that you have sufficient self control that when management order you to drop everything and run with the exciting new idea the consultant has proposed you don't go 'hey, that was what I've been saying for years'. Sadly it's a common human bias to value something that cost a lot of money more. Tom |
Oyster Card System Failure
In message , at 10:11:45 on Sun, 27
Jul 2008, Tom Barry remarked: You probably wouldn't be surprised to learn how many managements are convinced that no good ideas will ever come from the staff, so those ideas end up being laundered through a consultant. I have to say I (as a staff member with ideas) only realised the usefulness of this relatively recently. The consultant, having been brought in to have ideas but without any idea of how the place runs, is going to reach for anyone willing to explain things to him like a drowning man for a lifebelt. If you can get a couple of hours alone with him you have a good chance of getting your ideas in front of people with far less effort than it would normally take through conventional bureaucracy. This does require that you aren't expecting to be thanked or recognised for you contribution, and that you have sufficient self control that when management order you to drop everything and run with the exciting new idea the consultant has proposed you don't go 'hey, that was what I've been saying for years'. Sadly it's a common human bias to value something that cost a lot of money more. Most of that's true, but I think you are being a little hard on the "drowning man" - their job is to come into a new place and find out how it ticks. As for use of consultants in general, here's another way of thinking about them: A computer software company needs a new head office and rather than design it themselves (and unwilling to hire as employees the people with the skills) decide to subcontract it out to some building design consultants. Or as they are often called, architects. These folk interview the management and staff to get an idea of the requirements (probably none of them are programmers so want to understand what the special needs are). Eventually they draw up plans in a sufficiently professional way that they are accepted by management and the board. The management were sceptical about some aspects (particularly some of the more staff-friendly ones), but the architects were able to argue that these features had worked well in other buildings they had done and figures that showed increased productivity; the board were impressed by the financial due diligence from people with credentials, and appreciated someone to pass the planning approval buck to. The staff recognised many of the things they had asked for, and wondered why specialists were needed at all; if only the management had listened to them! -- Roland Perry |
Oyster Card System Failure
On Jul 27, 11:01*am, Roland Perry wrote:
In message , at 10:11:45 on Sun, 27 Jul 2008, Tom Barry remarked: *You probably wouldn't be surprised to learn how many managements are convinced that no good ideas will ever come from the staff, so those ideas end up being laundered through a consultant. I have to say I (as a staff member with ideas) only realised the usefulness of this relatively recently. *The consultant, having been brought in to have ideas but without any idea of how the place runs, is going to reach for anyone willing to explain things to him like a drowning man for a lifebelt. *If you can get a couple of hours alone with him you have a good chance of getting your ideas in front of people with far less effort than it would normally take through conventional bureaucracy. This does require that you aren't expecting to be thanked or recognised for you contribution, and that you have sufficient self control that when management order you to drop everything and run with the exciting new idea the consultant has proposed you don't go 'hey, that was what I've been saying for years'. Sadly it's a common human bias to value something that cost a lot of money more. Most of that's true, but I think you are being a little hard on the "drowning man" - their job is to come into a new place and find out how it ticks. As for use of consultants in general, here's another way of thinking about them: *A computer software company needs a new head office and rather than design it themselves (and unwilling to hire as employees the people with the skills) decide to subcontract it out to some building design consultants. Or as they are often called, architects. These folk interview the management and staff to get an idea of the requirements (probably none of them are programmers so want to understand what the special needs are). Eventually they draw up plans in a sufficiently professional way that they are accepted by management and the board. The management were sceptical about some aspects (particularly some of the more staff-friendly ones), but the architects were able to argue that these features had worked well in other buildings they had done and figures that showed increased productivity; the board were impressed by the financial due diligence from people with credentials, and appreciated someone to pass the planning approval buck to. The staff recognised many of the things they had asked for, and wondered why specialists were needed at all; if only the management had listened to them! My experience is that the management want to cover their backs WHEN something fails, by saying "but we paid the most expensive consultants". They could have spent an awful lot less on working with their own staff to prevent it failing in the first place. I've seen that a few times. |
Oyster Card System Failure
In message
, at 03:19:55 on Sun, 27 Jul 2008, MIG remarked: My experience is that the management want to cover their backs WHEN something fails, by saying "but we paid the most expensive consultants". They all charge about the same. They could have spent an awful lot less on working with their own staff to prevent it failing in the first place. I've seen that a few times. If they were in the habit of working with their staff, they might not need the "rescue package". And if it looks like the staff are failing (even if it's not the staff's fault) they are likely to be the last place management looks to for new skills to solve the problem. But many of the staff's ideas, filtered and verified by the consultant, can be exactly what the organisation needs. -- Roland Perry |
Oyster Card System Failure
On Jul 26, 5:37 pm, wrote:
On 25 Jul, 21:43, Chris wrote: Of course they can - incorrect data downloaded to cards can easily makethem inoperable. I've not yet come across r/w memory that can't be reset if theres dodgy data on it so unless they're upgrading any software there may be on it I can't see how it could happen. And if thats the case you have to ask yourself why. Most microcontrollers have had settings which once written prevent you ever reading out or changing the microcode again. Some of those were non resettable, even if, before the fuses were blown, the microcontroller was reprogrammable. (The modern flash PICs which I've been playing with recently all seem to have the ability to do a complete reset even after the code protection bits have been set - IIRC on some of them this reset can wipe some of the factory calibration data so you have to make sure you've recorded these values for the individual devices somewhere before you start down this path - I think mostly this calibration data is related to the internal oscillator so it's not needed if you're using external timing) I can easily believe that the mifare card could have a setting to flag some of the memory as read only - IIRC sector 0 (which contains the ID[1]) is read only - It's perfectly possible that there is an address somewhere that says what memory is read only and what is read write and that address can only be incremented, never decremented. Initially the card is created with this address as 0. Sector 0 is written and then the address incremented to 1. A card can be totally disabled by incrementing this address to its maximum value. Tim. [1] Someone posted a link to a presentation about hacking the mifare chip - according to that, even though sector 0 is non-reprogrammable, you can change the key used to encrypt the traffic in such a way that the card looks like it has a different ID. Only if the reader explicitly requests sector 0 and verifies the ID will it be able to detect this spoofing. |
Oyster Card System Failure
On Jul 28, 11:52 am, "
wrote: On Jul 26, 5:37 pm, wrote: On 25 Jul, 21:43, Chris wrote: Of course they can - incorrect data downloaded to cards can easily makethem inoperable. I've not yet come across r/w memory that can't be reset if theres dodgy data on it so unless they're upgrading any software there may be on it I can't see how it could happen. And if thats the case you have to ask yourself why. To followup: Just found this 2K (256x8) eeprom http://www.atmel.com/atmel/acrobat/doc0958.pdf Has a permanent software write protection for the first half of the memory. "Write Protection The software write protection, once enabled, permanently write protects only the first-half of the array ... The software write protection cannot be reversed even if the device is powered down." I've only skimmed that data sheet but it looks like if you send a write command with a device address of 0110 instead of 1010 then you'll set this bit. You really don't want to send a software update to your readers that drops a byte from the command being sent to the chip - most cards will just fail to work, but a few will get that magic 0110 bit pattern at the wrong point and will then be permanently broken. Tim. |
Oyster Card System Failure
wrote in message ... On Jul 26, 5:37 pm, wrote: On 25 Jul, 21:43, Chris wrote: Of course they can - incorrect data downloaded to cards can easily makethem inoperable. I've not yet come across r/w memory that can't be reset if theres dodgy data on it so unless they're upgrading any software there may be on it I can't see how it could happen. And if thats the case you have to ask yourself why. Most microcontrollers have had settings which once written prevent you ever reading out or changing the microcode again. Yep, but this area isn't going to be written to by the application code. It will (or won't) be blown deliberately during manufacture. tim |
| All times are GMT. The time now is 04:27 PM. |
Powered by vBulletin®
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2006 LondonBanter.co.uk