> "Details of how to copy the Oyster cards used on London's transport
> network can be published, a Dutch judge has ruled. "
>
> See http://news.bbc.co.uk/1/hi/technology/7516869.stm MaxB

> "Batman55" <900728@hidebehind.com> gurgled happily, sounding much like
> they were saying:
>

>> "Details of how to copy the Oyster cards used on London's transport
>> network can be published, a Dutch judge has ruled. "
>>
>> See http://news.bbc.co.uk/1/hi/technology/7516869.stm MaxB

>
> And quite right too. Security by obscurity is a laughable farce.

> Adrian wrote:

>> "Batman55" <900...@hidebehind.com> gurgled happily, sounding much like
>> they were saying:

>

>>> "Details of how to copy the Oyster cards used on London's transport
>>> network can be published, a Dutch judge has ruled. "

>

>>> Seehttp://news.bbc.co.uk/1/hi/technology/7516869.stmMaxB

>

>> And quite right too. Security by obscurity is a laughable farce.

>
> Indeed. What NXP were trying to do smacks of claiming you can walk
> safely off Beachy Head after banning the teaching of the Theory of Gravity.

> On Jul 21, 6:25 pm, Tom Barry blueyonder.co.uk> wrote:
>

>> Adrian wrote:

>>> "Batman55" <900...@hidebehind.com> gurgled happily, sounding much like
>>> they were saying:

>

>>>> "Details of how to copy the Oyster cards used on London's transport
>>>> network can be published, a Dutch judge has ruled. "

>

>>>> Seehttp://news.bbc.co.uk/1/hi/technology/7516869.stmMaxB

>

>>> And quite right too. Security by obscurity is a laughable farce.

>

>> Indeed. What NXP were trying to do smacks of claiming you can walk
>> safely off Beachy Head after banning the teaching of the Theory of Gravity.

>
> I notice LUL are still claiming Oyster security is perfectly ok. Do
> they live in a parallel universe or something?
> The sooner this whole Oyster card b0ll0cks is blown apart the better , ...

> We don't know what the technique is yet. But assuming TfL have cameras
> watching all the gates and centralized instant access to every card
> being used then it's not going to be too easy to exploit even if
> cloning the card is a simple as running it through a photocopier.

> actually exchange the card. Cloning allows them to skip the need to
> physically swap the card but can be detected if the card is used at
> two remote stations too quickly.

> On Jul 22, 10:24 am, "goo...@woodall.me.uk"
> wrote:
>

>> We don't know what the technique is yet. But assuming TfL have cameras
>> watching all the gates and centralized instant access to every card
>> being used then it's not going to be too easy to exploit even if
>> cloning the card is a simple as running it through a photocopier.

>
> Most CCTV images are rubbish and I doubt they'll have the police on
> standby all to catch the person next time they try and use a gate. As
> soon as the card is blocked they'll bin it and use another.
>

>> actually exchange the card. Cloning allows them to skip the need to
>> physically swap the card but can be detected if the card is used at
>> two remote stations too quickly.

>
> It all depends if the serial number can be modified. According to this
> document:
> ...

> It depends on whether all the card transmits to the gate is the serial
> number or whether it includes some extra information - e.g. last gate
> to have gone through and whether that can be checked by the central
> system. I've not looked into how oyster works at all - I don't know
> whether the gates rely on a real time connection to the central system
> or not.

> On 22 Jul, 13:39, "goo...@woodall.me.uk" wrote:
>

>> It depends on whether all the card transmits to the gate is the serial
>> number or whether it includes some extra information - e.g. last gate
>> to have gone through and whether that can be checked by the central
>> system. I've not looked into how oyster works at all - I don't know
>> whether the gates rely on a real time connection to the central system
>> or not.

>
> The card has its own memory and enough information onboard that it can
> be authorised/charged/whatever without checking any central databases.
> Ticket barriers are online (i.e. have a live network connection) but
> it would be impractical for them to check a central database during
> every touch. Bus ticket machines are offline and rely on nightly
> downloads at the depot. Not sure about standalone validators and other
> edge cases.
>

>What would be really neat, (but almost certainly not possible using a
>standard oyster card) would be to have "magic" cards that change their
>number.
>
>For example, a Sunday trip from Watford Junction...