Now it seems that the MBTA folks are taking a plausibly sensible approach to the security problem:
The Massachusetts Bay Transit Authority (MBTA) said it would work with Zack Anderson, RJ Ryan, and Alessandro Chiesa to make improvements to the agency's fare collection system "that will be as straightforward and inexpensive to address as possible." In August, the MBTA obtained a court order gagging the trio just hours before they were scheduled to speak about the gaping holes at the Defcon hacker conference in Las Vegas.Now I'm not a fan of hiring hackers to help your security, but that's not what's happening here. The MBTA chose a system with lousy security, and then sued researchers who were going to discuss it (can you say "prior restraint"). The researchers aren't hackers under any workable definition of the term.
That said, seeing what the transit authority can learn to correct the weaknesses is The Right Thing to do. So well done, MBTA.
UPDATE 23 December 2008 7:50: Interesting discussion over at Slashdot, especially this comment:
So it's progress, but not as cut and dried. The Charley Card system is still fundamentally broken, and an investigation of the company who makes the technology would have shown this.