Oyster Is...Toast

As Ben Laurie so eloquently puts it:

The MiFare stream cipher, as used in Oyster cards, has been comprehensively cracked. The researchers claim they can recover the key in well under 5 minutes after observing a single transaction.

Microsoft's Cracked Sense of Priorities

Once again, Bruce is on the money - literally.

If you really want to see Microsoft scramble to patch a hole in its software, don't look to vulnerabilities that impact countless Internet Explorer users or give intruders control of thousands of Windows machines. Just crack Redmond's DRM.

Why is that?

Because it makes near-term financial sense to Microsoft. The company is not a public charity, and if the internet suffers, or if computers are compromised en masse, the economic impact on Microsoft is still minimal.

Microsoft is in the business of making money, and keeping users secure by patching its software is only incidental to that goal.

But a DRM crack is another matter:

this vulnerability is a big deal. It affects the company's relationship with major record labels. It affects the company's product offerings. It affects the company's bottom line. Fixing this "vulnerability" is in the company's best interest; never mind the customer.

So Microsoft wasted no time; it issued a patch three days after learning about the hack. There's no month-long wait for copyright holders who rely on Microsoft's DRM.

And this isn't going to change anytime soon - not until the underlying economics of security changes.