Slashdot Mirror
Airports As Secure As 802.11b
INO_Fiend writes: "SF Gate is running a story about how at both Denver and San Jose Int'l American Airlines has been using unencrypted wireless to connect the curb check-in with the rest of their networks. They tested this by grabbing a laptop and hanging around the airport. I guess I might finally have something to do with a laptop and a WiFi card the next time I fly..."
I guess I might finally have something to do with a laptop and a WiFi card the next time I fly...
I'm sure you are breaking a large number of laws. If not, I'm sure some bills will be sponsored in your name!
Please kids, don't try this. Messing with aircraft [anything] is a big no-no. Someone was on local TV once complaining about the airport noise level. This hillbilly said that he would shoot at a plane if the didn't stop going over his house. Stupid, stupid man. He was arrested and even served 3 days.
Reminds me of this Gallagher joke: Why don't they just give the homes by the airport to deaf people?
Get your Unix fortune now!
Actually, my sister is in that line of work. When you call it unskilled labour, she gets very aloof and explains that, since the job requires training, that it is not unskilled. Then I must inform her that training is given at McDonald's to flip burgers. Anyway, her pay is now $24/hour after working there yor 2 months.
They seem to think paying people a higher wage will cause spontaneous generation of competence...
Check this out: you can't even think of bringing a pair of nail-clippers on an airplane, but that little guy who vacuums the plane between flights isn't even checked for knives, guns, explosive shoes...
Yeah, right.
No, they aren't. Airlines haven't invested in X-Ray machines for checked baggage, and where they have, they mostly haven't put them into use due to the "prohibitive" costs of hiring and training personnel qualified to operate them.
The new airport security measures are a sad Dostoyevskian joke.
It is your kind of attitude that is responsible for the security holes that allow terrorist attacks in the first place. Airlines and airports must fix these problems preemptively. Apparently, they are unwilling to pay what that costs in this competitive market. It takes a big bang or public relations disaster to have them act decisively. If the people who found this problem just spoken to someone "in charge", nothing would have happened.
The temptation to haul anybody in on federal charges who does something that might be suspicious is unacceptable. We live in a free society, and lots of people will do things that are harmless but that my strike someone as suspicious. As in other areas of security, it's foolish to assume that the bad guys will have less knowledge than the general public, and it's foolish to assume that the bad guys won't have the resources to find the security problems easily and with low risk of detection. If you arrest everybody who appears to be trying to discover holes in your security systems, you'll mostly end up arresting harmless and you give police the tools to arrest anybody at their discretion; just about any activity can be construed to be suspicious. That's called a police state. Maybe that's where you want to live, but I don't. As far as security is concerned, the "get-tough" approach is a cop-out for companies that don't want to pay the money necessary for doing security right. It gives the appearance of security without delivering actual security.
Companies that have such security holes should get stiff fines, retroactively and for as long as the security holes persist. That's the only way to force them to invest the money up-front necessary to make their systems secure. And if that isn't sufficient, there needs to be federal regulations specifying rules and requirements for things like networking, screener training and salary, etc. People who discover security holes should be left alone (unless they try to take advdantage of them to do something illegal, of course).
Since various airlines have been notified about
/. and I would not want to trust MY family's safety to
this and have done nothing so far, I would propose the following:
Have a computer savy individual hook up with a reporter.
Have them go to the airport together and sniff the net.
Capture a bunch of data, go back to the office, and write an article about it.
I bet something would be done about it then.
I would involve a reporter so they have a tougher time portraying you as a terrorist or criminal.
Someone sitting at the coffee shop working on their laptop would not look out of place.
Perhaps people would argue that you are alerting terrorists to this possibility.
But, it is already posted here on
"security by obscurity".
"We can't solve problems by using the same kind of thinking we used when we created them." -- Albert Einstein
How bout this scenario: A terrorist checks a bag with a bomb within. Then uses the vulnerability to delete the log that he checked it. Since a number of airlines haven't invested in xrays and there might still be some holes in the check-in system, it gets through and there is no log of which bag actually contained the plane.
_______________________________
"I'm not Conceited...I'm just a realist..."
Get a grip. A cornerstone of our criminal justice system is that "criminal" acts require an overt act known to be criminal, or at least reasonably expected to be so.
What this means, in practice, is that every door into an airport is clearly marked. It's not a crime to walk through an unmarked door. Walking past a door clearly marked "authorized personnel only" is a different matter.
Now look at this "problem." Computers with wireless LAN cards will automatically try to establish a connection... and these airports are offering these connections complete with DHCP and DNS services. They know that this will happen automatically whenever the owner turns on the computer, yet they've taken no action to restrict access to their system or warn travellers to avoid using their computers.
Yet you want to send the police to arrest these travelers for felonies - attempts to interfere with airport operations - for doing nothing that isn't routine in countless other places.
Worse, as some other posters have pointed out these networks can often be accessed from outside of the main terminal. A business traveler may innocently turn on his laptop in his hotel room and inadvertently connect to the airport network - and it's *his* fault for failing to anticipate this problem?
If somebody is there and clearly trying to compromise the system, throw the book at them. But if an airport just has lax security, direct your anger at the airport/airlines, not the innocent travelers.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
Hell If I was in charge of Airport security, after seeing this I would set up a honeypot and get ahold of a 200 dollar rdf and start nabbing anyone that tried this, thow em up on federal charges .
So, let me get this straight... If you were in charge, then instead of fixing the holes, you would concentrate on throwing people in federal prison, for being bright enough to notice and point out the security flaws you had failed to notice. Good plan. Don't let anyone question your security.
In fact, this story was a good way to highlight the problem in a prominent enough way to actually get something done about it. If we threw these people in jail then nothing would be done and the security hole would remain !
--