Slashdot Mirror

← Back to Stories (view on slashdot.org)

Airports As Secure As 802.11b

Posted by michael on from the free-upgrade-to-first-class dept.

INO_Fiend writes: "SF Gate is running a story about how at both Denver and San Jose Int'l American Airlines has been using unencrypted wireless to connect the curb check-in with the rest of their networks. They tested this by grabbing a laptop and hanging around the airport. I guess I might finally have something to do with a laptop and a WiFi card the next time I fly..."

4 of 137 comments (clear)

  1. Re:Airports Insecure ? by zzendpad · · Score: 5, Insightful

    Actually, my sister is in that line of work. When you call it unskilled labour, she gets very aloof and explains that, since the job requires training, that it is not unskilled. Then I must inform her that training is given at McDonald's to flip burgers. Anyway, her pay is now $24/hour after working there yor 2 months.

    They seem to think paying people a higher wage will cause spontaneous generation of competence...

  2. Re:Airport Security by Safety+Cap · · Score: 3, Insightful
    What ever happened to airport security?
    The same thing that was there all along. Ever since 9/11, the government has erected a security façade. Look behind it and you see cardboard and security through obscurity.

    Check this out: you can't even think of bringing a pair of nail-clippers on an airplane, but that little guy who vacuums the plane between flights isn't even checked for knives, guns, explosive shoes...

    --
    Yeah, right.
  3. your attitude is reponsible for security holes by markj02 · · Score: 3, Insightful
    For an airline, to leave their wirless network at the airport completely unprotected is grossly negligent. This is something that you don't need to "deliberately hack into"--my wireless card would connect to that network if I turned on my laptop near one of their base stations. What do you propose now? Arrest anybody who turns on their laptop in the airport?

    It is your kind of attitude that is responsible for the security holes that allow terrorist attacks in the first place. Airlines and airports must fix these problems preemptively. Apparently, they are unwilling to pay what that costs in this competitive market. It takes a big bang or public relations disaster to have them act decisively. If the people who found this problem just spoken to someone "in charge", nothing would have happened.

    The temptation to haul anybody in on federal charges who does something that might be suspicious is unacceptable. We live in a free society, and lots of people will do things that are harmless but that my strike someone as suspicious. As in other areas of security, it's foolish to assume that the bad guys will have less knowledge than the general public, and it's foolish to assume that the bad guys won't have the resources to find the security problems easily and with low risk of detection. If you arrest everybody who appears to be trying to discover holes in your security systems, you'll mostly end up arresting harmless and you give police the tools to arrest anybody at their discretion; just about any activity can be construed to be suspicious. That's called a police state. Maybe that's where you want to live, but I don't. As far as security is concerned, the "get-tough" approach is a cop-out for companies that don't want to pay the money necessary for doing security right. It gives the appearance of security without delivering actual security.

    Companies that have such security holes should get stiff fines, retroactively and for as long as the security holes persist. That's the only way to force them to invest the money up-front necessary to make their systems secure. And if that isn't sufficient, there needs to be federal regulations specifying rules and requirements for things like networking, screener training and salary, etc. People who discover security holes should be left alone (unless they try to take advdantage of them to do something illegal, of course).

  4. "Criminal" acts require intent by coyote-san · · Score: 3, Insightful

    Get a grip. A cornerstone of our criminal justice system is that "criminal" acts require an overt act known to be criminal, or at least reasonably expected to be so.

    What this means, in practice, is that every door into an airport is clearly marked. It's not a crime to walk through an unmarked door. Walking past a door clearly marked "authorized personnel only" is a different matter.

    Now look at this "problem." Computers with wireless LAN cards will automatically try to establish a connection... and these airports are offering these connections complete with DHCP and DNS services. They know that this will happen automatically whenever the owner turns on the computer, yet they've taken no action to restrict access to their system or warn travellers to avoid using their computers.

    Yet you want to send the police to arrest these travelers for felonies - attempts to interfere with airport operations - for doing nothing that isn't routine in countless other places.

    Worse, as some other posters have pointed out these networks can often be accessed from outside of the main terminal. A business traveler may innocently turn on his laptop in his hotel room and inadvertently connect to the airport network - and it's *his* fault for failing to anticipate this problem?

    If somebody is there and clearly trying to compromise the system, throw the book at them. But if an airport just has lax security, direct your anger at the airport/airlines, not the innocent travelers.

    --
    For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken