Identity Theft From Tossed Airline Boarding Pass?

crush writes "The Guardian newspaper has a great story about how the gathering of information for 'anti-terrorist' passenger screening databases allowed a reporter and security guru Adam Laurie to lay the groundwork for stealing the identity of a business traveller by using his discarded boarding-pass stub." From the article: "We logged on to the BA website, bought a ticket in Broer's name and then, using the frequent flyer number on his boarding pass stub, without typing in a password, were given full access to all his personal details - including his passport number, the date it expired, his nationality (he is Dutch, living in the UK) and his date of birth. The system even allowed us to change the information."

Boycott

[The+Snowman]

Ever since 9/11, I refuse to travel by air. Not because of the scary terrorists, but because of my scary government. While the article talks about a UK program with bad security, the author is clear that this is all because of pressure from the United States.

I sent an email to the TSA a while ago telling them that I despise their spying programs and I am boycotting the airline industry. I don't want to be treated like a second-class citizen, spyed on, and my rights violated. Sure, the majority of airline passengers don't have a problem, but there are a significant quantity that do hit security snags on a daily basis. What has this increased illusion of security bought us? Pork. We haven't caught terrorists because of spending on ineffective security programs. Each alleged terrorist since 9/11 was caught because of people. People who thought something was wrong -- the shoe bomber who had trouble with his bomb, and passengers and flight attendants handled the situation. Not computers, not databases. People.

As far as I'm concerned, the airline industry can rot in hell for giving in to government pressure. They know these security programs do nothing more than waste money on pork and make certain politicians feel smug, earning brownie points with their constituents. Until the government gets a clue, I will not fly. If the airlines suffer, so be it. Money is what drives this country. Maybe when the government realizes that the airlines aren't making money, someone, somewhere, will get a clue and start implementing good security that does not violate our privacy.

Re:Boycott

[MyLongNickName]

Wow. Dutch citiczen. UK government. Still US's fault.

No, I am not a fan on the war on freedom^H^H^H^H^H^H^Hterrorism. But get over it. Both countries are capable of putting together a more secure system. Quit blaming the US for all the world's problems.

This assumes the guardian is reporting a true story. They have been know to be free with the truth.

Re:Boycott

[Whiney+Mac+Fanboy]

Wow. Dutch citiczen. UK government. Still US's fault.

Maybe you should have read the article before commenting:

[the boarding pass] would also serve as the perfect tool for demonstrating the chaotic collection, storage and security of personal information gathered as a result of America's near-fanatical desire to collect data on travellers flying to the US....

Re:Boycott

[MyLongNickName]

Maybe you shouldn't automatically suck down everything a news article tells you. I did RTFA. However, the US is allowed to make lawas about who can come into their country. Other countries have to respect those rules. If those countries choose to allow insecure systems like this to come into place, then that is THEIR problem, not ours.

Our problem is that we have elected people who put moronic rules into place.

Re:Boycott

[chiskop]

This assumes the guardian is reporting a true story. They have been know to be free with the truth.

Reference, please.

Re:Boycott

[Jedi+Alec]

However, the US is allowed to make lawas about who can come into their country.

Indeed they are. Good thing the rest of us are allowed to take a hint and decide we're not welcome. Guess we'll just go somewhere else with our business.

Re:Boycott

[mgblst]

I flew from Sydney to Vancouver, and the plane happened to stop in Honolulu for refueling. Since Honolulu is in the US, every single person had to get off the plane, have their picture taken, and be finger printed. Then we all got back on, and flew the rest of the way to Canada. It took 2 hours, for nothing. Nobody was staying in Honolulu, we only wanted some fuel. Thanks US.

And surprisingly, they didn't catch any terrorists that day, either.

Re:Boycott

[azhrei_fje]

They know these security programs do nothing more than waste money on pork and make certain politicians feel smug, earning brownie points with their constituents.

This is right on.

The next time you visit an airport, ask yourself what would happen if a terrorist didn't wait until they got all the way to the metal detectors and X-ray machines before detonating an explosive device. As a business traveler, I've logged a million miles on one airline and hundreds of thousands on other airlines. Any idiot who wanted to wreak havoc could tell that the place to detonate such a device would be while standing in front of the security machines: you'd take out a bunch of people and render that section of the airport unusable.

So what do you do to fix it? Obvious: move the screening center further up. (And before you hit Reply, I know that wouldn't work. I'm j/k.)

I'm not posting as an AC. Maybe that's risky -- we all know that the U.S. government snoops on its citizens -- and I really can't afford to defend myself against the likes of Gonzales. But I can trust in my country's Constitution and hope that those in power won't abuse it. (That's naive. But maybe with enough press coverage I wouldn't get shafted too bad.) But without open discussion that provokes thoughtful responses, how will anything get any better?

Re:Boycott

[DavidTC]

That's not why the rules are in place, that's why the rules are claimed to be in place.

The rules are actually in place for two different reasons:

One, because security theatre is the sole thing our current Administration has ever been efficent at. The actual stopping of threats, or responding to disasters after the fact, or acting in the political stage to put pressure on said threats, it doesn't quite understand that yet. Nor does it, apparently, understand how to invade a county.(1) But it sure has 'running around looking like it's doing something' down pat.

The UK, sad to say, appears to be one of the few countries to actually either fall for this, or be willing to play along. (I don't know UK politics well enough to know which.) I've lost almost as much respect for the UK as for the US for putting up with their government.

Two, because the airline industry is a confusopoly, and hence is threatened by the large amount of information available online. If this keeps up, it won't be able to sell some tickets for six times as much as other tickets in the same class on the same flight. A large part of fighting this is assuring that tickets cannot be resold under any circumstances, which is what many of these 'security' measures are designed to prevent.

1) I say 'apparently' because, hey, I don't either. But, then again, I haven't tried to invade two of them, and I'm not gearing up to do it a third time.

Re:Boycott

[Moofie]

"The laws were put into effect to keep those who would like to destroy our freedoms out."

Nonsense. This will do nothing to prevent terrorism.

"it's about security."

No. It's about creating an illusion of security, to mask a power grab.

"it's a privilege, not a right."

You seem to think that the founding documents of the United States are a list of things humans are allowed to do. You need to read them again.

Re:Boycott

[smooth+wombat]

I'm so glad you said the same thing I've been saying for a long time re: someone wanting to do harm not waiting to get on the plane. The line of people waiting to get screened is just as viable a target as an entire plane.

Want to really cause panic in the air traffic system and probably get it shut down? Get you and four of your friends to do the same thing at five different airports at the same time on the same day. Say 12 noon eastern time the day before Thansksgiving.

If anyone from any three letter agency is going through an apoplectic fit because I just said this, get a clue. If this isn't in your contingency plans then what the hell are you doing with my money?

Re:Boycott

[Bill+Kilgore]

I fully expect that will be the next "terrorist" attack. Coordinated bombings of TSA checkpoints. It's a hilarious concept, until someone actually does it.

As others here have implied, TSA is for show. So the masses of sheeple "feel safe". It also provides the government with a great tool to build up the citizenry's tolerance for unconstitional searches, seizures, and assorted other indignities.

Shenanigans

[eldavojohn]

The system even allowed us to change the information....

That's right, (*snicker*) Broer is now a 38 year old pregnant mother of four from Belgrade with a passport that expired in 1983. Let's see how long it takes him to figure out he's the victim of identity mod!

I doubt "Mrs." Broer will ever throw away her airplane ticket stub again!

Halal == potential terrorist?

[Whiney+Mac+Fanboy]

"The problem is that if the system doesn't have a lot of information on you, or you have ordered a halal meal, or have a name similar to a known terrorist, or even if you are a foreigner, you'll most likely be flagged amber and held back to be asked for further details" [emph mine]

WTF? I didn't think the US did racial profiling - this is quite sad for Muslims (as well as people like me, who just order different 'special' [I like kosher] meals at random). Not only that, it's not going to help fight terrorists, just irritate the law-abiding.

Re:Halal == potential terrorist?

[AgentPaper]

To add insult to injury, if your name even remotely resembles the name of a known or suspected "evildoer," you get flagged. My entire family now suffers an extra 45 minutes of screening at the airport, every single time we fly, because my dad's name matches that of some IRA gunman who was last active in the early 80's. (Before you go thinking this might be a valid concern, consider that we're talking about an extremely common name. "John Murphy" isn't exactly "Zaccarias Moussaoui.") And of course, all this color-coded rigmarole does not make us one bit safer, just more vulnerable to the constant fear-mongering coming out of Washington.

Re:Halal == potential terrorist?

[Phisbut]

I didn't think the US did racial profiling - this is quite sad for Muslims

Sometimes it's not on purpose, they just freak out when they hear or see certain things... a guy over here started taking the required action to have his name legally changed a couple of years ago... his first name being Jihad, you can guess the reaction he gets in airports when they ask his name.

So yeah, some people are flagged just based on their name.

Re:Halal == potential terrorist?

[rograndom]

To add insult to injury, if your name even remotely resembles the name of a known or suspected "evildoer," you get flagged. My entire family now suffers an extra 45 minutes of screening at the airport, every single time we fly, because my dad's name matches that of some IRA gunman who was last active in the early 80's. (Before you go thinking this might be a valid concern, consider that we're talking about an extremely common name. "John Murphy" isn't exactly "Zaccarias Moussaoui.") And of course, all this color-coded rigmarole does not make us one bit safer, just more vulnerable to the constant fear-mongering coming out of Washington.

Try having your father include his middle initial and/or name when ordering plane tickets next time. I used to have the same problem, it because a running joke between myself and my girlfriend, who has a foreign issued passport from an "axis of evil" country which doesn't match her green card due to marriage, yet she goes through with out a second glance while I get my shoes taken away for closer inspection and patted down three times on my way to the gate. Finally, after being told that I had to leave the airport and comeback in through security after I missed a connection due to flight delays I asked about how to get my damn name off the list. The ticket lady said that it probably wouldn't happen since I had a very common name, but if I started using my middle initial that wouldn't raise any flags. And sure enough, it works. I just breeze through security now. Of course the last trip I took they raised the terror alert level after I was in the air and there was more security when we landed, obviously because I was able to slip by security, so homeland security provided more amusement to my girlfriend.

Re:Halal == potential terrorist?

[DavidTC]

I challenge this Administration to a contest. Random fake guns, made of the same material as real guns but without any insides, and painted bright orange, will be sold in stores. As will fake knifes, colored the same.

Anyone can buy them, and the government is not allowed to track who does.

Now, we have a contest. At any point in any flight, these items can be handed over to the airplane staff, or dropped in one-way boxes in the bathrooms.

To make it somewhat realistic, penalty-wise, anyone caught smuggling one on the plane before the plane takes off will miss the flight, and have to spend a day in a holding cell at the airport. It won't be 'illegal', and it won't go on their record at all. It's like being dead in paintball. We got you, terrorist!

All collected guns and knifes are counted, and the weekly collection numbers must be reported.

We'll see how good airline security is then.

BA could be liable for damages...

[The+Dodger]

..under the UK's Data Protection Act. See http://www.dataprotection.gov.uk/ for details...

Re:BA could be liable for damages...

[blowdart]

Not really, the circumstances in which you can claim are pretty limited (media summary);

The right to compensation

An individual can claim compensation from a data controller for damage and distress caused by any breach of the act. Compensation for distress alone can only be claimed in limited circumstances.

You, of course, must be able to demonstrate and document the damage and distress too.

No piece of paper is safe

[Billosaur]

From the artice: Using this information and surfing publicly available databases, we were able - within 15 minutes - to find out where Broer lived, who lived there with him, where he worked, which universities he had attended and even how much his house was worth when he bought it two years ago. (This was particularly easy given his unusual name, but it would have been possible even if his name had been John Smith. We now had his date of birth and passport number, so we would have known exactly which John Smith.)

Laurie was anything but smug.

"This is terrible," he said. "It just shows what happens when governments begin demanding more and more of our personal information and then entrust it to companies simply not geared up for collecting or securing it as it gets shared around more and more people. It doesn't enhance our security; it undermines it.

Anything that has even one piece of critical information on it (name, address, account numer of any sort, etc.) is vulnerable. That's why my shredder works overtime. I don't throw boarding passes away; I have quite a collection of them from my trips to Europe and the ones I don't want get consigned to the shredder. You can't take for granted that once you toss away a piece of paper, it will be on its way to the landfill soon enough. Trash may sit unattended for hours, even at a busy airport, and is a ripe picking ground. Mind you, I think airport security might look at you funny if you were poking around in all the trash cans, but you never know.

Modern Living Lesson One: Shred Everything

[digitaldc]

I even shred my scratch pad, sticky notes and code written on napkins.

Anyone ever heard of a

[dedeman]

Shredder? I really don't know if this is common knowledge/thought/attitude, but keep everything with your name and and identifying number on it until you have access to a shredder.

Shred anything with more then one piece of identifying information on it. Examples: Name and address (junk mail), Name andSSN (should know this by now), Name and phone# (yeah, it's in phone book, but don't let it float around). There are tons of combinations. I'd go so far as to shred directions from and to a destination, or even ATM receipts.

You'd be suprised how much seemingly worthless information can be compiled to gain terrific insight into people.

At the expense of sounding paranoid, I even shred my baggage check tickets (Name+flight#+someID#).

Re:Anyone ever heard of a

[Chris+Pimlott]

You know, you can enjoy an interesting, enriching life and shred your ATM receipts.

Passport Required!!!!

[hughk]

I am curious as to how the person got so far through the BA website without a password or PIN. Last time I looked, you needed this. Perhaps Mr Broer hadn't registered one. Otherwise did they compromise BA's website?

The important thing is that you will not be allowed on an international flight without showing a valid passport. BA boarding procedures mandate a check of the passport against the ticket at the gate. This is kind of necessary now that outbound passengers from the UK are very rarely checked by immigration. True, an airline is unlikely to even have a UV light let alone a scanner there so it may be possible to get through with a forged passport.

Re:Passport Required!!!!

[Catullus]

The article states that they informed BA about the security hole in March, and BA fixed their website, so that may explain what you noticed.

Re:Passport Required!!!!

[Mark+Hood]

It's not about getting on to a flight with false ID, it's about getting identifying information from nothing more than a boarding pass.

As I understand it, the chain of events is this...

If you're a member of the BA loyalty club, you didn't used to have to go through the web site... probably still don't have to.

You could sign up by one of the handouts at airports, get your card and give the number (along with all the stuff the USA wants) to your travel agent, and never visit BA's website.

BA print the loyalty card number on your boarding pass, each time you check in.

So they took a discarded boarding pass stub, with the name and number on it, went to the BA site and said 'sign me up for online check in' - provided the identifying details and pretended to be him (incidentally buying a ticket with his name on). This should not have been possible without, say, confirming his address, or some other security measure. This is the 'hole' in BA's security that the article says is now fixed. From memory (and I am a little hazy on the details) when I signed up online they populated all the fields they could with the information from my loyalty card record.

I know this is the case, because I got a card without signing up online, many years ago - and then went to tie that number to an online account.

Once they were online, they could see all the stuff he'd previously told BA - address, passport number, etc - from there, they went to get his house price, phone number and a lot more information.

The moral of the story is (as many have said) - if it's information you wouldn't print on a t-shirt or tell a random stranger, don't throw it away.

Mark

Real ID act

[guisar]

Yesterday I was stopped by a cop in the Concord, MA national park because the muffler on my old vw bus was a bit loud. I handed him my Vermont driver's license, which is a bit of paper with no SSN, only a coded address and no photo. His response- "What's this". "My driver's license" I replied. "Well how do they hope to stop terrorists with this?"

Being an opponent of the current craze for every more comprehensive and intrusive IDs and ID checks here in the US, I hope some proponents of the Real ID act will pay heed to unintended consequences of this absurdity.

Re:Real ID act

[CortoMaltese]

A friend told me she'd tried to buy some beer at a liquor store, and when asked for an ID, she'd used her passport. "Don't you have a driver's license?" the person behind the counter had asked, "Anyone can get a passport." So I guess the driver's license is the "real" ID in the US...

Re:Real ID act

[More+Trouble]

"Well how do they hope to stop terrorists with this?"

So paper is not sufficient to stop terrorists. But if it's laminated...!

:w

Run that one by me again.

[Don_dumb]

As far as I'm concerned, the airline industry can rot in hell for giving in to government pressure.

Correct me if I am wrong, but didn't the 9/11 bombers use US internal airlines because the security was so poor? A situation caused by the airline companies not agreeing to previous government calls for tighter security due to concerns that people might be put off flying.

I dont like all the pointless security either but some of it is defintely neccessary, and that wasn't the case on US internal airlines pre-September 2001. And anyway people need to see security at airports/on planes, in order to allievate fear of flying, which many people had after 9/11 and which would of course impact on the number of passengers.

Re:Run that one by me again.

[The+Snowman]

Correct me if I am wrong, but didn't the 9/11 bombers use US internal airlines because the security was so poor?

By internal I take it you mean using U.S. airlines to attack the U.S. Duh? This place isn't like Europe with a bunch of little countries next to each other. If they didn't use U.S. airlines taking off from U.S. airports, what would they have used?

Anyway, the problem wasn't security. The hijackers had clean records, were in this country legally, and had authentic identification. There was no way we would have caught them because they blended in so well with the surroundings. We (airlines, TSA, and regular people on those flights) had no suspicions.

The real fault was the FBI who was sitting on documented evidence of a plot, including some of the names. If they had connected the dots instead of being lazy, they would have had enough evidence to demand the FAA ground all airplanes that day while they went after the hijackers. Yes, we'd still have knee-jerk reactions to security, but at least the specific events of that day would not have happened. It would have been a success overall, because the system (law enforcement) would have worked.

Re:Run that one by me again.

[AGMW]

Could you please elaborate on which parts are necessary and which parts aren't if, as you claim, the security is pointless.

I'd suggest that if someone really wanted to hijack another plane in the US, or wherever, it would still be possible, even with the extra security. A number of scenarios spring to mind, but forgive me if I don't suggest them out loud! You're all clever people and I don't doubt for a second you could all come up with a number of feasible plans. The current security might make some of them fail, but if you kept trying (ie the scumbags who send out the suicide jockeys "keep trying"!) you will inevitably succeed.

So, if it is still possible, the extra security is perhaps pointless. I'd suggest a level of security that makes it "difficult" for potential bad guys, but doesn't piss off the general public too much.

I'd say the biggest problem any hijacker would have now is the bit where they stand up and say "do as you are told and you won't get hurt". Since the World Trade Center was hit, there aren't many passengers who are going to calmly sit back and let anyone hijack a 'plane, and probably even fewer crew. This could be the lasting legacy of the 9/11 bombers - they made hijacking a plane more difficult, because the passengers and crew are unlikely to give up so easily!

So security just has to make it difficult to get "serious" weapons on the plane, and let the passengers and crew do the rest!

Security scans

[RafaelGCPP]

On 2004 I travelled a lot to USA.

This don't seem to be much, but I was "selected" for manual scanning of my handbag in almost every USA airport.

Common sense and good diplomatics told me to accept that and never question authorities when you are a foreign citizen, but on the last scan, at MIA airport, though I created the guts to ask the nice TSA security agent why I was being scanned over and over. The answer shocked me: "It is all that electronics you carry. Makes very difficult to see what you have". I always carried my cellphone, myPDA, my digital camera and my CD player with me, on the same bag, and it really looked a mess.

The funny thing: I felt safer, because they were really looking at the x-ray. The only time I got stopped by airport security where I live, was because I told the guys my cellphone never made those portals beep... THAT DAY, it beeped!!!

And you don't know half of the absurdity of it!

First about the BP stubs. Info on the BP stubs, is in plain sight for the TRAVELER information. If the traveller then drop it it is a stupidity concern, not a security concern. For example, Would you throw out a bank receipt with your account sold, bank account, bank name, signature and all the tralala out ? This is the same problem here.

Now the fact they could buy a document in the name of the pax on an unsecurised web site IS a concern.

As for APIS, having worked on the implementation on a main frame for a big airline, we used to joke a LOT about US version of security.

Pay Cash ? You automatically get flagged as suspectful. Pay with CC ? This is seen as OK. Be a frequent traveller ? You are automatically flagged as safe. Take only a one way ticket ? Be preparred for the "glove" search... Knowing the rule it would be blantantly easy to bypass this check (take a round trip, on a frequent flyer, using a CC, do it 10 times, then afterward you are a "safe" traveller...). We always laughed at the stupidity of that. I left shortly afterward so I dunno if the US kept that security concept today.

That story scares me.

[Don_dumb]

I have to admit I am shocked, I didin't think they had any right to do so.

I thought that runways were a kind-of international territory? Thereby allowing people to get transferring flights without going through passport control (which acts as the the offical border) and be a passenger on a plane that refuels without getting visas for the land in which they are only sitting on a runway. Does the US government really have the right to do this? I mean they couldn't stop a plane flying from Canada to Mexico because the people inside dont have entry visas for the US or havent taken US mandated security procedures, could they?

Re:That story scares me.

[aonaran]

You don't need US visas to overfly US airspace.

Slight amendment...

You CURRENTLY don't need US visas to overfly US airspace. ...there's no telling what the policy will be next week though.

Re:That story scares me.

[innot]

No, an airport is national territory. And by convention an airplane becomes part of the national territory the moments the doors open (with doors closed different regulations apply (Warsaw Convention, Montreal Convention))

Most International Airports have designated transit area for passengers transiting a country to save them from the hassle of immigration and emigration - Except for the US, where most international airports do not have real transit areas, thus requiring all transiting passengers to enter the US and leave it a few minutes later (wasting 2-3 hours for the whole process, no to mention the humiliating finger-printing and picture taking)

It seems to me, that the US officals think that everyone setting foot on US soil only wants to enter the country (as a potential terrorist).

I work at an airline and we used to have flights to the US with continuing services to other destinations in middle america and the caribbean.
We had to stop this because of the enourmous hassles our transit passengers had to endure on transit (including sometimes refusal of transit). We now go via Havanna, which has its own problems, but at least the passengers have no problems on the transit.

Shouldn't come as a surprise

[slusich]

The fact that the information was on the stub and was easily retreivable shouldn't come as a surprise to anyone. Companies are way too free with where they put such information. Companies need to be held accountable for such things. Casinos actually do things the right way in this case. Loyalty cards and cash out tickets are usually encoded only with an ID number and no more. PINs, address information and such are almost never included.

Dumbest thing I've ever read

[terjeber]

the author is clear that this is all because of pressure from the United States.

I am a Norwegian, and I am saddened by the new religion that has Europe in it's grips. There are various sects in this religion, but they all have one thing in common, the big "Satan" is the US of effing A. Anything bad that goes on in the world is the fault of the US. This article, and the response to it, is an example of how fanatics suffering from this religion think.

The system they hacked was the BA frequent flyer system. This system has nothing to do with passenger security or US national security. This is a convenience system made so that BA passengers easily can buy tickets, earn miles, buy upgrades etc. This system shouldn't have information such as the passport number. The fact that it does is an internal matter for BA and has absolutely nothing to do with the USA.

I travel a lot for business and I am a member of most of the frequent flyer systems in Europe and the US, but not BA since I am already a member of one of their co-shares. None of the airlines have my passport number stored on the frequent flyer site. Not one of them.

This is an internal BA problem, BA should never have had the passport number stored on the FF site, they should never allow this to be accessed without a password etc.

Blaming the US for this is ridiculous in the extreme. The US has nothing to do with how an airline designs its Frequent Flyer website, and no, the US does not require that your passport number of other personal information is stored on the FF site or anywhere else for that matter. They only require the information be sent before you board the plane.

Sadly, the new European religion requires full frontal lobotomy prior to joining, something that has not reduced the number of Europeans who sign on.

Re:Dumbest thing I've ever read

[terjeber]

But the information wouldn't be there in the first place if it wasn't for the US.

Rubbish! You are clearly not reading what the article states. The US doesn't require that BA stores the passport number on the Frequent Flyer site. In fact, the US doesn't require that BA stores the information anywhere as long as they ship it to the US before you board the plane, in other words, they could have you supply the information when you buy the ticket, ship it accross, and promptly remove it.

The only reason BA had the passport number on their Frequent Flyer site is so that they could make it convenient for the traveller. The US doesn't require this, and if you ask anyone in the US government, they would probably strongly recommend against it. Having your identification number accessible through a website, in any manner, is a huge security issue.

This is BA messing up, not thinking about what they should and should not store on their Frequent Flyer website, and completely making an arse out of them selves by allowing access to this information with no password.

This problem is not related to the US government at all, in any way, except inside the head of a lobotomized journalist.

Shredders arn't that great

[hey]

If I was looking for sensitive info on a street on garbage day I'd look for the shredded stuff. Also, of course, you can put it back together.

Shredder

[pkluss]

I haven't seen him in forever. All he does is hang out with Krang in Dimension X anymore...

I call bullshit

[corbettw]

This whole article sounds like complete and utter bullshit.

First, the writer said he logged into BA's site, using only the supposed victim's frequent flyer number. But if you go to http://www.britishairways.com/travel/home/public/e n_gb and look on the right side of the screen, you'll see you need a password along with your ID to access the site. So either 1) the person had no password (doubtful, most sites won't permit a blank password), or 2) he's lying. I'll go with #2 and assume he's lying. Since he's lying about how he got the information, it can be safely assume he made up everything else in the article.

As for the rest of the article, it might be accurate, but somehow I doubt that. The whole thing just utterly fails to pass the smell-o-scope test, pegging right between 'horse manure' and 'grade A Kentucky bullshit'.

Re:I call bullshit

[ISoldMyLowIdOnEbay]

From TFA

"BA has now closed its security loophole after being contacted by the Guardian in March"

So I wouldn't expect it to work now...

Re:I call bullshit

[rfunches]

Okay, I'll bite.

From TFA, the guy is a business traveller. Now look what happens if you "need help" logging in to BA's website:

As a member of the British Airways Executive Club, On Business or as a registered customer with britishairways.com, you can now log in to manage your account and access our exclusive online services. You log in by entering your details in the boxes at the top right hand corner of the screen.

Login ID Your login ID is either your: > Executive Club membership number or > On Business membership number or > Username

PIN/Password When logging in with the following: > Executive Club membership number, use your 4-digit PIN or > On Business use your login id and password or > username, use your password

Executive Club members If you need a PIN or have forgotten your PIN, then please click here to apply for one >>

On Business members If you have forgotten your password or login id click here for more information >>

Forgotten your password? Enter your username in both the Login ID and the PIN/Password boxes to receive your password prompt.

From what I can tell, if the reporter is in fact not lying, if the "victim" was an Executive Club member, you need the following if you need a PIN, or have forgotten your PIN:

• Membership number
• First name
• Family/Last name

Hmm. This is printed on the boarding pass already. Oh, and if he's an On Business member, you only need the username to retrieve the password, and the website tells you that it's "2 characters 6 digits"; what's the chance of that being the membership number printed on the boarding pass?

I wouldn't call this complete and utter bullshit yet. There are reasonable explanations for how this was accomplished.

Re:What is halal?

[DavidTC]

Muslims just find it harder to find halal food than Jews finding kosker food, so 'fake it' more often. In reality, neither of them is 'acceptable' to the orthadox followers, in that they aren't certified as following the correct preparation. I know kosker is supposed to have a rabbi check out the process, and halal has much the same thing, although I forget the exact rule.

However, neither has pork, or shellfish, or a few other things. And hence if someone doesn't care about having their food 'certified', they just don't want to take a big bite of pork, the 'other' kind of food is fine.

And the GP is right, Jewish and Arab traditions are very very close in many ways, because they originally were the same, and because they have always lived in the same part of the world. Any similarities between Islam and Judism is almost always because Islam was almost entirely an Arab religion at the start. I.e., Semitic to Arab to Muslim, and Semitic to Jewish people to Jewish religion.

Whereas Christianity wandered off to Europe, and the European 'pagan' people within 100 years, so sucked up all those traditions. While Islam and Judism are single religions that came out of the same sets of people, Christianity is almost that same thing, out of the same people, applied to an entirely different set of people.

Re:Shredders aren't that great

[santiago]

We hand the shredded paper to our pet rats to use as bedding. This imparts it with a certain ambience that discourages any further perusal, while simultaneously providing the little ones with nest-building fun.

But the wiping / gas chromatograph thing does...?

[igb]

I got my laptop bag wiped down at SFO a few years ago, and the little tissue popped into the machine to test for explosives. Either it's incredibly selective, or it's bullshit. My bag had been under the counter at the late lamented National Shooting Club on Duane while I shot ~200 rounds of 9mm and a box of .38 S&W. It had had spent cartridges falling on it. I'd been handling both live and spent ammunition. When I arrived at the airport I stank of firing ranges.

And yet the little wipe said all was well. Either it's sufficiently selective to spot the difference between propellant and explosives. Or it's nonsense.

ian