Congressman Calls for Arrest of Security Researcher

Christopher Soghoian writes "Yesterday, I published a tool that allows you to Create your own boarding pass for Northwest flights. This was an attempt to document the fragile and broken state of identity/security for domestic flights in the US. Today, Congressman Markey (D-Mass) has called for my arrest." From the ABC article: "'I don't want to help terrorists or help bad guys do bad things on airplanes, but what we have now is what we in the industry call security theater. It's made to make you think you're secure without actually making you secure,' Soghoian said. 'As a member of the academic research community, I consider this to be a public service.' Soghoian admits that he hasn't actually tried to use one of the boarding passes yet."

Reminds me of an old southwest.com "HOST" bug

[thehossman]

Background: my last name starts with the letters "Host"

When southwest first started offering online checking, i discovered a small bug, when you got the the "Print your boarding pass" screen, with my name in all caps, the letters "HOST" were replaced with "southwest.com" ... so if your name was "Jim Hostenfeffer" it would appear on your boardingpass as "JIM southwest.comENFEFFER" ... I played with the site a little bit and found that it was a straight macro replacement bug of whatever domain name was used, so would say "JIM wWw.SOutHwesT.cOmENFEFFER" if that was the domain you typed into the URL bar.

The first time it happened i thought it was ammusing, I emailed their tech support, saved the HTML to a file and edited it so it had my name again and would match my ID when i checked in.

4 or 5 flights and at least 9 months later it was still happening and I spent a good 3 hours on the phone being transfered arround to different people trying ot get them to understand what the problem was and how fucking ridiculous it was that i had to constantly "hack" my boarding pass because of a bug they'd had for months.