Slashdot Mirror
Lax TSA Website Exposed Travelers' Information
sjbe sends in an old story with a poetic justice ending. Almost a year ago Chris Soghoian blogged about multiple security holes exposing visitors to a TSA site to possible identity theft. Wired and others picked up the story and the TSA took down the insecure site and fixed the problems. On Friday the US House of Representatives Committee on Oversight and Government Reform released a report (PDF; HTML summary) finding that the TSA contractor, Desyne Web Services, had received a no-bid contract for the faulty site from a former employee who was then a TSA project manager. TSA has taken no action to sanction the responsible parties for the vulnerabilities. The poetic justice is that Soghoian had been investigated for 6 months by the FBI and TSA because he pointed out a vulnerability in the US air transport system; no charges were ever filed.
Lax TSA Website Exposed Travelers' Information
"Lax" describes it pretty well.
The higher the technology, the sharper that two-edged sword.
Of why DHS is out front and pulling away in the "Scariest Agency" poll.
No folly is more costly than the folly of intolerant idealism. - Winston Churchill
Why do we keep penalizing those individuals who have the fortitude to stand up and point out security issues, and then let those responsible for said flaws get away clean? Sounds like a decidedly bass-ackward approach to me, designed more to prevent public awareness of corporate and governmental malfeasance than anything else.
Nobody wants their dirty laundry aired, I understand, but attacking people that expose such egregious errors does nothing to improve matters. I mean, if I say publicly that "your Web site has x security flaws in it" and it turns out I'm lying, fine, sue me for libel or slander or whatever else. Or better yet, just ignore me. But if I make you aware of a serious problem and you do nothing but try to intimidate me into silence, you're obviously trying to cover your ass, and should be fired for incompetence.
The higher the technology, the sharper that two-edged sword.
this phrase, I don't think it means what you think it does
Even as we are faced with incident after incident of our government failing to safeguard information, we do nothing as they collect more of it claiming they can be trusted to safeguard it.
Real ID is going to be a nightmare.
Patriot - A fan of expanding government power and spending while not wanting to pay higher taxes.
I do not think those words mean what you think they mean.
Real ID is going to be a nightmare.
... we may be in for the long haul.
If that's what it takes. Remember the FBI under Hoover? Did all kinds of abusive stuff, until it finally reached the point where Congress had to rein them in and enact strict controls on their behavior, mainly because Congress itself was threatened by Hoover's activities. Hell, the bastard had dirt on all of them. However, many of those restrictions on law enforcement were undone with the Patriot Act, CALEA and other poorly-designed laws designed to strip civil liberties from us. I have the feeling that we're going to have to suffer through yet another cycle of government abuse (worse this time) until the pendulum swings back and some controls get put back in place.
If we're that lucky. I have my doubts about this go 'round
The higher the technology, the sharper that two-edged sword.
The poetic justice is not that Soghoian (who exposed the vulnerability) was investigated by the FBI and TSA, but rather the exact opposite, that having been investigated by the FBI/TSA he was vindicated by the scathing congressional report agreeing with him. At least that's an accurate summary, although still a bit illogical since the FBI investigation was for a different issue altogether - him blogging about how to create fake boarding passes which doesn't seem the smartest thing to do if you are really concerned about security.
"Lax TSA Website Exposed Travelers' Information"
*wolf whistle*
Hey look everybody! Naked information. Woo Hoo!
That's the last time I fly through Los Angeles then.
There is simply too much glass..
Yet. Doesn't mean they can't be some time in the future. And this investigation...or scathing congressional report? What will come of it? Will fines be paid? Jail time served? I've seen very little come from "scathing congressional reports" in the past. Will this one be any different? I would think not. Will any of this bring about a demand for freedom of movement without undue harassment? Will we finally vote for politicians who mention the word "freedom" at all? All the numbers indicate otherwise.
Nixon's the one.
What?
So...he pointed out a vulnerability, ended up with the FBI on his ass for 6 months (with them probably keeping an eye on him for the rest of his life), and that's poetic justice?
You keep using those words. I don't think those words mean what you think they mean.
A couple of years ago I was in San Francisco. I needed to check my email and there was an open access point. After checking mail, I checked "My Network Places". Their ENTIRE network was a big file share and it was WIDE OPEN! This was a medical facility and there were hundreds of patient records right there. I got out of there as fast as I couod and never went near there again! With the "shoot the messinger" attitude out there these days, who in their right mind wants to be the messinger?
I think you *precisely* correct in referring to the whole system as a pendulum. And, as you said, it's swinging further each time. What I fear--and, honestly, look forward to--is when that pendulum begins to swing so wildly and out of control that the entire system tears itself apart. Anyone who believes deep down that we can fix this system without a revolution is living in a fantasy world. There will come a time in the very near future when our country will undergo an actual, honest-to-god revolution, possibly even a civil war. Hopefully what we get out of it will be better than we we went into it with.
Yeah, saying crap like that probably puts me on some watch list or another, but pretty soon, we'll *all* be on those lists, and then they'll start using those lists against us. And that's when the whole revolution starts.
The short version of this entire message is that our nation is beyond the point of no return. Of that I have absolutely no doubt.
-G
Their may be a grammatical error, misspeling, or evn a typo in this post.
This is just another instance on a lengthy list of government funded projects that have completely inadequate security for the information they contain. Just the other day I was browsing through images on Google image search when I stumbled upon this gem: http://www.ticic.state.tn.us/sorsql?sql=sp_SOR_IMAGE+'SO001290' See that bit at the end? Any /. user worth his salt recognizes that as a SQL stored procedure at the end of that URL. What happens when you pass it a select statement to display all the table names in the database?
http://www.ticic.state.tn.us/sorsql?sql=select%20TABLE_NAME%20%2B%20'|'%20from%20information_schema.tables
It helpfully gives them to you. What about some interesting information? How about the first and last name of every sex offender in the state of Tennessee?
http://www.ticic.state.tn.us/sorsql?sql=select%20'%5B'%2BFirstName%2B'|'%2bLastName%2B']'%20from%20SOR_Internet
And we trust our personal and financial information to these people?
Does anyone know a phone number, an office, etc that we can call to complain about the TSA?
Why did the terrorists succeed on September 11, 2001? Conventional wisdom says the terrorists exploited a weakness in airport security by smuggling aboard box-cutters. What they actually exploited was a weakness in our mindset -- Crews were for years trained in the concept of "passive resistance." Everyone acted calm, and the crisis resolved with no loss of life. All of that changed when the first plane hit the north tower. What weapons the 19 men possessed mattered little, but it would never work again: Anyone pulling out a box cuter today would be dragged down by passengers.
Yet today the DHS and TSA are still focused on the box cuters. Patrick Smith of the New York Times points out just how pointless the TSA searches have become. Why for example do they confiscate tubes of toothpaste or shampoo bottles potentially containing explosive materials, only to throw them out in the trash unchecked? Why do cleaners and garbage workers handle these supposedly dangerous contraband unprotected? The ban on fluids itself flies in the face of scientific opinion: "The notion that deadly explosives can be cooked up in an airplane lavatory is pure fiction."
http://jetlagged.blogs.nytimes.com/2007/12/28/the-airport-security-follies/index.html
The generation which experienced stuff like that is rapidly passing into senility or worse.
When information is power, privacy is freedom.
If we have a true revolution, you should be hoping you'll be lucky enough to live through it. Be careful what you wish for. There really could be worse governments than the U.S. led by Republicans. If you doubt me, just ask anyone who grew up as a subject under Stalin.
I think you *precisely* correct in referring to the whole system as a pendulum.
As an engineer, upon further reflection I think that a more apt description would be "running open loop". If you look at the U.S. Constitution, you'll realize that the so-called "checks-and-balances" put in place by the Founders, indeed the underpinnings of our entire Republic, are nothing but a series of carefully crafted negative feedback loops. The intent of those mechanisms was, of course, to prevent the government from going too far in one direction. The most basic of those is the fact that we can elect our leaders: the governments actions are processed by the population and fed back to the input as votes. Another loop was the original tariff system. It is complicated, but it worked for a long, long time, and had our elected leaders not fiddled with it continuously, would still be working now.
The problem is that Congress, with its fundamental incompetence and endless quest for votes, has opened most of those loops and the proper amount of negative feedback is no longer being applied to the system inputs. In fact, there's generally no negative feedback whatsoever: it's all going the other way. That's placed us in a swell of uncontrolled positive feedback which will eventually reach the maximum tolerance of the system.
In electronic terms, that usually means your output is locked to within a few millivolts of your positive supply voltage. In civil terms, it means a revolution is about to start.
The higher the technology, the sharper that two-edged sword.
DHS and the TSA were never meant to actually prevent harm to any citizen, but rather as a transfer of power from the citizen to the government. In that context, the ineptitude, mismanagement, harassment, failures, and the 'kill the messenger' attitude, begin to make a kind of sense. Much as any despotic entity throughout history, exposure of any kind is met with intimidation or violence, and a monolithic facade is presented.
At least until control is absolute, then it no longer matters. Read the sig.
Power tends to corrupt, and absolute power corrupts absolutely.
Complain to your elected representatives with a short, politely worded letter. That's the most likely to get these practices stopped.
Privacy is myth!
All information is available SOMEWHERE.
The only thing new in this world is the history that you don't know.[Harry Truman]
Wow what a unique name, kinda like naming a site after a command prompt. oh.....
The problem is that Congress is so damned spineless to begin with. The REAL ID act was passed in 2005, not after any discussion, debate, or vote, but only because it was slipped into a major spending bill by some self-serving Republican coward from Wisconsin. There wasn't even an effort to nullify it once it was discovered that it had passed - EVEN AFTER 17 states and a majority of Americans have voiced their opposition to it. It's about time Congress did its job already.
that started an investigation on Soghoian. This is utterly stupid and a complete waste of the American Tax Payer's money. The agents who started the investigation are nothing more than perps. who deserve to be made a clear example by firing their arses and droping their pensions. Trust me, that will be heard VERY CLEARLY by other agents not to perform such stupid and arrogant abuse of power. It's that simple. Man oh man, do I wish I were their bosses or bosses' boss...
while i don't disagree that our government leadership is incompetent, i think that the blame isn't solely on politicians. we did at one point live in a free and democratic society. a large part of the blame therefor rests on the the public. we have developed a culture of apathy, and as such no revolution could ever take place.
the reason for public apathy is two folds. firstly, the bipartisan system that our democracy has evolved into is inherently broken. but more importantly the 4th estate has failed to uphold its duty to the public. the reason why freedom of press is so important to a free society is because the press plays a crucial role in the democratic process. democracy only works when the citizenry is well informed and educated. and when the press neglects its duty to report government/political corruption, voters can not make informed votes to provide the negative feedback you mentioned.
so unless the nature of our press changes fundamentally, i don't see any desperately needed widespread reforms taking place. perhaps the internet is the key. i don't know. but maybe one day we'll see direct participatory democracy being realized in the U.S. with the advent of the the internet and the information age, perhaps government records could be placed directly online so that the public can stay informed about government without the press. likewise, with internet access being near ubiquitous today, i don't see why we even need legislative representatives to pass legislation and form public policy. why couldn't we just conduct mass referendums over the web and bypass congress altogether?
i mean, if poor illiterate Venezuelans can draft their own constitution via referendum, why can't Americans pass legislation the same way? with today's communications technology, we don't have logistical problems getting in the way of direct democracy.
Real ID is going to be a nightmare.
I think the opposite is true. This TSA site is needed at all because right now it's hard to prove that you're not on the list of bad guys. If you carry biometrically secure identification and have a unique identifier, that becomes much easier. A lot of the intrusions into our civil liberties and the lack of privacy are a result of not having good identifiers.
In any case, the private sector is already going this route anyway with identification like the Clear card.
Congress is doing its job already: Crating jobs and boosting the economy.
After all you and i don't pay the cost of re-election campaigning.
It is done by corporates, who will stand to benefit from Real ID act.
Imagine the cost of contracting out large quantities of safeboard, ink, printing presses, plastic, computer systems to maintain, training, emergency services (someone enters his hand into a press), laser printers, etc.
And now imagine how much employment is generated when these people are needed for above mentioned products.
Now, tell me, how is congress supposed to do its job? Shrinking the economy by pulling back Real ID?
The nuts at NH are clueless m0r0ns who don't even levy state income taxes and hence have bad roads.
The gods in WA and MA do levy income taxes heavily and hence provide better services to people.
-:)))
"Doing what i can, with what i have." ~ Burt Gummer
Of course officials will blame the guy pointing out their failures rather than fix them. The DHS is second in power only to the IRS to act outside of the 5th amendment.
My bet is anyone with a permutation of Chris Soghoian's name already has a 'SSSSS' on his boarding pass.
- - - Non Caffeine Drink or Drink Error
If that's what it takes. Remember the FBI under Hoover? Did all kinds of abusive stuff, until it finally reached the point where Congress had to rein them in and enact strict controls on their behavior, mainly because Congress itself was threatened by Hoover's activities. Hell, the bastard had dirt on all of them. However, many of those restrictions on law enforcement were undone with the Patriot Act, CALEA and other poorly-designed laws designed to strip civil liberties from us. I have the feeling that we're going to have to suffer through yet another cycle of government abuse (worse this time) until the pendulum swings back and some controls get put back in place.
A very fundermental problem is the idea that increasing official power (and reducing "civil liberties") somehow increases security. Something which never appears to have actually happened in recorded history. Indeed it appears more likely that giving law enforcement too much power is that they are too busy harrassing innocent people to have much time for dealing with criminals. With a real risk of establishing a positive feedback loop. Especially since law enforcement always claims to need more power and the idea that reducing law enforcement powers might actually result in them doing a better job is just too radical for many people.
Yes. That's all I can say this this: yes.
-G
Their may be a grammatical error, misspeling, or evn a typo in this post.
I'm sorry, but the only valid response to this is: "What the FUCK?"
I'm sorry, since when did the existence of a worse system make this system okay? There is *always* a worse system. That does not justify this one. I don't want to be personal, but your statement is pitiful, apologetic garbage. I don't care who runs the US government. Republicans, Democrats, it doesn't matter. THEY ARE ALL OUT OF CONTROL.
I *do* want a revolution. It is absolutely necessary at this point. Yes, a lot of us may not live through it. But golly, have you ever read any history at all? There's not even any need to go abroad, as you touted out Stalin. Hell, look at our own nation's history! We became an independent nation because the current system was unacceptable. Do you think that our colonial status was the worst system in the world? I would hope not. And yet, still, it was necessary. Or how about the Civil War? Should we have stayed with the system of slavery that was in place, simply because there are worse possible systems out there? What's that you say? No? Well, holy shit...it's beginning to sound like sometimes, revolutions and civil wars are necessary, even if people *do* end up dead.
If you are afraid to fight for change simply because it might inconvenience you, you ABSOLUTELY DO NOT DESERVE ANYTHING BETTER. I would be PROUD to die for my beliefs rather than giving them up for convenience and comfort, and eventually being taken off to some shadowed, non-existent prison and executed for crimes I may or may not have committed.
This nation was founded on those willing to die for their beliefs, and you squander their good will with your passive, apologetic bullshit. You, sir, deserve exactly the treatment you get from this government, as well as whatever treatment they determine you need in the future.
-G
Their may be a grammatical error, misspeling, or evn a typo in this post.
Also, apparently I can't even form a coherent sentence today. That should have read: "That's all I can say to this: yes." If only there were some sort of "preview" functionality!
-G
Their may be a grammatical error, misspeling, or evn a typo in this post.
Congress is doing its job already: Crating jobs and boosting the economy. [boldface mine]
... boxing them up and shipping them overseas. How that is supposed to boost the United States' economy is a mystery to me. Conversely, it is readily apparent how all those jobs have boosted the respective economies of India and China.
Indeed. Congress is "crating" all of our jobs
The higher the technology, the sharper that two-edged sword.
According to Reaganomics, if the rich get richer, the poor *can* get richer too, provided the richer trickle down the money in the form of pennies to the guy begging outside.
Economics is a zero sum game. For me to win, you have to lose.
Crating jobs to india does not mean if the jobs were not crated would be available in USA. It is more likely the cost of living would have increased a lot, but so too would have salaries.
Now by crating jobs, we enable the rich to earn more via LBO and IPOs.
"Doing what i can, with what i have." ~ Burt Gummer