Lax TSA Website Exposed Travelers' Information

sjbe sends in an old story with a poetic justice ending. Almost a year ago Chris Soghoian blogged about multiple security holes exposing visitors to a TSA site to possible identity theft. Wired and others picked up the story and the TSA took down the insecure site and fixed the problems. On Friday the US House of Representatives Committee on Oversight and Government Reform released a report (PDF; HTML summary) finding that the TSA contractor, Desyne Web Services, had received a no-bid contract for the faulty site from a former employee who was then a TSA project manager. TSA has taken no action to sanction the responsible parties for the vulnerabilities. The poetic justice is that Soghoian had been investigated for 6 months by the FBI and TSA because he pointed out a vulnerability in the US air transport system; no charges were ever filed.

Like most security theater in this country ...

[ScrewMaster]

Lax TSA Website Exposed Travelers' Information

"Lax" describes it pretty well.

Re:Like most security theater in this country ...

[Kelz]

Did they mean "lax" as in "Loose and not easily retained or controlled." or LAX as in the airport?

Re:Like most security theater in this country ...

[ScrewMaster]

Did they mean "lax" as in "Loose and not easily retained or controlled." or LAX as in the airport?

Well, I've been through Los Angeles Airport a couple of times recently. I'd say either appellation is apt.

Re:..."no charges were ever filed."

[The_Wilschon]

Too bad they aren't being scythed by Congress instead...