Slashdot Mirror
Lax TSA Website Exposed Travelers' Information
sjbe sends in an old story with a poetic justice ending. Almost a year ago Chris Soghoian blogged about multiple security holes exposing visitors to a TSA site to possible identity theft. Wired and others picked up the story and the TSA took down the insecure site and fixed the problems. On Friday the US House of Representatives Committee on Oversight and Government Reform released a report (PDF; HTML summary) finding that the TSA contractor, Desyne Web Services, had received a no-bid contract for the faulty site from a former employee who was then a TSA project manager. TSA has taken no action to sanction the responsible parties for the vulnerabilities. The poetic justice is that Soghoian had been investigated for 6 months by the FBI and TSA because he pointed out a vulnerability in the US air transport system; no charges were ever filed.
I do not think those words mean what you think they mean.
The poetic justice is not that Soghoian (who exposed the vulnerability) was investigated by the FBI and TSA, but rather the exact opposite, that having been investigated by the FBI/TSA he was vindicated by the scathing congressional report agreeing with him. At least that's an accurate summary, although still a bit illogical since the FBI investigation was for a different issue altogether - him blogging about how to create fake boarding passes which doesn't seem the smartest thing to do if you are really concerned about security.
How do you know they are expensive or dishonest? A no bid contract doesn't imply either automatically.
If we have a true revolution, you should be hoping you'll be lucky enough to live through it. Be careful what you wish for. There really could be worse governments than the U.S. led by Republicans. If you doubt me, just ask anyone who grew up as a subject under Stalin.