Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lax TSA Website Exposed Travelers' Information

Posted by kdawson on from the speaking-truth-to-stupidity dept.

sjbe sends in an old story with a poetic justice ending. Almost a year ago Chris Soghoian blogged about multiple security holes exposing visitors to a TSA site to possible identity theft. Wired and others picked up the story and the TSA took down the insecure site and fixed the problems. On Friday the US House of Representatives Committee on Oversight and Government Reform released a report (PDF; HTML summary) finding that the TSA contractor, Desyne Web Services, had received a no-bid contract for the faulty site from a former employee who was then a TSA project manager. TSA has taken no action to sanction the responsible parties for the vulnerabilities. The poetic justice is that Soghoian had been investigated for 6 months by the FBI and TSA because he pointed out a vulnerability in the US air transport system; no charges were ever filed.

4 of 81 comments (clear)

  1. Re:Like most security theater in this country ... by Kelz · · Score: 5, Funny

    Did they mean "lax" as in "Loose and not easily retained or controlled." or LAX as in the airport?

  2. What I want to know is ... by ScrewMaster · · Score: 5, Interesting

    Why do we keep penalizing those individuals who have the fortitude to stand up and point out security issues, and then let those responsible for said flaws get away clean? Sounds like a decidedly bass-ackward approach to me, designed more to prevent public awareness of corporate and governmental malfeasance than anything else.

    Nobody wants their dirty laundry aired, I understand, but attacking people that expose such egregious errors does nothing to improve matters. I mean, if I say publicly that "your Web site has x security flaws in it" and it turns out I'm lying, fine, sue me for libel or slander or whatever else. Or better yet, just ignore me. But if I make you aware of a serious problem and you do nothing but try to intimidate me into silence, you're obviously trying to cover your ass, and should be fired for incompetence.

    --
    The higher the technology, the sharper that two-edged sword.
  3. Even as we are faced with incident after incident. by riseoftheindividual · · Score: 5, Insightful

    Even as we are faced with incident after incident of our government failing to safeguard information, we do nothing as they collect more of it claiming they can be trusted to safeguard it.

    Real ID is going to be a nightmare.

    --
    Patriot - A fan of expanding government power and spending while not wanting to pay higher taxes.
  4. Summary misses the point entirely by SpinyNorman · · Score: 5, Informative

    The poetic justice is not that Soghoian (who exposed the vulnerability) was investigated by the FBI and TSA, but rather the exact opposite, that having been investigated by the FBI/TSA he was vindicated by the scathing congressional report agreeing with him. At least that's an accurate summary, although still a bit illogical since the FBI investigation was for a different issue altogether - him blogging about how to create fake boarding passes which doesn't seem the smartest thing to do if you are really concerned about security.