Comments on: Fake boarding passes clear airport security http://www.homelandstupidity.us/2006/10/27/fake-boarding-passes-clear-airport-security/ Protect yourself from government gaffes, bureaucratic blunders and incumbent incompetence Sun, 14 Mar 2010 20:43:48 -0400 http://wordpress.org/?v=2.9.1 hourly 1 By: The news just keeps breaking - Homeland Stupidityhttp://www.homelandstupidity.us/2006/10/27/fake-boarding-passes-clear-airport-security/#comment-24720 The news just keeps breaking - Homeland Stupidity Sun, 10 Dec 2006 09:07:30 +0000 http://www.homelandstupidity.us/2006/10/27/fake-boarding-passes-clear-airport-security/#comment-24720 [...] Christopher Soghoian, who blew the whistle on a serious airport security problem which had been ignored for years by creating a Web site which generated fake boarding passes, is still under investigation by the Transportation Security Administration for allegedly violating federal airport regulations and faces “civil penalties of not more than $11,000 per violation,” according to the threatening letter the TSA sent him as a Christmas present. They have plenty of time to go after whistleblowers, but no time for improving airport security, it seems. [...] [...] Christopher Soghoian, who blew the whistle on a serious airport security problem which had been ignored for years by creating a Web site which generated fake boarding passes, is still under investigation by the Transportation Security Administration for allegedly violating federal airport regulations and faces “civil penalties of not more than $11,000 per violation,” according to the threatening letter the TSA sent him as a Christmas present. They have plenty of time to go after whistleblowers, but no time for improving airport security, it seems. [...]

]]> By: Boarding pass creator: Out of frying pan, into fire? - Homeland Stupidityhttp://www.homelandstupidity.us/2006/10/27/fake-boarding-passes-clear-airport-security/#comment-23692 Boarding pass creator: Out of frying pan, into fire? - Homeland Stupidity Fri, 01 Dec 2006 11:26:06 +0000 http://www.homelandstupidity.us/2006/10/27/fake-boarding-passes-clear-airport-security/#comment-23692 [...] This whole mess started when Soghoian posted a fake boarding pass generator on his Web site to draw attention to a long-standing problem with airport security that he felt nobody was sufficiently addressing. [...] [...] This whole mess started when Soghoian posted a fake boarding pass generator on his Web site to draw attention to a long-standing problem with airport security that he felt nobody was sufficiently addressing. [...]

]]> By: Whistleblower News From the NSWBC »http://www.homelandstupidity.us/2006/10/27/fake-boarding-passes-clear-airport-security/#comment-20036 Whistleblower News From the NSWBC » Sun, 05 Nov 2006 05:07:06 +0000 http://www.homelandstupidity.us/2006/10/27/fake-boarding-passes-clear-airport-security/#comment-20036 [...] Christopher Soghoian created the Northwest Airlines Boarding Pass Generator to demonstrate flaws in the government’s implementation of airport security and the so-called no-fly list. A few short days later, on Friday, FBI agents visited him and, as he told it, handed him a “written order” to take down the site, and unfortunately, he did. Read More [...] [...] Christopher Soghoian created the Northwest Airlines Boarding Pass Generator to demonstrate flaws in the government’s implementation of airport security and the so-called no-fly list. A few short days later, on Friday, FBI agents visited him and, as he told it, handed him a “written order” to take down the site, and unfortunately, he did. Read More [...]

]]> By: Ottawa plans no-fly list by 2007, whats the point? - scruffydan.com/blog - Last year Pluto was a planet. Nothing surprises me anymore.http://www.homelandstupidity.us/2006/10/27/fake-boarding-passes-clear-airport-security/#comment-19788 Ottawa plans no-fly list by 2007, whats the point? - scruffydan.com/blog - Last year Pluto was a planet. Nothing surprises me anymore. Fri, 03 Nov 2006 06:16:00 +0000 http://www.homelandstupidity.us/2006/10/27/fake-boarding-passes-clear-airport-security/#comment-19788 [...] The fake boarding pass generator exposes long-standing flaws in airport security as implemented by the federal government which would allow people on the no-fly list to buy tickets and board flights, possibly without even going through the somewhat invasive secondary screening that everyone whose boarding pass shows “SSSS” finds themselves subjected to. -Homeland Stupidity [...] [...] The fake boarding pass generator exposes long-standing flaws in airport security as implemented by the federal government which would allow people on the no-fly list to buy tickets and board flights, possibly without even going through the somewhat invasive secondary screening that everyone whose boarding pass shows “SSSS” finds themselves subjected to. -Homeland Stupidity [...]

]]> By: Stuhttp://www.homelandstupidity.us/2006/10/27/fake-boarding-passes-clear-airport-security/#comment-19658 Stu Thu, 02 Nov 2006 02:11:07 +0000 http://www.homelandstupidity.us/2006/10/27/fake-boarding-passes-clear-airport-security/#comment-19658 Why not compare the ticket with the database entry for that ticket?No database entry for a ticket should be a big flag that something is wrong with the ticket. Also, update the database record with a unique key sequence printed on the ticket. That way the printed ticket would have to match the database entry.Even harder, encode the unique code on the ticket (and database record) with the ticket ID, name and destination. Anything that does not match, sets of a warning for more investigation.Using a single printed piece of bar coded paper for security is stupid. Why not compare the ticket with the database entry for that ticket?

No database entry for a ticket should be a big flag that something
is wrong with the ticket. Also, update the database record with a
unique key sequence printed on the ticket. That way the printed
ticket would have to match the database entry.

Even harder, encode the unique code on the ticket (and database
record) with the ticket ID, name and destination. Anything that does
not match, sets of a warning for more investigation.

Using a single printed piece of bar coded paper for security is
stupid.

]]> By: Louis Loizideshttp://www.homelandstupidity.us/2006/10/27/fake-boarding-passes-clear-airport-security/#comment-19499 Louis Loizides Tue, 31 Oct 2006 15:15:29 +0000 http://www.homelandstupidity.us/2006/10/27/fake-boarding-passes-clear-airport-security/#comment-19499 I'd known plenty of people who've changed the name on their printable boarding passes to get around frequent flier loopholes. Doing so usually only requires a text editor, not a DIY boarding pass generator. Taking down that site was stupid and, if anything, it helped bring this security flaw to light. Printable boarding passes can be made secure with something as easy as an encrypted 2D barcode. I've seen them on printable concert tickets, but obviously the TSA is too stupid to figure this out right now. I’d known plenty of people who’ve changed the name on their printable boarding passes to get around frequent flier loopholes. Doing so usually only requires a text editor, not a DIY boarding pass generator. Taking down that site was stupid and, if anything, it helped bring this security flaw to light. Printable boarding passes can be made secure with something as easy as an encrypted 2D barcode. I’ve seen them on printable concert tickets, but obviously the TSA is too stupid to figure this out right now.

]]> By: IT Blogwatchhttp://www.homelandstupidity.us/2006/10/27/fake-boarding-passes-clear-airport-security/#comment-19345 IT Blogwatch Mon, 30 Oct 2006 12:23:48 +0000 http://www.homelandstupidity.us/2006/10/27/fake-boarding-passes-clear-airport-security/#comment-19345 <strong>FBI smashes fake boarding pass guy's door (and new...</strong>Now boarding: IT Blogwatch, in which a security researcher demonstrates flawed airport security and gets his home searched by the FBI. Not to mention fresh meat from Go Home Productions...... FBI smashes fake boarding pass guy’s door (and new…

Now boarding: IT Blogwatch, in which a security researcher demonstrates flawed airport security and gets his home searched by the FBI. Not to mention fresh meat from Go Home Productions……

]]> By: MellowBox » Blog Archiv » Fake Boarding Pass Generatorhttp://www.homelandstupidity.us/2006/10/27/fake-boarding-passes-clear-airport-security/#comment-19326 MellowBox » Blog Archiv » Fake Boarding Pass Generator Mon, 30 Oct 2006 07:51:28 +0000 http://www.homelandstupidity.us/2006/10/27/fake-boarding-passes-clear-airport-security/#comment-19326 [...] Christopher Soghoian, ein Sicherheitsexperte der  Indiana University veröffentlichte vor kuzen einen Fake Boarding Pass Generator, um die Sicherheitsprobleme der amerikanischen Flughafensicherheit in die Öffentlichkeit zu tragen. The fake boarding pass generator does not create a new security weakness. It reveals an existing one. Though some people may want to, it’s important not to kill the messenger (who, in this case, is a Ph.D. student in security infomatics at Indiana University who created the pass generator to call attention to the problem). As I’ve said before, identity-based security is terribly weak. Its costs — in dollars, inconvenience, economic loss, and lost privacy — are greater than its security benefit. — Jim Harper, Director of Information Policy Studies, Cato Institute [...] [...] Christopher Soghoian, ein Sicherheitsexperte der  Indiana University veröffentlichte vor kuzen einen Fake Boarding Pass Generator, um die Sicherheitsprobleme der amerikanischen Flughafensicherheit in die Öffentlichkeit zu tragen. The fake boarding pass generator does not create a new security weakness. It reveals an existing one. Though some people may want to, it’s important not to kill the messenger (who, in this case, is a Ph.D. student in security infomatics at Indiana University who created the pass generator to call attention to the problem). As I’ve said before, identity-based security is terribly weak. Its costs — in dollars, inconvenience, economic loss, and lost privacy — are greater than its security benefit. — Jim Harper, Director of Information Policy Studies, Cato Institute [...]

]]> By: FBI raids creator of fake boarding pass generator - Homeland Stupidityhttp://www.homelandstupidity.us/2006/10/27/fake-boarding-passes-clear-airport-security/#comment-19182 FBI raids creator of fake boarding pass generator - Homeland Stupidity Sun, 29 Oct 2006 00:28:39 +0000 http://www.homelandstupidity.us/2006/10/27/fake-boarding-passes-clear-airport-security/#comment-19182 [...] Christopher Soghoian created the Northwest Airlines Boarding Pass Generator to demonstrate flaws in the government’s implementation of airport security and the so-called no-fly list. A few short days later, on Friday, FBI agents visited him and, as he told it, handed him a “written order” to take down the site, and unfortunately, he did. [...] [...] Christopher Soghoian created the Northwest Airlines Boarding Pass Generator to demonstrate flaws in the government’s implementation of airport security and the so-called no-fly list. A few short days later, on Friday, FBI agents visited him and, as he told it, handed him a “written order” to take down the site, and unfortunately, he did. [...]

]]> By: nathanr|com » Fake boarding passes clear airport securityhttp://www.homelandstupidity.us/2006/10/27/fake-boarding-passes-clear-airport-security/#comment-19142 nathanr|com » Fake boarding passes clear airport security Sat, 28 Oct 2006 07:59:58 +0000 http://www.homelandstupidity.us/2006/10/27/fake-boarding-passes-clear-airport-security/#comment-19142 [...] Fake boarding passes clear airport security [...] [...] Fake boarding passes clear airport security [...]

]]>