Blog Insights: Airline Insecurity
What bloggers are saying about the latest in information technology
A noisy flap took place last month when Indiana University student Christopher Soghoian created and made available a computer program that allows people to print bogus airline boarding passes. Cnet correctly reported in a recent piece that this episode brought a security flaw to the public's attention. According to the report however, Federal agents quickly shut the site down and seized the student's computers. The program he created was in fact based on a potential flaw that was not new at all, and the security flaw had already been made public. But the reason Soghoian was targeted by the Feds was that he was the first to actually create a program that could be used to exploit that flaw. Security expert Bruce Schneier has written about this vulnerability in the past as well. His blog, Schneier on Security tells a bit of the history of this flaw, which existed and was known long before Soghoian ever considered it.
Airport security is a mish-mash of procedures and protocols, some that work and some that don't. Schneier makes an interesting point that the photo ID requirement does very little for security --the reason for implementing it was purely financial, since it prevented individuals from reselling their tickets.
I've always wondered why people hack computers. Mostly, they do it for illicit financial gain, but some have other axes to grind, points to make, and a certain level of self-righteousness that gives way to a sort of virtual vigilantism. They say, "I don't like what this organization represents, so I'm going to hack their site. In Soghoian's case, perhaps he wanted to make a point about flaws in airline security, and went about it by exploiting those flaws publicly and providing a vehicle for others to do so as well. This system can be broken, so I'm going to break it. Simple.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
