Wow this is unsettling

 Just read this article and dang this is terrifying but not unexpected, sadly. The non-programmer summary is:

  • airline employees and pilots can go thru the TSA unscreened if they have a special barcode or an employee number that's checked in real-time to be valid
  • the company that runs the validation service for dozens of airlines didn't implement even the bare minimum, security 101 features like preventing SQL injection
  • anyone with a web browser can access this database and not only view it, but add their own entries and allow themselves to pass thru TSA checkpoints and INTO AIRPLANE COCKPITS with no screening
The white hats who found the problem quietly reported it, but it seems like only a very cursory fix was put into place. It really points a finger at a very weak link in the chain of our national airline security theater.

Comments

Popular posts from this blog

Finding and collecting Japanese Railway station stamps

Southern Vermont's Frog Meadow Farm – a perfect getaway

Where to find TOTO Washlets outside of Japan