Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×

Congressman Calls for Arrest of Security Researcher 574

Christopher Soghoian writes "Yesterday, I published a tool that allows you to Create your own boarding pass for Northwest flights. This was an attempt to document the fragile and broken state of identity/security for domestic flights in the US. Today, Congressman Markey (D-Mass) has called for my arrest." From the ABC article: "'I don't want to help terrorists or help bad guys do bad things on airplanes, but what we have now is what we in the industry call security theater. It's made to make you think you're secure without actually making you secure,' Soghoian said. 'As a member of the academic research community, I consider this to be a public service.' Soghoian admits that he hasn't actually tried to use one of the boarding passes yet."
This discussion has been archived. No new comments can be posted.

Congressman Calls for Arrest of Security Researcher

Comments Filter:
  • by mbstone ( 457308 ) on Friday October 27, 2006 @06:31PM (#16616518)
    The prosecutors would never file a criminal case, because it would be quickly thrown out on First Amendment grounds? Wouldn't it?
    • by soft_guy ( 534437 ) on Friday October 27, 2006 @06:35PM (#16616568)
      The prosecutors would never file a criminal case, because it would be quickly thrown out on First Amendment grounds? Wouldn't it?

      With a supreme court with 7 republican appointees? I doubt it.
      • Re: (Score:3, Informative)

        by yorktown ( 947019 )
        Unfortunately, the Supreme Court takes a very loose view of what the Constitution says. For example, it considers building a hotel and condominiums as "public use" for the purposes of eminent domain. http://en.wikipedia.org/wiki/Kelo_v._City_of_New_L ondon [wikipedia.org]

        Note that all four of the dissenting justices in the Kelo decision were appointed by Republicans.

      • And a Democrat calling for the arrest?


        Oh no, both parties must be in on this together! I know my face sure is red.

    • by Tackhead ( 54550 ) on Friday October 27, 2006 @06:36PM (#16616578)
      > The prosecutors would never file a criminal case, because it would be quickly thrown out on First Amendment grounds? Wouldn't it?

      Much like the guy who looks at your boarding pass, you're trusting your life to something that's just a goddamn piece of paper.

      • by timeOday ( 582209 ) on Friday October 27, 2006 @07:42PM (#16617454)
        A boarding pass isn't even supposed to be a security document. That's why you have to show your ID as well as your boarding pass, just to get the privelige of being x-rayed, bomb-sniffed, and patted down before being allowed into the secured area. If anybody thought boarding passes were supposed to enhance security, they wouldn't let you print your own.

        In other words, I think the professor's research is silly, and I think the congressman is equally silly for calling for his arrest.

        • Re: (Score:3, Insightful)

          by iocat ( 572367 )
          It's not even research. Anyone with five minutes and a copy of WORD could do the same thing. It doesn't make something that spoofs the system, it makes something that spoofs people who can't read barcodes (that is: everyone). It wouldn't scan correctly and let you get on the plane, it just is a form that adds your name and date to a rip off of the standard "print at home" boarding passes.

          This whole story is stupid. The fact that documents can be forged is not news, the fact that some guy made a website for

        • Re: (Score:3, Funny)

          by Hoi Polloi ( 522990 )
          "x-rayed, bomb-sniffed, and patted down"

          Oh shit, you mean that full body cavity search WASN'T part of the normal screening process?
    • not likely (Score:3, Insightful)

      by Quadraginta ( 902985 )
      I doubt it. It's hard to see how faking a boarding pass can be considered some kind of "political speech," which is about the only kind of speech that has near-absolute protection under the First Amendment.

      Otherwise, you know, you couldn't be prosecuted for faking a bill of sale for a car, or a life insurance policy, or printing counterfeit currency, or most other forms of fraud that involve a printed document -- and you surely can.
      • Re:not likely (Score:5, Informative)

        by kfg ( 145172 ) on Friday October 27, 2006 @06:45PM (#16616684)
        Otherwise, you know, you couldn't be prosecuted for faking a bill of sale for a car, or a life insurance policy, or printing counterfeit currency, or most other forms of fraud that involve a printed document -- and you surely can.

        I just created a fake bill of sale for a car. I have committed no crime, because I have not proffered it as genuine to anybody.

        Fraud is a crime of intent.

        KFG
        • I just created a fake bill of sale for a car. I have committed no crime, because I have not proffered it as genuine to anybody.
          Fraud is a crime of intent.

          I have written a program to fake a boarding pass and published it on the web. I am now in bigger trouble than if I had been charged with fraud:

          The charge might be framed as a from of criminal facilitation. The only intent required might be defined simply as a reckless disregard of the consequences of your actions.

          What follows is a model statute that s

        • Re: (Score:3, Insightful)

          by Quadraginta ( 902985 )
          Yes, well, if you created it and kept in in your desk drawer, you're right. But have you forgotten that this fellow published his widget on the net, and allowed anybody at all access to it? That's a whole 'nother ball game.

          First of all, a jury may and often will draw powerful inferences about someone's intent from their actions. For example, if you have enough crack in your possession, the jury is allowed to decide -- and probably will decide -- that you have ipso facto the intent to distribute it, regar
      • Comment removed (Score:5, Insightful)

        by account_deleted ( 4530225 ) * on Friday October 27, 2006 @06:46PM (#16616702)
        Comment removed based on user account deletion
        • by Tim C ( 15259 )
          I suspect very strongly that in the case of money, simply having the means to create counterfeit bills will probably land you in a whole heap of trouble. Governments tend not to have much of a sense of humour when it comes to that sort of thing.

          10 years ago, in this case, I'd have laughed if somone had suggested the guy could be arrested just for this. Since the attack on the WTC, however...
          • Re:not likely (Score:5, Informative)

            by psykocrime ( 61037 ) <mindcrime@@@cpphacker...co...uk> on Friday October 27, 2006 @08:42PM (#16618064) Homepage Journal
            I suspect very strongly that in the case of money, simply having the means to create counterfeit bills will probably land you in a whole heap of trouble.


            This is why every American should immediately go visit FIJA [fija.org] and learn the truth about serving on a jury. Hint: you can judge the law as well as the facts, and juries ARE the "last line of defense" against oppressive government / bad laws. See Jury Nullification [wikipedia.org] and/or Peter Zenger [wikipedia.org] for more.

            If I'm ever serving on a jury, I can guarantee you that I won't be voting to convict in any "victimless crime" situation, or anything where somebody is being charged with violating some bullshit law. Hung jury or acquittal, here we come.

        • by raehl ( 609729 )
          No, you can be prosecuted for attempting to pass these off as real, but not just printing them

          But you could be civilly sued for violating NWA's trademark and copyright.
      • Re: (Score:2, Insightful)

        by MoreBonez ( 968956 )

        I doubt it. It's hard to see how faking a boarding pass can be considered some kind of "political speech," which is about the only kind of speech that has near-absolute protection under the First Amendment.

        But he's not faking a boarding pass. He published a tool that allows it to be done in order to make a point about aviation security, which is regulated by the government. Sounds like political speech to me.

        Whether that argument would hold up in court while he's being accused of helping terrorists i

      • by SnowZero ( 92219 )
        I think it would have been more responsible on the researcher's part if he had simply announced that he could make fake boarding passes, rather than fielding a system for doing so. As an undergrad, I found some holes in our university IT system, and in the grading systems for two classes I took. Instead of exploiting it, I told the people in charge so they could fix it. There are cases where the person with the problem won't admit it, and wants you to keep it secret. In those cases you might eventually
        • Re: (Score:3, Informative)

          by dgatwood ( 11270 )

          The problem is that for every tale like yours, there are a thousand stories of people who found holes in a computer system, told the responsible party, and were promptly threatened with administrative action for "cracking". After all, if you weren't trying to break in, how did you stumble across the security hole to begin with?

          And as I said, we've all been saying this for years. It simply took somebody having the guts to make a really visible, easy-to-use exploit for the problem before anyone would list

      • Re:not likely (Score:4, Interesting)

        by dgatwood ( 11270 ) on Friday October 27, 2006 @06:58PM (#16616910) Homepage Journal

        Passing a fake bill is illegal. Selling a printing press is not, even if that printing press can be used to print bills.... Telling people how to make a plate based on existing currency... it's the same as making any other kind of plate, so also not illegal in all likelihood.

        There isn't anything here that hasn't been obvious to every single person who reads Slashdot for years. It's all smoke and mirrors, and anyone with even a modest level of intelligence knows this, not just geeks. The only thing surprising here is that we have a Congressman who is so completely computer illiterate and clueless that he actually believes that the stuff in this article would be a surprise to anyone.

        You know, now that I think about it, given the quality of federal legislation in the past few years... it's not really that surprising after all. In fact, it explains a lot.

    • by account_deleted ( 4530225 ) * on Friday October 27, 2006 @06:42PM (#16616640)
      Comment removed based on user account deletion
    • Oh, that's rich. Really funny. Who needs criminal convictions and constitutional law when you could just classify the guy as an "unlawful enemy combatant" and lock him up with no charges and no recourse? The first amendment? You're living in a fantasy land of yesteryear my friend.
    • Re: (Score:2, Interesting)

      by rthille ( 8526 )
      Been in that cave long?

      They don't have to file a case. Congress did away with Habeas Corpus recently, so they can just 'disappear' you, like all the other terrorists...

      I'm really thinking that armed insurrection is going to be coming soon to the U.S....
      • Re: (Score:3, Interesting)

        I'm really thinking that armed insurrection is going to be coming soon to the U.S....
        I doubt it... anyone who started organizing such a thing would be labeled an enemy combatant and disappeared. For this sort of mess, you're going to need some outside country to liberate you and bring democracy to your suffering land.
      • Re: (Score:3, Informative)

        by maetenloch ( 181291 )
        They don't have to file a case. Congress did away with Habeas Corpus recently, so they can just 'disappear' you, like all the other terrorists...

        No, they didn't. Habeas corpus still applies to all U.S. citizens. Period.

        What congress did in the MCA was say that non-citizens being held in Guantanamo Bay or who have been declared enemy combatants cannot claim habeas corpus rights. Note that it's not clear that they would have had habeas corpus rights even before the MCA was passed. This was an attempt b
        • by An Onerous Coward ( 222037 ) on Saturday October 28, 2006 @02:58AM (#16620166) Homepage
          Soooooo.... if I get my butt hauled off to Guantanamo, how do I get myself a court hearing so that I can present the evidence showing that I am a U.S. citizen and therefore entitled to Habeus Corpus?

          Face it. So long as we say, "Everyone has a right to habeus corpus, except for group X," then all the government needs to do is claim you're a member of group X to deny you access to the courts.

          Final note: We are not at war. Legally, we are not at war, because Congress has not declared war. Morally, we cannot declare a war that amounts to a war against anyone, anywhere who might be plotting violence against us. That leads directly to a state of eternal war, because we cannot even conceive of a future state of affairs that could be called "victorious."

          The U.S. knew the war was over when Lee signed his surrender at Appomattox. How will we know that the "global struggle against islamofascism" is at an end, that America is safe, and we can demand these so-called "war powers" back? Who is going to have to surrender their arms to make that day come? The answer, of course, is nobody. This "war" won't end with a resounding military victory or the fall of some great tyrant. It only ends when the people of the U.S. rise up and take back the liberties they traded for false security.

          November 7, people. Mark it on your calendars.
    • Comment removed based on user account deletion
    • The prosecutors would never file a criminal case, because it would be quickly thrown out on First Amendment grounds? Wouldn't it?
      Well, look at it like this: because he published this, he is both an enemy combatant and a terrorist. Therefore, he has no habeas corpus protection. Therefore, they can just come around, pick him up, and toss him in some cell somewhere, and never have to tell anyone.
    • Re: (Score:3, Insightful)

      by JWSmythe ( 446288 ) *
      Ha!

      Have you noticed all the less than friendly laws passed recently?

      If they decide to do anything to him, they'll be shipping him off to a Southeastern Cuba vacation spot. It's a very exclusive resort, you can only show up by invitation (an invitation that you cannot refuse). How did the Eagles put it? "You can checkout any time you like, but you can never leave..."

      How did the summary of the "Military Commissions Act of 2006" go?

      1) The US Gov'
  • by RightSaidFred99 ( 874576 ) on Friday October 27, 2006 @06:31PM (#16616522)
    You could have just used an old boarding pass or copied an old one, or scanned and photoshopped an old boarding pass and changed the date/time.

    Or, gee, the terrorists could just have someone else buy a plane ticket, or buy it themselves, or buy for a different flight, whatever.

    The whole thing is ridiculous. It's ridiculous that this is thought to be some newly discovered weakness, and it's ridiculous that the powers that be are actually getting upset over it.

    • by panaceaa ( 205396 ) on Friday October 27, 2006 @06:56PM (#16616866) Homepage Journal
      There IS brilliance behind his idea. Perhaps you didn't read it... but basically, you can fly on a fake identity without any screening of your actual identity.

      1) Go to 7-Eleven and buy a pre-paid credit card with cash using a fake name. This will be the name you fly under.
      2) Buy a ticket with this credit card.
      3) Print out an ADDITIONAL ticket for your real identity. He gives you an HTML form to do this.

      Now, show up at the airport. Go through security with the fake ticket... it will match your ID, but since it's not in any computer systems, they won't check to see if you're on the no-fly list. When at the gate, provide the ticket you actually bought. Nowadays you don't need an ID at the gates anymore -- just have your ticket scanned and hop on the plane!

      Now, I'm not exactly sure if you can check bags. If you have to go to the counter before security, they ask for your ID. But if you can avoid that (and you can now, as far as I know), you can fly on a fake identity.
    • Another problem with this is, what good is a fake boarding pass? Remember, the 9-11 hijackers used real boarding passes; all this can do at best is save you a few hundred bucks -- hardly a big deal if you're willing to kill yourself on an airplane to make some kind of point. The biggest problem I see is, let's say you get your fake boarding pass and you manage to get onto the plane with it; then what? Where the hell are you going to sit? Pick an empty seat; then when the real passenger shows up, your fo
  • Arrest? (Score:4, Insightful)

    by Anonymous brave dude ( 950545 ) <gavinwahl@gmail.com> on Friday October 27, 2006 @06:33PM (#16616536)
    So, some guy said he should be arrested. Does that mean anything?
    • When he's a congressman, I'd say it does. Although technically a member of the legislative branch, not the executive, a congressman can be very influential.
    • It's an election year. Some ambitious prosecutor will step up to the plate and file charges for 15 minutes of media fame. It's like the old king saying to himself, "Won't anyone get rid of this meddlesome priest?", and a half-dozen knights running out the door to finish the job.
    • It doesn't mean that the guy will be arrested, no. So in that sense, it doesn't mean anything at all.

      On the other hand, it isn't just "some guy", a Congressman said that he should be arrested. This means that we have semi-hysterical, technically clueless blowhards deciding national policy. I think that means something, and what it means is really bad...

    • Re:Arrest? (Score:4, Insightful)

      by camperdave ( 969942 ) on Friday October 27, 2006 @07:03PM (#16616962) Journal
      Yes, it means that politicians are not interested in fixing the problems, but in hushing up the whistle blowers. It's the age old problem of killing the messenger.
  • by GillBates0 ( 664202 ) on Friday October 27, 2006 @06:33PM (#16616544) Homepage Journal
    ...it also amazes me immensely, how a simple 'printout' passes as an 'authentic' document in a variety of situations.

    The wide spread use of e-commerce has expedited the adoption of regular printouts as tickets, receipts, passes and other situations I can't think of right now.

    Are people so dumb as to not realize, how simple their official 'logos' are to create using an image processing software? Agreed, most of these 'receipts' merely provide a number, which acts as an 'index' in some internal database somewhere.

    But this guy does have a point. Merely admitting a person holding a an easily reproducible printout of an 'eticket' or boarding pass is just lame.

  • Newark (Score:5, Insightful)

    by From A Far Away Land ( 930780 ) on Friday October 27, 2006 @06:34PM (#16616550) Homepage Journal
    Listening to the radio this morning, they said Newark airport staff failed 20 of 22 tests involving guns and bombs being smuggled past security by undercover agents. Airport "security" is a joke, and a distraction from real issues. When they stop taking away your toothpaste and maple syrup in the carry-on luggage, maybe then I'll take something about airports seriously again.
    • Re: (Score:3, Informative)

      Listening to the radio this morning, they said Newark airport staff failed 20 of 22 tests involving guns and bombs being smuggled past security by undercover agents.

      A few years ago I was in a security-check X-ray line. The guy ahead of me was such a "tester", smuggling a gun in his carrr-on bag. The gun was positioned against the side of the bag and sitting on its top surface, so the grip was up. It looked like a flattened-out bracelet on the X-ray.

      The screener didn't catch it. The guy showed the screen
  • by pjt33 ( 739471 ) on Friday October 27, 2006 @06:35PM (#16616566)
    It's astounding that Markey thinks that the website which prints fake boarding passes is creating a loophole. Politicians may not have a grasp of technology, but it only takes common sense to see that the loophole exists independently of any specifictool which creates the document to exploit it.
    • by oGMo ( 379 )
      I think the problem is they don't have a grasp of common sense, either.
    • Mmmm....so since your ability to be killed by a giant fireball exists independently of any specific tool (e.g. a nuclear bomb) that exploits it...you would perhaps also think it would be contrary to common sense to call for restrictions on who can possess (or publish on the Web directions for building) a nuclear bomb?
      • Re: (Score:3, Insightful)

        by inKubus ( 199753 )
        Get real. Although 2000 AMERICANS is a significant percentage of AMERICA, 2000 PEOPLE is not a significant percentage of HUMANITY. Even if terrorists were somehow able to construct a functional nuclear device, smuggle it into a major city and manage to detonate it and kill 100,000 people, it's still meaningless as far as humanity is concerned. A great tragedy, the country would be pretty numb, almost everyone would know someone who died and those people who were in city would have their lives unjustly end
    • by raehl ( 609729 )
      It does create a slight loophole. Let's say I'm on the no-fly list. If I try to enter the terminal on a boarding pass with a different name and no ID, I'll get more thurough screening. This would let me print a fake boarding pass with my name and enter the terminal using ID, then fly on the real boarding pass with the fake name.

      Also, if I am flagged for extra screening, it allows me to avoid it - I just note that the "extra screening" code has been noted on my boarding pass, then use my trusty fake board
  • (airport announcer over intercom) Boarding Northwest Flight 171 has begun...

    Passenger 1, with fake ticket, gets to seat 13F first. Sits down and gets comfortable.
    Passenger 2, with real ticket, gets to seat 13F, finds someone else in their seat, and politely claims that it is their seat.
    Passenger 3 gets to seat 13F, finds two people arguing over whos seat it is, and considers his mistake.
    Flight attendant 1 arrives on scene, cannot determine who is the proper passenger, and has Air Marshall 1 escort them bot
    • Comment removed based on user account deletion
    • I could have sworn that the last time I flew, they actually scanned my ticket before I boarded. If they don't do this, then they definitely should. How hard would it be to check the barcode on a ticket against a database of tickets that have actually been sold?
    • Well, first, a boarding pass can get you to the gate. From there, you can force your way onto a plane.

      Remember the guy who stormed the gate at BWI Airport back in '70s? He was going to hijack a plane and crash it into the White House and kill Nixon? Ah...found it [wikipedia.org].

      Obviously, it'd be trickier to get through security with a .22 and a couple of gallons of gasoline than it was in 1974...
  • but of course (Score:5, Interesting)

    by Phantom of the Opera ( 1867 ) on Friday October 27, 2006 @06:38PM (#16616598) Homepage
    This whole homeland security mindset is not one of rationality. It is one of panic. There is an element of OMG - he's giving the badguys ideas. This call to arrest him is probably more along the lines of OMG - he's giving passengers the idea that they are unsafe. It isn't the issue wether they are unsafe or not, but making them feel that is going to have negative affects on the airline industry and get people jumpier. All in all, its going to make going on a plane that much less pleasant.


    "The Bush Administration must immediately act to investigate, apprehend those responsible, shut down the website, and warn airlines and aviation security officials to be on the look-out for fraudsters or terrorists trying to use fake boarding passes in an attempt to cheat their way through security and onto a plane," Markey said in a statement. "There are enough loopholes at the backdoor of our passenger airplanes from not scanning cargo for bombs; we should not tolerate any new loopholes making it easier for terrorists to get into the front door of a plane."


    One, shouldn't they already be on the lookout for frausters and terrorist.
    Two, this isn't a new loophole. It's been there a while folks.
  • Comment removed (Score:5, Insightful)

    by account_deleted ( 4530225 ) * on Friday October 27, 2006 @06:40PM (#16616624)
    Comment removed based on user account deletion
  • by geekotourist ( 80163 ) on Friday October 27, 2006 @06:42PM (#16616634) Journal
    I called up their Washington DC office. The person who answered didn't know about this issue and the call for an arrest. I made three points:


    1. Arresting the messenger doesn't help security- it makes people more afraid to point out security holes.
    2. Security holes don't shrink by pretending they don't exist
    3. Just before elections isn't the best time to make people in Silicon Valley rethink democrats on security. Markey has usually been thoughtful on security- he should rethink his policy of calling for arresting the messenger.

  • Impossible. (Score:5, Funny)

    by DAldredge ( 2353 ) <SlashdotEmail@GMail.Com> on Friday October 27, 2006 @06:43PM (#16616652) Journal
    This is impossible. EVERYONE knows it is only those with a R after their name that wish to take away our rights and jail those they do not like.
  • by hondo77 ( 324058 ) on Friday October 27, 2006 @06:43PM (#16616654) Homepage
    The 9/11 hijackers all had valid boarding passes. What do fake boarding passes have to do with security?
  • Political spectrum (Score:3, Insightful)

    by delirium of disorder ( 701392 ) on Friday October 27, 2006 @06:44PM (#16616662) Homepage Journal
    Check out Edward Markey's voting record [washingtonpost.com]. He's one of the most liberal members of congress. His call to arrest this innocent security researcher further proves that the Democrats are authoritarians just like the Republicans. Only Greens and Libertarians appear to have any respect for free speech and other civil liberties.
    • That being said, he's just earned his "oooo, I'm for security" political credit for the day, and preventing a republican from scooping that.

      There is something darwinian about US politics. Any politician that speaks their mind too often gets weeded out. The survivors cameoflage themselves in the Coke vs Pepsi plank (or favorite sports team plank). Right now, if you are not 'for security', you are not electable.
    • by NineNine ( 235196 ) on Friday October 27, 2006 @07:43PM (#16617464)
      Ha! You didn't actually think that the Republicans and Democrats were opponents, did you? C'mon.
       
          There's a very popular case study in business school about Coke and Pepsi, and how they're both very happy with approximately 49% of the market. People think they have a real "choice". Neither one has to worry about "monopolies". And, they already know each other. It's a fake battle to make people think that they actually have a choice, all the while, both parties are very happy with half of a FUCKING HUGE pie.
       
      Sound familiar?
  • It's been a while since I flew, but I did buy electronic tickets last time. When I first got inside the airport door, the first and only place I presented my ticket printouts was to a clerk right near the entrance. They took the printout, scanned it, looked over my ID along with their screens, and then printed out a 'real' ticket that was a bit less ordinary (though still possibly forgeable if you had their cardstock maybe...). The ticket readers at the actual boarding point were picky about the format a
  • since law enforcement agencies should be able to figure out if there's a possibility that someone has committed a crime and 'aprehend' them, there's no real need for some pompus, self-important, know-nothing congressman to call for their arrest. To ward off the possibility that the law enforcement agencies might look like congress' lackeys, anyone who's arrest is 'called for' by a congressperson should be placed on a 'do not arrest' list. We do not live in a society where people get arrested because an indi
  • As is common with closed-source software companies, they refuse to listen or reform when told they're unsecure. Once their insecurity is exposed, they are made to look like utter morons in front of their target audience. Rather than behave rationally by acknowledging a problem and working to fix it, they jump to Cover Yer Ass maneuvers:

    * Deny the existence of the problem (ABC link, bottom of first page)
    * Threaten the person or persons who made them look like incompetent idiots

    As long as they believe
  • If you actually look at the boarding pass generator, what it does really isn't complicated - you could do the same thing with one legitimate boarding pass, a typewriter, and a photocopier. That this is worthy of calling for someone's arrest is disturbing.
    • by wes33 ( 698200 )
      in America, one should always be ready to be arrested, and held without charge, possibly tortured and/or sent to a secret prison in a foreign country. This is what Americans call "Freedom"
  • Prediction (Score:3, Insightful)

    by FirstTimeCaller ( 521493 ) on Friday October 27, 2006 @06:55PM (#16616864)

    And what do you think the TSA's response to this will be? My money is that they decide to no longer allow people to print their own boarding passes. It will be paper ticket or nothing (and yes I'm aware that these can be forged too). So no more checkins at the gate -- stand in line along with those that have baggage to check. Just great.

  • by aapold ( 753705 ) on Friday October 27, 2006 @06:57PM (#16616888) Homepage Journal
    Maybe you could use it to flee the country...
  • by mpapet ( 761907 ) on Friday October 27, 2006 @07:05PM (#16617004) Homepage
    Individuals simply cannot point out the obvious flaws in what passes for National Security. While we as individuals are supposed to have some kind of freedom in this way, we don't.

    Now, lets get to the reasons why this was the dumbest thing to do.

    1. It puts egg of the face of every big federal contractor muscling their way into the "homeland security" budget.

    2. We're at war with an enemy and tactical end that won't ever be defined. To maintain that heightened state of fear and social control, this individual must be criminalized. (he's helping the terrists after all.)

    3. No contractor has a product ready to replace it. It will be a tough day for the contractors that have to explain this to gov't types.

    4. It fires off a "something must be done" storm, that no politician really wants. They've got too much fund raising to do.

    5. Whistle blowing is contrary to the nation-state's goals. An individual this smart and not working for the State must be criminalized in order to maintain the heightened state of fear and sustain a compliant population.

    Never, and I mean never, should an individual take it upon themselves to publish this kind of information.

    Except if you want to be known as "notorious" and probably a felon in prison for a couple of administrations at least.
  • by thehossman ( 198379 ) on Friday October 27, 2006 @07:17PM (#16617156)
    Background: my last name starts with the letters "Host"

    When southwest first started offering online checking, i discovered a small bug, when you got the the "Print your boarding pass" screen, with my name in all caps, the letters "HOST" were replaced with "southwest.com" ... so if your name was "Jim Hostenfeffer" it would appear on your boardingpass as "JIM southwest.comENFEFFER" ... I played with the site a little bit and found that it was a straight macro replacement bug of whatever domain name was used, so would say "JIM wWw.SOutHwesT.cOmENFEFFER" if that was the domain you typed into the URL bar.

    The first time it happened i thought it was ammusing, I emailed their tech support, saved the HTML to a file and edited it so it had my name again and would match my ID when i checked in.

    4 or 5 flights and at least 9 months later it was still happening and I spent a good 3 hours on the phone being transfered arround to different people trying ot get them to understand what the problem was and how fucking ridiculous it was that i had to constantly "hack" my boarding pass because of a bug they'd had for months.

  • by Sloppy ( 14984 ) on Friday October 27, 2006 @07:38PM (#16617424) Homepage Journal

    If outlawing printing fake passes, is what it takes to keep terrorists from printing them, then we should do it. Terrorists wouldn't dare to break such a law, thus they won't be able to get boarding passes, thus they won't be able to fly, thus they won't be able to travel to my city, thus they won't be able to detonate a suicide bomb near me.

    I'm glad Markey has the sense to systematically think this threat though, and recommend a solution that will stop it at the source.

    And if anyone suggests that terrorist threats can only be countered by assuming that terrorists are willing to break TSA guidelines, then I suspect such a person of being an anarchist! This is a nation of laws!

  • by quincunx55555 ( 969721 ) on Friday October 27, 2006 @07:40PM (#16617444)
    Dear Honorable Edward Markey,

    I just read about your response to Christopher Soghoian's findings regarding online printable boarding passes being easily faked.

    I have to say that I am appalled at what I am reading. Mr. Soghoian has found something that could allow terrorist to continue to harm Americans. This technique may have already been used, or plan to be used, but now we know about it and can do something about it.

    Why? Because Mr. Soghoian was kind enough to expose this security flaw. Punishing someone that has put this much effort into giving us the knowledge to save more lives is asinine.

    As a Quality Assurance Engineer, I know the importance of finding, and reporting, flaws. This man should be commended, not condemned.

    I think it would be wise as a senior member of the Department for Homeland Security to withdraw your previous statements as you have gained "an insightful perspective" on this issue after responses such as mine.

    Scaring others into not telling us where our security flaws are will only lead to more opportunities for our enemies. How can you not immediately see this?

    Or should I put you on the list of government employees that pretend like they care, but would rather play political games instead?


    Sincerely,

    Quincunx (real name used in the real letter)


    I encourage others to write as well. If we let him know his error, give him an "out", then maybe bullshit like this won't happen again. Here's hoping.
    Here's the send-an-email part of Honorable Edward Markey's web page [house.gov]
  • by AdmiralWeirdbeard ( 832807 ) on Friday October 27, 2006 @07:47PM (#16617506)
    Uh, so should they arrest Tom Clancy too? He wrote a book detailing how easily a single person could fly a plane into an important building (the capitol building during a presidential address to a joint session of congress, but whatever).
    So, if the litmus test has become, "Using mass media to point out ways that terrorists might strike = terrorism," then Mr. Clancy, as well as any number of Whitehouse Spokespeople are terrorists and should be put in Guantanamo right now. I mean, come on, they got up there at the briefings and said that people could smuggle bomb supplies on in component form in water bottles... and we can bring water bottles on board again... so... THEY'RE WITH THE TERRORISTS!!!!!

    Since this is patently absurd, maybe Mr. Windbag might want to slow his roll a bit, and consider using his brain before he opens his fucking hole.
  • by technicalandsocial ( 940581 ) on Friday October 27, 2006 @07:53PM (#16617556)
    I don't know of a security researcher that doesn't feel that some, if not most, congressmen should be arrested.
  • by klausner ( 92204 ) on Friday October 27, 2006 @07:55PM (#16617574)
    Chris reports that the FBI is knocking [blogspot.com] on his door. The boarding pass generator [dubfire.net] is also (at least temporarily) down.
  • by psykocrime ( 61037 ) <mindcrime@@@cpphacker...co...uk> on Friday October 27, 2006 @08:33PM (#16617972) Homepage Journal
    I suggest that all concerned Slashdotters contact congressman Markey [house.gov] and let him know what you think.

Behind every great computer sits a skinny little geek.

Working...