Forgot your password?
typodupeerror
Security Government United States Politics

TSA Now Investigating Boarding Pass Hacker 270

Posted by Zonk
from the make-up-your-mind dept.
An anonymous reader writes "A week after the Justice Department cleared him of any wrongdoing, Chris Soghoian, the Indiana University PhD student who created an online boarding pass generator for Northwest Airlines to highlight security holes is on the government's 'no-fly' list. The Transportation Security Administration has now launched its own investigation, says Wired blog 27strokeB. The TSA is claiming that Soghoian 'attempted to circumvent an established civil aviation security program established in the Transportation Security Regulations,' violations of which carry fines of up to $11,000 per violation. That could be a steep fine, says Washingtonpost.com's Security Fix blog: 'Something like 35,000 people viewed and possibly used the boarding pass generator during the less than 72 hours that it was live on his site in November. Soghoian told WaPo: "If they decide that the only safe way for me to leave the country is by boat, then that's pretty much the end of my career here in the States. It's one thing to harass researchers, but if they can chase them out of the country, then that's a real chilling effect."'"
This discussion has been archived. No new comments can be posted.

TSA Now Investigating Boarding Pass Hacker

Comments Filter:
  • by denebian devil (944045) on Thursday December 07, 2006 @04:31PM (#17151388)
    I wonder how many of those were Slashdot users. Shame on us! Shame!!
    • Re:35,000 views? (Score:5, Insightful)

      by 'nother poster (700681) on Thursday December 07, 2006 @04:32PM (#17151416)
      No, shame on the TSA for not implimenting real secuity requirements.
      • Re: (Score:3, Insightful)

        by bostonkarl (795447)
        No kidding. This was an obvious loophole that had been pointed out a very long time ago. Investigating the kid till you're blue in the face doesn't make the problem go away. Anyone with moderately good office-suite type computer skills could fake a bording pass. TSA needs to focus on security, not obscurity of their obvious failures. TSA needs to focus on security, not their obvious complicity with the airlines and the airlines heavey lobbying.
    • Re:35,000 views? (Score:5, Insightful)

      by garcia (6573) on Thursday December 07, 2006 @04:36PM (#17151500) Homepage
      I was one but I didn't get to it from Slashdot. I got to it from several local bloggers that pointed it out.

      Big fucking deal. It was an obvious security hole. If anything, he should be hailed, not jailed. But then again, we don't want to go out and make NWA (who fucking blow anyway) and the TSA look worse than they already do (if anyone is reading from MCO's TSA, fucking fix your system by doing a "best practices visit" to any number of other airports -- your system sucks even at 4:00AM)
      • Re: (Score:3, Funny)

        by UbuntuDupe (970646) *
        He should be hailed. But the man who introduced fire to the world was burned at the stake. The man who introduced the wheel to the world was spun to death on the rack. The man who introduced sailing to the world was keelhauled. And the man who alerted others of a security flaw made his own country unsafe for him.

        It's the burden of being a genius.
        • Re:35,000 views? (Score:5, Informative)

          by Aardpig (622459) on Thursday December 07, 2006 @06:29PM (#17153690)

          But the man who introduced fire to the world was burned at the stake.

          Bollocks he was. He (Prometheus) was chained to a rock, and an eagle would come every day and tear out his liver. Then, in the night, his liver would grow back. Sheesh, don't you kids learn any mythology anymore?

  • What's the fine? (Score:5, Insightful)

    by HangingChad (677530) on Thursday December 07, 2006 @04:32PM (#17151412) Homepage
    What's the fine for making TSA look stupid?
  • Go Chris... (Score:4, Insightful)

    by Anonymous Coward on Thursday December 07, 2006 @04:33PM (#17151430)
    The people responsible within the TSA need to be dealt with. These fuckheads have some nerve harrassing a researcher for bringing their errors to wider attention.
  • by The Clockwork Troll (655321) on Thursday December 07, 2006 @04:34PM (#17151440) Journal
    The fine seems reasonable, will they accept cash [secretservice.gov]?
  • by toby (759) * on Thursday December 07, 2006 @04:35PM (#17151470) Homepage Journal
    And it's a "Brazil" reference, of course, which is nicely appropriate in this context...
  • by Col. Klink (retired) (11632) on Thursday December 07, 2006 @04:35PM (#17151480)
    As long as they don't fix the flaw, he can still exploit it and circumvent any extra scrutiny they try and put on him.
  • So, what's the message these kind of reactions from the authorities send? To me it seems: "We don't really care if the system is really secure, there are always some friends might need to sneak in, one day. You just let yourself be searched and stay well put during the flight, cause if you don't we call you a terrorist. Trust us or else."
    • by Who235 (959706)
      The fact is that this is bullshit, plain and simple. If this guy goes down or gets fined, I hope all nerds with any discretionary cash pony up a little to help him out. He did nothing wrong. As a matter of fact, a pretty persuasive argument could be made that he did something very right.

      So, what's the message these kind of reactions from the authorities send?

      You are no longer being governed, you are being ruled.

    • I remember an American commedian (pity I don't remember who it was) responding to a bunch of germans who saw his act and thought it was hilarious. "Why don't we" the Germans asked him after the show, "have funny people like you in Germany?" "Because you gassed them all." He replied.
  • by Echoez (562950) *
    What is the actual value and goals of his research? A responsible researcher could have created a proof-of-concept, and raised awareness through media channels, research paper, blog etc. He should have also presented his research to the TSA and the airlines. Instead what he did was not research. He created a website to create fake boarding passes and released it to the public. There was no academic benefit. If I created forged passport software and released it, that's not research. Let's call this fo
    • Re: (Score:3, Interesting)

      This is something I was thinking. It is one thing proving there is an exploitation, it is another making it available to just anyone. The least he could have done is print void over the valid document he created. When you live in a society you need to exert a certain sense of responsibility. It should also be noted nothing is free from flaws and no security will ever be perfect.
    • I think the benefit is twofold:

      1) If he had just submitted a report to the TSA, it would get lost in the bureaucratic hell that is the TSA (or more likely, it would just be ignored, since fixing it would cost money and time.)

      2) The media coverage that the site, and subsequent harassment that he has received has raised awareness far more than a report to the TSA or a blog entry ever would.

      By bringing up the issue in a very public way, he has made many, many people very aware of the "security theatre" that th
    • Nice in theory (Score:5, Insightful)

      by MarkusQ (450076) on Thursday December 07, 2006 @05:18PM (#17152280) Journal
      A responsible researcher could have created a proof-of-concept, and raised awareness through media channels, research paper, blog etc. He should have also presented his research to the TSA and the airlines.

      You seem to be forgetting that that had already been done, up to and including having the information on how to create a fake boarding pass published on a congressman's web site for a year or so prior to his arrest. And yes, there had already be newspaper articles on it, and the TSA was either well aware of it and doing nothing or unaware of it even though it had been reported to them multiple times.

      Let's call this for what it is: trouble-making, not research.

      Ok, fine. It was trouble making. But for whom? It didn't lower airport security one iota. Anyone who cared about it already new how to do it. What it did do, though, was make trouble for the fake "security" providers at the TSA, and point out the fact that they are ripping us (the taxpayers) off.

      We saw the same sort of misleading argument come up when people started pointing out that US Military personnel were being given ineffective bulletproof vests; somehow the people who were trying to raise awareness of the issue were supposedly "helping the terrorists." Which is just nuts. What they were doing is making things uncomfortable for the crooks selling the defective jackets, and having zero impact on the people wearing them unless and until they could raise enough awareness of the issue to get things changed--in which case their actions would have helped the roops, not hurt them.

      --MarkusQ

    • by soft_guy (534437)

      What is the actual value and goals of his research? A responsible researcher could have created a proof-of-concept, and raised awareness through media channels, research paper, blog etc. He should have also presented his research to the TSA and the airlines.Instead what he did was not research. He created a website to create fake boarding passes and released it to the public. There was no academic benefit. If I created forged passport software and released it, that's not research.Let's call this for what it is: trouble-making, not research.

      I agree with you, but I still think his "trouble making" had value of raising awareness and also he should not be persecuted for it.

      • Re: (Score:2, Informative)

        by Rinzai (694786)
        First of all, it's not "persecution." If he broke the law, then he needs to pay the penalty for that transgression. According to your semantics, we persecute murderers for murdering and thieves for stealing. I just don't think so.

        What Chris S. did was just plain stupid. Yes, the web-based boarding document system was originally designed to keep unticketed passengers from getting onto planes, not from getting past the (at the time non-existent) TSA security points. Giving non-technical nogoodniks an eas

        • by soft_guy (534437) on Thursday December 07, 2006 @07:06PM (#17154362)

          First of all, it's not "persecution." If he broke the law, then he needs to pay the penalty for that transgression.
          Putting him on the "no fly" list has nothing to do with the law. He wasn't convicted in court - no we just had a bunch of mindless beaurocrats take it upon themselves to start handing down punishment to whoever they don't like.
    • Re: (Score:2, Troll)

      by bugnuts (94678)
      This was almost exactly what I said [slashdot.org] when it first happened. It was also nothing unique in its implementation. I wrangled a -1 Troll, too! :-)

      The problem exposes some very alarming trends I see in security research. It used to merely be embarassing when someone would release exploit code, but there really wasn't any recourse other than fix the flaw asap. Then, the separation between blackhat and whitehat hacking became more distinct... the responsible researchers started to notify the manufacturers with
    • I found a security hole in a "secrue" system used against pedophiles. I documented the system and submitted it thru channels to the proper authorities. I had to jump up a couple of levels before they could pay attention, but tha tis the way it is done.

      What this guy did is not research, but *IS* criminal.
    • Okay, so it's not research. But he's also not at the center of some vast terrorist conspiracy to forge boarding passes and blow up the US. The trouble he made was not a serious threat to US security, and if it was we are in some deep fucking trouble because it's clear that the gatekeepers are asleep at the switch.

      No, he has already been treated to the "troublemaker" gauntlet, had his brush with the government and his future almost turned upside down. He's still a kid, and kids will do things without thinki
  • by bigbadbuccidaddy (160676) on Thursday December 07, 2006 @04:39PM (#17151564)
    Airport security is a joke, and all he did is point that out. I will point something else out. When I was waiting in the immensely long line for United Domestic Check-In, I noticed they controlled access to the door behind the ticket counter with a simple mechanical combination lock. I observed several United Airlines employees entering and every time I could clearly see the code being entered. I felt very secure.
    • by smooth wombat (796938) on Thursday December 07, 2006 @04:42PM (#17151650) Homepage Journal
      The biggest flaw in airport security is having large groups of people wait in closely packed lines to go through the check-in process.

      I guess someone standing there with a rucksack full of explosives and going BOOM during a heavy traffic time, say the day before Thanksgiving, never occured to our overlords.
      • Re: (Score:2, Insightful)

        19 Hijackers killed some 4000 people, or about 200 people per hijacker. Totally destroyed several buildings, but all in a geographic location. Very spectacular. One building, in another geographic location, partially destroyed. One plane, completely missed.

        I suspect that if they coordinated across 20 of the largest airports during the busiest time they could probably do a lot more damage (kill more people), without having to go through any security. But see, that wouldn't be as "Spectacular" as having build
      • by loraksus (171574) on Thursday December 07, 2006 @05:15PM (#17152232) Homepage
        I'll have to admit that a small part of me wanted someone to drive up in a large vehicle and drive through the lines outside the airport killing and injuring dozens when the TSA retards had people lined up outside of the airport buildings in the last "security crisis"
      • You could do that anywhere, though. Who needs an airport line when there are crowded malls, city streets, etc?
    • Re: (Score:3, Insightful)

      by DerekLyons (302214)
      Airport security is a joke, and all he did is point that out.

      And that's the crux of the problem - he didn't act like a researcher (as he claims) and merely point a security hole (as you claim). He crossed the line from researcher to (potentially) criminal when he published a tool on the web that had no other purpose than to make it possible for others to circumvent security.
      • by RexRhino (769423)
        Well, he figured that the only way they would FIX the security hole was to make it public. He didn't consider that Soviet style suppression of information would be how the U.S. government chooses to solve it's security problems.
      • by loraksus (171574)
        Because just pointing to a security hole would actually result in something getting changed.

        Clearly the TSA listens and has people smart enough to create countermeasures.

        Oh wait... Even after all this fucking publicity, the fucking hole is still fucking open, MONTHS FUCKING LATER.

        At least they're spending their (your) money on frivolous prosecution. That must be worth something right?
        Right?
      • by ChaosDiscord (4913) * on Thursday December 07, 2006 @06:18PM (#17153510) Homepage Journal
        He crossed the line from researcher to (potentially) criminal when he published a tool on the web that had no other purpose than to make it possible for others to circumvent security.

        The purpose was to shame the TAA into fixing a problem which was widely known and publicized: August 2003 by security expert Bruce Schneier [schneier.com], February 2005 in Slate [slate.com], February 2005 press release by a US Senator [senate.gov], February 2006 article in CSO Online [csoonline.com]. The TSA has been ignoring the problem for over three years. Bad guys have known about the attack for at least three years, possibly longer. For all we know bad guys are using it right now; we have no way of knowing. Even without Soghoian's program, it was really, really trivial to exploit; all you need is a very basic understanding of HTML, enough to change one name to another, to execute the attack Schneier described in 2003. The media has been letting the TSA continue to ignore this. If Soghoian had simply published a "I can make fake boarding passes and get into the "sterile" area of an airport he would have gotten an article or two and nothing would have changed. By providing a working exploit things just became that much harder for the TSA. News coverage exploded. Finally something will happen.

        The TSA has proven itself grossly incompetant. There is little to no oversight and zero public accountability. Drastic measures were necessary, as rational measures have clearly failed. The really sad thing is even in the face of such a drastic failure, they're not fixing the core problem.

  • His blog (http://slightparanoia.blogspot.com/) has scans of the letter.

    Reading the letter makes it sound much like the case the FBI was workign on against him (and subsequently droped).

    All of the legalease (as well as I can read it) states is that you can't make these or higher some one else to make them.

    Well, he didn't, he just created a program that COULD. In this case (as with the FBI one) it all seems about intent...
    • by loraksus (171574)
      The only difference is that this case is being brought by people who have a vested interest in keeping their reputation "clean". Intent is also important on the other side.
    • Re: (Score:3, Insightful)

      by westlake (615356)
      All of the legalease (as well as I can read it) states is that you can't make these or higher some one else to make them. Well, he didn't, he just created a program that COULD

      only a Geek would believe that this kind of argument plays well in court.

  • by zappepcs (820751) on Thursday December 07, 2006 @04:40PM (#17151598) Journal
    This is the same problem with all kinds of security systems/programs. How does one point out the error/flaws in said system without falling afoul of the law(s)?

    In this case, he would have been better off just telling people it could be done IMO. Just the same, if Kazaa isn't guilty, how can this guy be held responsible for what people did with his demonstration? If he personally used the fake boarding passes to fly and thus circumvent TSA rules, then he's guilty, should be punished. To demonstrate that its possible doesn't make him guilty. Even making it possible for others to do so doesn't make him guilty of anything except making the TSA look stupid.

    Printing counterfeit money is not illegal... using it is. Normally, nobody would print it without the intent of using it, but in this case, the whole effort was to prove that it could be done and show that a fake boarding pass ruins security measures. If he can print fake boarding passes, any reasonably savvy group can. The manner used to demonstrate this flaw surely makes it impossible to not fix the problem?

    I hope that he is not slapped with huge fines...
    • Re: (Score:3, Informative)


      Printing counterfeit money is not illegal...

      Actually, it is [moneyfactory.gov]:

      Manufacturing counterfeit United States currency or altering genuine currency to increase its value is a violation of Title 18, Section 471 of the United States Code and is punishable by a fine of up to $5,000, or 15 years imprisonment, or both.
    • by pla (258480) on Thursday December 07, 2006 @05:40PM (#17152752) Journal
      How does one point out the error/flaws in said system without falling afoul of the law(s)?

      Survey says - "Anonymously".

      He could have written his boarding pass creator as a flash app and uploaded it to Newgrounds. He could have posted a JS version on any of a number of blogs without using his own name. He could have even posted about it, with a link to an anonymously hosted applet, and probably made the Slashdot FP. He could even have gotten someone outside the US to host the exact same content, with all occurrences of his name replaced by "Mr. CheeseNips".

      But no. He had to use his own name, and therein lies his biggest mistake.

      Anyone who says we don't need anonymity just doesn't fear the government enough for their own good. And anyone who makes the government look bad without at least trying to hide their identity needs to study their history a tad more.

      I, for one, THANK Soghoian for exposing a glaring flaw in the farce we call the TSA. Not because it has made us safer (as we can see, they chose to shoot the messenger rather than, y'know, fix the goddamned problem), but because it has slightly reduced the false sense of security among the voting sheep.
      • by dch24 (904899) on Thursday December 07, 2006 @09:58PM (#17156830) Journal
        Anyone who says we don't need anonymity just doesn't fear the government enough for their own good. And anyone who makes the government look bad without at least trying to hide their identity needs to study their history a tad more.
        Although I agree with you, can I rephrase that?

        Anyone who makes the government / any powerful organization look bad without at least pausing to think about the repercussions is foolish. Hiring a lawyer might be a good idea. Contacting the TSA and giving them six months notice is also a good idea. Contacting two or three major newspapers and letting them know about it is also a good idea.

        But for once, I think Chris Soghoian is brace to use his real name and not hide. If he is really willing to face imprisonment and fines to make the TSA more accountable, the USA safer, and the draconian new "security" measures less credible, he's brave and patriotic in my book.

        Just my two cents.
    • by ChaosDiscord (4913) * on Thursday December 07, 2006 @06:30PM (#17153702) Homepage Journal
      In this case, he would have been better off just telling people it could be done IMO.

      CSO Online told people about it in February 2006. [csoonline.com] Slate told people about it in February 2005. [slate.com] Senator Schumer told people about it in February 2005. [senate.gov] Security expert Bruce Schneier told people about it in August 2003. [schneier.com]

      We're more than a little beyond "telling people" being productive.

      Worse, apparently a proof of concept isn't enough. The TSA is busy trying to presecute the messenger, but they still haven't fixed the core problem. I'd sadly forced to conclude that the TSA will not fix a real threat to airline security until terrorists successfully exploit that threat. While honest people are stuck measuring their shampoo out of fear of a deeply implausible liquid-bomb threat, anyone with access to a printer and a reasonably plausible state ID can get into the "sterile" area of the airport. (I find it darkly humorous that the boarding pass vulnerability makes the cost of getting 30 ounces of liquid explosives onto a plane just 10 fake boarding passes for almost no cost and 10 evil conspirators.)

  • Oh Snap (Score:5, Informative)

    by TubeSteak (669689) on Thursday December 07, 2006 @04:42PM (#17151646) Journal
    Wired doesn't mention it, but in the kid's blog, he links to a re-implementation of his boarding pass generator, this time using html & java.

    Coralized Archive of the mirror: http://geocities.com.nyud.net:8080/j0hn4dm5/forge. tar.gz [nyud.net]

    The mirror:
    -http://j0hn4d4m5.bravehost.com/
    (Coral CDN didn't seem to work on it)

    Maybe now the TSA will actually do something about their security hole.
    Actually, I doubt it, but we can hope.
  • by Lord_Slepnir (585350) on Thursday December 07, 2006 @04:43PM (#17151662) Journal
    "Homeland Security: We can't secure any of our borders, but we'll inconvenience hijackers by making sure they can't brush their teeth!"
  • Security Threat (Score:5, Interesting)

    by Archangel Michael (180766) on Thursday December 07, 2006 @04:43PM (#17151670) Journal
    This whole airline TSA thing is a crock of BS. Over Kill.

    So, a bunch of terrorists captured a couple of airplanes and flew them into buildings. Yeah, a bunch of people died, which is tragic. And the Economy Burped, which is ... expected.

    However, we've learned our lesson, and have secured the airplanes better. In addition, I doubt, HIGHLY DOUBT, that they could get anywhere close to doing the same thing, given the same circumstances, mainly because the passengers wouldn't stand for it.

    Screening 80 year old grandmas of their knitting needles is stupid. Taking off shoes is stupid. Banning Liquids is stupid. For all the inconvenience of it all, it will not prevent someone from trying to by-pass whatever security is setup, and eventually they will succeed.

    I know for a fact that I could bring a knife on board a plane even today, even passing through all the security. They can't stop me if they can't see it. And there are such knives available.

    The point is, all this "security" isn't really designed to prevent hi-jackers, it is designed to placate the masses. See my sig for more info
    • by drinkypoo (153816)
      Yeah, just put a plastic knife in your sock, underneath your foot. Bingo! You can slide right in with it. There are so many holes in TSA security that it's hard to know where to start pointing them out - and even harder to know when to stop.
    • by Rombuu (22914)
      know for a fact that I could bring a knife on board a plane even today, even passing through all the security. They can't stop me if they can't see it. And there are such knives available.

      I'd like to hear more about your invisible knives.
    • by b0s0z0ku (752509)
      So, a bunch of terrorists captured a couple of airplanes and flew them into buildings. Yeah, a bunch of people died, which is tragic. And the Economy Burped, which is ... expected.

      The economy was starting to downturn months before 9/11 - I was taking off a semester from school and working. I wanted to take another semester off and move to Calif. for 6 months, and in October 00, there were still jobs available for the asking. By January 01, the supply of jobs had largely dried up.

      However, we've learned

    • Re: (Score:2, Interesting)

      by bonoboboy (1033874)
      Agreed. The terrorist attacks changed *nothing,* unlike what so many political leaders have been telling us since moments after 9/11 ocurred. Yes, it was tragic, but it wasn't the result of some mass terrorist uprising. There have always been terrorists, and there always will be. "Terrorism" is simply the buzzword of the decade, used to manipulate people to particular ends. I wonder how long it's going to be before certain unnamed agencies are bitch-slapped back into legal and logical operations.
    • All you need is a couple of Christmas presents [slashdot.org].

  • by drgonzo59 (747139) on Thursday December 07, 2006 @04:44PM (#17151674)
    Don't trust the government. Whenever you feel the "I just want to help" vibe coming on, rephrase that into "How can _I_ profit from this?". If he did that he would have sold his generator to al-Qaeda for cash and retired by now. He wanted to "help" and he got screwed!


    The thing is, Americans cannot understand how someone could possibly just "want to help" and not "want to make money". If such a thing happens, then surely they must be up to something, they are probably a terrorist and should be locked up anyway.

  • No-fly list? (Score:2, Insightful)

    Is that their latest pre-emptive penalty, sticking people they don't like on the no-fly list? While not legally in the same category as house arrest, by infringing on his right to travel, have they or have they not already imposed a civil penalty?

    I didn't actually see a citation of where he'd been placed on the no-fly list, can anyone find one and post it? Probably not, since the list doesn't even technically "exist" except as an abstract concept... sorta.

    I have to strongly disagree with the dude above wh
    • by b0s0z0ku (752509)
      Is that their latest pre-emptive penalty, sticking people they don't like on the no-fly list?

      I don't see the societal benefit of this either. He released the software, rather than selling it or using it for his own nefarious purposes. So he's unlikely to be "up to" anything evil. Since it's a government mandated list and not optional for large private carriers to follow, they should not place people (at least not US citizens or permanent residents[1]) on the no-fly list without trial.

      -b.

      [1]-> If

  • by Vellmont (569020)
    I didn't actually see the site while it was up, so maybe the guy actually DID this, but.

    To avoid being arrested, why not make the boarding pass have VOID VOID VOID printed all over it in such a way as it exposes the problem, but doesn't actually create a valid boarding pass. Then he would have violated no laws, AND exposed the poor security procedure at the same time.

    Once the story broke he could create a boarding pass that's given to someone that's authorized to test the fake boarding pass, or others othe
  • They're just not going to leave the poor guy alone. He embarrassed them, and they're going to make him pay and pay and pay. It looks a lot like getting on the wrong side of the RIAA. They can be entirely wrong, but it costs you a fortune and year(s) of your life to win, and then they only pay a pittance for all their unwarranted grief at best.
  • by zeromorph (1009305) on Thursday December 07, 2006 @04:58PM (#17151924)
    Chris Soghoian [...] is on the government's 'no-fly' list.

    Does that mean he is grounded for being naughty?

    That's unfair. Obviously he did his homework.

  • by Beryllium Sphere(tm) (193358) on Thursday December 07, 2006 @05:07PM (#17152064) Homepage Journal
    There's no reason to believe he even might endanger any airplane that he boards. There's not even the thread of suspicion you'd get from guilt by association. There's no allegation that he has violent tendencies or has threatened violence.

    He's there because the no-fly list is a tool for control and coercion at the whim of the authorities without the restraint of statute or jury.
  • ...it's illegal to make the TSA look stupid?
  • I remember reading about this in the Cryptogram all that time ago. Why didn't they go after Schneier instead of this other guy?

    http://www.wired.com/news/columns/0,72045-0.html [wired.com]

    Soghoian claims that he wanted to demonstrate the vulnerability. You could argue that he went about it in a stupid way, but I don't think what he did is substantively worse than what I wrote in 2003. Or what Schumer described in 2005. Why is it that the person who demonstrates the vulnerability is vilified while the person who de

  • by blankinthefill (665181) <blachanc.gmail@com> on Thursday December 07, 2006 @05:35PM (#17152654) Journal
    This is a little bit frightening to me, not because they're prosecuting him and all, because I've come to expect that, but because of where it could lead. We all know that security is never permanent. If there is a way to stop someone from doing something, there is a way around it. What happens when the government realizes this? Some of the cases that get pushed through, like this one (IMHO, anyways) are ridiculous, but what happens when the government realizes that it's just the tip of the iceberg? It sounds kinda funny now, but after seeing the ways in which the government has evolved over the last few years, I would believe anything of them. What happens when they start bringing cases against people who make a proof of concept? Once we know something can be done, the rest is relatively easy, right? So proving that something can be done is like telling the terrorists how to do it, right? Of course, once you think of an idea of how to do something, you've taken your first step on the road to making a proof of concept, am I right? I look at those last few sentences and it makes me shudder, how absurd the logic is, but it's all too familiar to me. It's very like certain justifications to get a hold on certain domestic phone records, or even records from your local library. I've always been of the opinion that America is the best place to live (for me, at least), but if thought processes like this continue to spread and grow, I don't know that America will continue to be a good place to live for very much longer. I like my freedom, and I am not willing to give up personal freedoms in order to lead a life filled with a false sense of security, under a tyrannical government that is unwilling to admit that it can and does make mistakes.
  • was never convicted in criminal court. The IRS got him in tax court for not paying taxes.

    So justice had there try. Now its TSA's turn. Next the IRS will look over his finances looking for undeclared paypal donations for his defence, student loan fraud, etc. Next the army will conscript him under some secret law, and send him to Iraq. If they still can't get him there is always the RIAA & MPAA.
  • Get used to it (Score:2, Insightful)

    by iviagnus (854023)
    That's the United States today, unfortunately. If I had the financial resources I'd move to Europe, Russia, Asia, Australia, anywhere other than here. Anything is better than the $@&^ed-up crap our government is getting away with now. They are a bunch of psychopaths that can't stand to have anyone smarter than they are (which is any non-government employee) point out their flaws. I'll be glad when the common people of this once great nation are fed up and take it back. Terrorist attacks on the Unit
  • wait... (Score:3, Insightful)

    by UrktheTurk (1026122) on Thursday December 07, 2006 @06:33PM (#17153758)
    They put the guy who can forge boarding passes on the no-fly list? does anybody else find that kinda... i don't know... retarded?
  • by loraksus (171574) on Thursday December 07, 2006 @06:39PM (#17153878) Homepage
    How about giving him a call and talking to him about this situation...

    James A. Roberts
    (317) 390-6916
  • by evilviper (135110) on Thursday December 07, 2006 @07:33PM (#17154778) Journal
    Chris Soghoian, the Indiana University PhD student who created an online boarding pass generator for Northwest Airlines to highlight security holes is on the government's 'no-fly' list.

    Does NOBODY see the irony here?

    The government is putting him on the No-Fly list, BECAUSE HE RELEASED A PROGRAM THAT ALLOWS PEOPLE TO CIRCUMVENT THE NO-FLY LIST.

    So this helps, how?

The flow chart is a most thoroughly oversold piece of program documentation. -- Frederick Brooks, "The Mythical Man Month"

Working...