funsec mailing list archives
RE: Congressman Ed Markey Wants Security Researcher Arrested
From: Larry Seltzer <Larry () larryseltzer com>
Date: Sat, 28 Oct 2006 07:25:25 -0400
Markey is clearly barking mad and totally devoid of the slighest hint
of a grip on how to do what he is supposedly charged with doing -- improving airline/flight safety. He's a congressman. He's hardly a professional in this business and not specifically charged with airport safety. You can't fairly criticize the administration of airline safety because an outsider criticizes another outsider for attempting to break it.
_IF_ the current system cannot filter out those carrying fake boarding
passes, _THEN_ the current system _IS BROKEN_. Did I say that it wasn't? In fact, did the researcher say that it could? No. So what's the point of your rhetorical question here? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.eweek.com/blogs/larry%5Fseltzer/ Contributing Editor, PC Magazine larryseltzer () ziffdavis com -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Nick FitzGerald Sent: Friday, October 27, 2006 11:24 PM To: funsec () linuxbox org Subject: RE: [funsec] Congressman Ed Markey Wants Security Researcher Arrested Larry Seltzer wrote:
I know this makes me a fascist around here but this bothers me a lot. He's facilitating fraud, and the fact that he himself says they're not
good enough to get you on a plane makes me doubt the value of his
research.
Suppose he was making software to print $100 bills. Is that OK because it shows weaknesses in the currency? And if he or anyone else uses these they definitely should be busted.
I think you've missed the point... _If_ these forgeries are good enough to get through initial (usually just the briefest of eye-balling and often kerbside) screening _AND_ that opens the whole system up to some much bigger threat _THEN_ the whole system is totally borked from tip to toe. Ed Markey was quoted as saying: The Bush Administration must immediately act to investigate, apprehend those responsible, shut down the website, and warn airlines and aviation security officials to be on the look-out for fraudsters or terrorists trying to use fake boarding passes in an attempt to cheat their way through security and onto a plane... _IF_ the current system cannot filter out those carrying fake boarding passes, _THEN_ the current system _IS BROKEN_. Further, Markey seems to suggest that he beleives if a terrorist were "enabled" to gain access to a plane by the use of such a fake boarding pass that terrorist would in some way be more likely to NOT be subjected to and/or detected by whatever _OTHER_ checks are put in such terrorists' way. Markey is clearly barking mad and totally devoid of the slighest hint of a grip on how to do what he is supposedly charged with doing -- improving airline/flight safety. Thus it is no wonder US aviation security is the joke that it is. Markey understands this: There are enough loopholes at the backdoor of our passenger airplanes from not scanning cargo for bombs; but can't see that trivially forgeable and weakly "authenticated" bits of paper are a fundamental _design weakness_ in another part of the system: ... we should not tolerate any new loopholes making it easier for terrorists to get into the front door of a plane. Soghoian did not create this loophole -- it was already there and has been for how long? Two? Five? Ten? Forty? years... And, because we know of it already, and have much better layers of checking before and/or after (imagine using this in a transit/layover situation, rather than directly at check-in) use of this one, its existence should be a moot point. Now, if there really is a dire flaw in Northwest Airline's deployment and use of these feeble little bits of paper, Soghoian may just have done Northwest passengers and the DHS a favour. Yes, what he's doing is technically fraud, but to even suggest it begins to equate with forging $100 bills is reactionary nonsense. Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Congressman Ed Markey Wants Security Researcher Arrested Fergie (Oct 27)
- Re: Congressman Ed Markey Wants Security Researcher Arrested Drsolly (Oct 27)
- Re: Congressman Ed Markey Wants Security Researcher Arrested Nick FitzGerald (Oct 27)
- <Possible follow-ups>
- Re: Congressman Ed Markey Wants Security Researcher Arrested Gregory Hicks (Oct 27)
- Re: Congressman Ed Markey Wants Security Researcher Arrested Drsolly (Oct 27)
- RE: Congressman Ed Markey Wants Security Researcher Arrested Larry Seltzer (Oct 27)
- RE: Congressman Ed Markey Wants Security Researcher Arrested Nick FitzGerald (Oct 27)
- RE: Congressman Ed Markey Wants Security Researcher Arrested Larry Seltzer (Oct 28)
- Re: Congressman Ed Markey Wants Security Researcher Arrested Kevin Johnson (Oct 28)
- Re: Congressman Ed Markey Wants Security Researcher Arrested Dude VanWinkle (Oct 28)
- RE: Congressman Ed Markey Wants Security Researcher Arrested Larry Seltzer (Oct 28)
- Re: Congressman Ed Markey Wants Security Researcher Arrested Dude VanWinkle (Oct 28)
- Re: Congressman Ed Markey Wants Security Researcher Arrested Drsolly (Oct 27)
- Re: Congressman Ed Markey Wants Security Researcher Arrested Dude VanWinkle (Oct 27)