Interesting People mailing list archives
more on Web Site Lets Anyone Create Fake Boarding Passes
From: David Farber <dave () farber net>
Date: Sun, 29 Oct 2006 09:52:52 -0500
I don't condemn the actions of people, like Avi, who break systems that are "unbreakable" but I do seriously question the ethics and maturity of someone who demonstrates what is well understood just for the sake of it all.
It is hard enough to travel with the Kabuki theater that passes for security. I don't want to add the knee jerk reaction of banning computer boarding passes which serve little or no use at the TSA checkpoints anyway.
I strongly suggest we require a course in common sense and professional ethics for undergrads and graduate students. I have seen enough bad judgement calls to suggest it would be worth while (none from my students (that I know of)).
Dave Begin forwarded message: From: Patrick Sinz <ps () ethiqa com> Date: October 29, 2006 4:11:00 AM EST To: dave () farber net Subject: Re: [IP] Web Site Lets Anyone Create Fake Boarding Passes Hi, My first reaction is very similar to yours, making this web site does not show any particular IT security prowess, and is a sure way to stir up trouble. Then my second reaction was to check again the fine article and lookup the student's field. So he is not a political science student trying to evaluate government, private authorities and public response to a perceived security threat. So he deserved to be yelled at. On the other hand IT security is not just about good crypto, but also processes, ethics and all this kind of social sciences ("soft skills in corporateese :-)). So what was the "build up of the experiment" ? (if there was one). IMHO the student should have sent a letter to the airline, then to the supervision authority, then to a consumer organisation, and when all these actions fail to have any positive result, or to explain why this is a non issue: setup his site. Flatly condemning his actions would lead to a situation where any security related disfunction should be hidden in order to avoid "bad things to happen". So to somewhat caricature the situation: if you are working on a post-grad on hospital management and you notice that a large hospital chain is feeding junk to hearth patients you should keep silent because revealing this publicly might get hearth patients to worrry and get an hearth attack. duh! Best Regards [ps] Le samedi 28 octobre 2006 à 16:03 -0400, David Farber a écrit :
This grad student would be an ex grad student if I were there or at least a very very yelled at one. To do what was done is not research-- in fact it is not hard and everyone knows the weakness so " just pointing it out " is no excuse.Then again maybe it is the Universities job to talk about ethics Dave Begin forwarded message: From: EEkid () aol com Date: October 28, 2006 3:08:20 PM EDT To: dave () farber net Subject: Web Site Lets Anyone Create Fake Boarding Passes http://articles.news.aol.com/news/_a/web-site-lets-anyone-create-fake/ 20061027231809990001?ncid=NWS00010000000001 Web Site Lets Anyone Create Fake Boarding PassesStudent Says Site's Meant to Show Loopholes, Feds Don't See It That WayBy JONATHAN SILVERSTEIN, ABCNews.com (Oct. 28) - A 24-year-old computer security student working on his doctorate at Indiana University Bloomington has created a Web site that allows anyone with an Internet connection and a printer to create and print fake boarding passes for Northwest Airlines flights. The passes look virtually identical to the ones printed from the airline's site, and are intended to get you past security -- but not onto an airplane. By entering your name and plugging in information about the flight -- flight number, gate, seat number, departing city, destination, departure, and arrival times and class -- the site generates a boarding pass the program's creator says will get you past security checkpoints, even without ID. Christopher Soghoian, creator of "The Northwest Airlines Boarding Pass Generator," knew he would be opening up a can of worms by writing the program and creating the site, but says it's the only way to show people how deeply flawed airport and airline security are. <snip> ------------------------------------- You are subscribed as ps () ethiqa com To manage your subscription, go to http://v2.listbox.com/member/?listname=ipArchives at: http://www.interesting-people.org/archives/interesting- people/
------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on Web Site Lets Anyone Create Fake Boarding Passes David Farber (Oct 29)