Interesting People mailing list archives
Public demonstration of airline reservations insecurity
From: "Dave Farber" <dave () farber net>
Date: Thu, 29 Dec 2016 01:50:39 +0000
---------- Forwarded message --------- From: Edward Hasbrouck <edward () hasbrouck org> Date: Wed, Dec 28, 2016 at 6:56 PM Subject: (for IP) Public demonstration of airline reservations insecurity To: <farber () gmail com> Yesterday at the 33C3 conference, a team of white-hat hackers gave a public demonstration of the insecurity of the Computerized Reservations Systems (CRSs), a/k/a Globa; Distributioon Systesm (GDSs), used by airlines and travel companies to store Passenger Name Records (PNRs). Video: https://media.ccc.de/v/33c3-7964-where_in_the_world_is_carmen_sandiego They were able to retrieve and change reservations and obtain free flights (at least within the Schengen zone, where there are no passport checks). Although there are fundamental insecurities in the CRss themselves, the demo yesterday exploited vulnerabilities in the CRs's public Web gateways whihc I wrote about, after reporting them to all four major CRSs, in 2001 and 2002. One of the CRSs, Sabre, made soem temporary changes in response to my report, but repeatedly reverted to the same insicure mode of operation as the others. The others did not respond to my reports. 2002 article from my Web site: https://hasbrouck.org/articles/watching.html More background and quotes about this vulnerability from my 2001 book: https://hasbrouck.org/blog/archives/002279.html Flight booking systems lack basic privacy safeguards, researchers say (by Eric Auchard, Reuters, 27 December 2016) http://uk.reuters.com/article/us-cyber-travel-idUKKBN14G1I6 Reisedaten: Betrug mit Buchungscodes ist zu einfach (by Patrick Beuth, Zeit, 26 December 2016) http://www.zeit.de/digital/datenschutz/2016-12/reisedaten-hacking-betrug-buchungscode-33c3/komplettansicht ---------------- Edward Hasbrouck <edward () hasbrouck org> <https://hasbrouck.org> <https://twitter.com/ehasbrouck> +1-415-824-0214 "The Practical Nomad: How to Travel Around the World" (5th ed., 2011) <https://hasbrouck.org/PN> Consultant to The Identity Project: <https://papersplease.org> GnuPG/PGP public key: <https://hasbrouck.org/ehasbrouck.asc> fingerprint: 0B0B 8F74 CEA3 83AB 97B3 F6AF BB7E F636 165C 22F5 ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580 Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125 Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20161228205101:3B64FF14-CD69-11E6-A0AD-C11333FE3FFC Powered by Listbox: http://www.listbox.com
Current thread:
- Public demonstration of airline reservations insecurity Dave Farber (Dec 28)