Friday, October 27, 2006

Showing how insecure we really are

with laptop
Originally uploaded by genome4hire.
Perhaps you have heard about the doctoral student at Indiana University Bloomington who has identified (albeit not for the first time) flaws in our airport security system. Christopher Soghoian, a student in "Informatics" (and, if you're like me, surf here to find out what informatics is), has not only walked through the process, but provided a little iinternet-magic to allow the casual computer user to actually print a bogus boarding pass.

Of course, this has not made him all that popular. As reported in Wired, Congressman Edward Markey (D-Mass.) wants him arrested. I'm not sure what the charge is, but he wants him tossed in jail. I'm not sure "too smart for his britches" is actually a valid charge (were it, I'll be sharing a sell with Mr. Soghoian). As Mr. Soghoian notes here in his blog, slight paranoia,
In addition to calling for my arrest, the congressman may want to call for the arrest of Senator Schumer (D-NY). In April of this year, he posted rather detailed instructions for the exact same attack. See: here. Sure, he didn't produce a php script that'd do it for you, but he provided detailed enough instructions that a terrorist or evil-doer with basic computer skills could do it.
Ah, I think that Congressman Markey had better get on the right track and work to make the system safer. Tossing Mr. Soghoian in the slammer is not only a bad idea, but will merely rile-up a slew of folks. Perhaps it is time to institute real security screening and other processes at airports and other public transportation hubs. As Mr. Soghoian notes, what we have now may look good, but it's not really doing us any good.

In the mean time, you can surf here to make your own boarding pass. Do; it's fun!

No comments:

Post a Comment