« Acer grumbles at closed Windows pricing loophole | Main | Broadband sharing project reaches first milestone »
Information security student flunks proper disclose class the hard way
Computer security student Christopher Soghoian failed his first class in proper disclosure of security vulnerabilities. But instead of an "F", he found his front door window smashed in and all computers missing from his apartment.
The FBI decided to raid his apartment after the student put up an online service that allowed visitors to create fake boarding passes for Northwest Airlines.
The site has since been taken offline, but the bare page can still be accessed through Google's cache.
Printing your boarding pass at home is one of the conveniences air travel in the internet age. These printouts will get you past the first security check that allows passengers into the gate area. This security check is the only time when a passenger's identification is checked.
Soghoian wasn't the first to warn about the weakness in the online check-in system. But he is the first one to create a publicly available service that allows people to create new passes with just a few clicks.
As any seasoned security researcher knows, you don't warn the world against the dangers of nuclear weapons by setting one off. We've got governments to do that.
Soghoian's boardpass forging service
technorati tags: security, christopher+soghoian, airport
October 30, 2006 at 10:09 PM | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/t/trackback/24766/6629514
Listed below are links to weblogs that reference Information security student flunks proper disclose class the hard way:
Spanish
