Feeds

Fake boarding pass brouhaha settled amicably

Feds step back

New hybrid storage solutions

The FBI has let Indiana University graduate student Christopher Soghoian off the hook for having posted a fake boarding pass generator on his website. Soghoian had intended to illustrate the ease with which a person on the no-fly lists could gain access to secure areas of an airport, although it is unlikely that anyone could have boarded a plane without further trickery.

Naturally, the TSA is less than welcoming toward those who would reveal the flaws in its security protocols, so the FBI quickly moved in by ordering Soghoian to remove the pass generator from his site, searching his residence, and impounding his property.

A month or so later, the Feds have decided to let the matter drop. According to Soghoian, the authorities were in no way persuaded that he had performed a service by spotting a flaw and publicising it, but allowed that he had not intended to cause harm.

He points out on his blog that the no-fly lists are exceptionally weak, with numerous false positives to their credit, and no terrorists caught. He notes that it's also possible to fly domestically without ID if one is willing to submit to additional screening, which means that a banned person could fly, although it would be difficult for them to smuggle a weapon on board with the extra scrutiny they would attract.

"The domestic no-fly list and the ability to fly without ID simply cannot co-exist," he writes. "We need to figure out, as a nation where the majority of people do not support a national ID, if we want a no-fly list in the first place and if we are willing to be forced to present our papers."

He seems to believe that the government should do it right, or not at all, with a bit more emphasis on the not-at-all option. He's clearly no fan of the TSA's slack approach, which is to enact a security rain dance, the sole purpose of which is to assure the public that "something" is being done. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
Enigmail PGP plugin forgets to encrypt mail sent as blind copies
User now 'waiting for the bad guys come and get me with their water-boards'
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.