Feeds

Fake boarding pass brouhaha settled amicably

Feds step back

Beginner's guide to SSL certificates

The FBI has let Indiana University graduate student Christopher Soghoian off the hook for having posted a fake boarding pass generator on his website. Soghoian had intended to illustrate the ease with which a person on the no-fly lists could gain access to secure areas of an airport, although it is unlikely that anyone could have boarded a plane without further trickery.

Naturally, the TSA is less than welcoming toward those who would reveal the flaws in its security protocols, so the FBI quickly moved in by ordering Soghoian to remove the pass generator from his site, searching his residence, and impounding his property.

A month or so later, the Feds have decided to let the matter drop. According to Soghoian, the authorities were in no way persuaded that he had performed a service by spotting a flaw and publicising it, but allowed that he had not intended to cause harm.

He points out on his blog that the no-fly lists are exceptionally weak, with numerous false positives to their credit, and no terrorists caught. He notes that it's also possible to fly domestically without ID if one is willing to submit to additional screening, which means that a banned person could fly, although it would be difficult for them to smuggle a weapon on board with the extra scrutiny they would attract.

"The domestic no-fly list and the ability to fly without ID simply cannot co-exist," he writes. "We need to figure out, as a nation where the majority of people do not support a national ID, if we want a no-fly list in the first place and if we are willing to be forced to present our papers."

He seems to believe that the government should do it right, or not at all, with a bit more emphasis on the not-at-all option. He's clearly no fan of the TSA's slack approach, which is to enact a security rain dance, the sole purpose of which is to assure the public that "something" is being done. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.