TSA put travellers at risk of ID theft...
Global Justice Alliance

Results 1 to 2 of 2

Thread: TSA put travellers at risk of ID theft...

  1. #1

    TSA put travellers at risk of ID theft...

    Scary but true:

    A scathing congressional report released Friday confirms that security flaws in a Transportation Security Administration site put thousands of Americans at risk of identity theft [...].

    In October 2006, the TSA launched a Web site to help travelers whose names were erroneously listed on airline watch lists. This site had a number of security vulnerabilities: it was not hosted on a government domain; its home page was not encrypted; one of its data submission pages was not encrypted; and its encrypted pages were not properly certified. Furthermore, the site was filled with typos and other errors, causing some to wonder whether TSA's site had been taken over by phishers [...].

    For the four months that the site was up, thousands of people visited it, and 247 travelers submitted highly personal information (including their Social Security number and place of birth) through an insecure, non-SSL encrypted form. TSA's lax security practices resulted in thousands of Americans being put at a direct risk of identity theft [...].

    The TSA official in charge of the project awarded the contract--without competition--to one of his former employers, a company owned by one of his high school buddies [...] the report notes that "neither Desyne nor the technical lead on the traveler redress Web site have been sanctioned by TSA for their roles in the deployment of an insecure Web site. TSA continues to pay Desyne to host and maintain two major Web-based information systems. TSA has taken no steps to discipline the technical lead, who still holds a senior program management position at TSA."--CNET blogs
    Follow the link if you'd like more background and a link to the actual report.
    Why is everyone who drives slower than me an idiot, and everyone who drives faster a maniac?

  2. #2
    Administrator Honored Elder jeriddian's Avatar
    Join Date
    Jun 2006
    Location
    Midland, Texas
    Posts
    8,000
    Quote Originally Posted by canuck31003 View Post
    Scary but true:

    A scathing congressional report released Friday confirms that security flaws in a Transportation Security Administration site put thousands of Americans at risk of identity theft [...].

    In October 2006, the TSA launched a Web site to help travelers whose names were erroneously listed on airline watch lists. This site had a number of security vulnerabilities: it was not hosted on a government domain; its home page was not encrypted; one of its data submission pages was not encrypted; and its encrypted pages were not properly certified. Furthermore, the site was filled with typos and other errors, causing some to wonder whether TSA's site had been taken over by phishers [...].

    For the four months that the site was up, thousands of people visited it, and 247 travelers submitted highly personal information (including their Social Security number and place of birth) through an insecure, non-SSL encrypted form. TSA's lax security practices resulted in thousands of Americans being put at a direct risk of identity theft [...].

    The TSA official in charge of the project awarded the contract--without competition--to one of his former employers, a company owned by one of his high school buddies [...] the report notes that "neither Desyne nor the technical lead on the traveler redress Web site have been sanctioned by TSA for their roles in the deployment of an insecure Web site. TSA continues to pay Desyne to host and maintain two major Web-based information systems. TSA has taken no steps to discipline the technical lead, who still holds a senior program management position at TSA."--CNET blogs
    Follow the link if you'd like more background and a link to the actual report.
    Ah, yes... ....our tax dollars at work again.
    "Say the Word"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •