Ari

That's not what I read. The holier-than-thou post begins "I’m publishing this because I am seriously concerned with boarding pass security in the United States." Obviously, if someone is 'seriously' concerned about a security flaw, the proper course of action is to reach out to TSA and/or UA in private to bring it to their attention, not to alert the public with a bigger microphone than this blog so that it might be exploited. That's why I question his motives-- seems to me, he wanted to be a big shot and be the first to expose a security flaw in public (albeit a flaw which doesn't exist).

https://puckinflight.wordpress.com/2...-check-system/

The post continues:

(emphasis added)

I didn't see any hedging there at all. I believe he might also be wrong that 1 is no PreCheck-- 0 is no PreCheck. I don't know (I try to hedge when I don't know something for sure), but I think 1 means SSSS. I think 0 = CLR, 1 = SSSS, and 3 = LLL.

And then, when he figures out he is wrong:

https://puckinflight.wordpress.com/2...security-flaw/

Notice that the title is "Update on the TSA Security Flaw," not "Oops, I didn't know what I was talking about". It is hardly an 'update' when the information is only new to the author.

* * *

Whether knowing one has a '3' in advance of arriving at the security checkpoint constitutes a security risk is a topic open for debate; what Colpuck did was post fiction as fact to sound an alarm that didn't need sounding. There was no need to attract attention to a 'secret' frequent fliers find very convenient; the only thing that could come of it is that it changes, and that would be a bad thing for us.

What people also fail to recognize is that at airports like ORD, contract employees scan boarding passes before the line to security. Anyone wanting to probe the system can just turn around and go home if he doesn't get 3 beeps from the contract employee-- it isn't like one is already in the TSA area past some 'point of no return' when one finds out about PreCheck for a given flight. This 'flaw' (if it is one at all) was evident to me when AA first split the line in ORD T3 during PreCheck's first month. (Somehow, I resisted the temptation to post it, perhaps because I knew nothing good could come of running my mouth-- they could have reacted by shoving PreCheck back into the elite line). So one could probe the system long before people knew how to decode the barcode.

I take no pleasure in attacking my fellow FT'ers, but this poster's conduct is beyond irksome and requires calling out.

tusphotog

If they do a membership program like GE (and I'd gladly pay for that), they better have it rolled out across all airlines and at all the major and secondary airports.

While I agree with you, I don't expect this to ever happen again. Too many people are scared by the thought of people bringing "bad things" onto planes. The TSA has done a fantastic job scaring people into thinking bottled water and shoes are dangerous instruments.

rdaven2003

Another article this morning about how terrorists can alter boarding passes to qualify for pre-check. Is this a TSA scam to end pre-check and increase their self worth?

http://news.yahoo.com/spoofed-boardi...231754237.html

sm82

I read it in cnnfn.com and thought the exact same thing. Great program, only if it works.

etrnjanin

Why would the TSA want to end it's own program?

http://www.tsa.gov/tsa-pre%E2%9C%93%E2%84%A2

Palal

http://www.flyertalk.com/forum/check...pre-check.html

Well, it would not depend on the barcode, but rather on what's in the database on the backend.

Penbank

Pre does not mean no checks. It's supposed to be a shorter line and keeping shoes on. You can already keep shoes on if you are elderly and don't need to be Pre.

Ocn Vw 1K

As this concerns travel security, please follow it as it moves to the Practical Travel Safety Issues forum. Ocn Vw 1K, Moderator, TravelBuzz.

mapoptic

It shouldn't matter that the 1 or 3 referenced in the article above is in the clear. The barcode is digitally signed to prevent alteration. So long as the certificate(s) used to do the signatures remains secure, any alteration like that described in the article would mean that the barcode would fail the sig check. happened to me when my barcode was smudged and misread.

Ari

Another idiot news outlet takes Colpuck's word as the gospel truth.

Upgraded!

That would/should be the beauty of it: scan an ID and you're good to go. I would imagine it's much easier to get this right if it's an ID issued by TSA, scanned by a TSA scanner and no interface with the airlines is required.

Ari

But they want access to PNR data before giving out PreCheck on a given flight . . . though they don't require this of military.

gfunkdave

I have spent a good 15 minutes looking around for these mysterious websites that can decode barcodes, and not found anything but this one, which doesn't work on any barcode image file I give it.

I have seen many breathless articles about the Grave Threat To Our Security posed by being able to know ahead of time whether I'll be groped and scanned.

How can I decode a barcode, either on a website or with my phone? None of the barcode scanner apps for iOS seems to read boarding pass barcodes.

steve65341

I downloaded one for iphone that simply shows up as "scanner" and it works well. FWIW the boarding pass barcode is in PDF 417 format so finding one that supports it will work.

gfunkdave

Ah, the missing link. Thanks! I just searched the app store for "pdf 417". Only one app showed up, but it seems to work. Thanks again! ^