No bid TSA website found insecure
Jan 17, 2008 | 1:29 am
#1
Original Poster
Join Date: Jul 2000
Location: Lake Oswego, Oregon USA
Programs: UA Mileage Plus, Alaska Air, American Airlines, SWA RapidRewards
Posts: 143
No bid TSA website found insecure
No surprise here
http://blogs.ittoolbox.com/security/...insecure-21810
http://blogs.ittoolbox.com/security/...insecure-21810
No bid TSA web site found insecure
Dan Morrill (Security Project Manager) Posted 1/15/2008
Comments (0) | Trackbacks (0)
In what should be a warning to travelers and just about everyone on the internet, a web site built for the TSA has been found to have significant security issues, endangering travelers, as well as the reputation of the TSA and the company that built the web site.
A report issued on Friday by the House Oversight and Government Reform Committee says that between October 6, 2006, when the TSA launched its Redress Management System [RMS] site, and February 13, 2007, when the site ceased operation following revelations about its lack of security, "[a]t least 247 travelers submitted their personal information through the unsecured 'file your application online' link." Source: Information Week
There is some very interesting commentary on this over at Techdirt.
You can read the report here.
The issues surrounding this, beyond the no-contract bid issued by a person who used to work for the company that built the web site is the apparent lack of understanding about basic security measures.
People should at this point know enough to look for the lock icon on their web browser, and seriously question a web site that does not have one when entering personal information. This is such a basic issue, that it is surprising that it was not done at all, and now people are worried about their identities being stolen.
Dan Morrill (Security Project Manager) Posted 1/15/2008
Comments (0) | Trackbacks (0)
In what should be a warning to travelers and just about everyone on the internet, a web site built for the TSA has been found to have significant security issues, endangering travelers, as well as the reputation of the TSA and the company that built the web site.
A report issued on Friday by the House Oversight and Government Reform Committee says that between October 6, 2006, when the TSA launched its Redress Management System [RMS] site, and February 13, 2007, when the site ceased operation following revelations about its lack of security, "[a]t least 247 travelers submitted their personal information through the unsecured 'file your application online' link." Source: Information Week
There is some very interesting commentary on this over at Techdirt.
You can read the report here.
The issues surrounding this, beyond the no-contract bid issued by a person who used to work for the company that built the web site is the apparent lack of understanding about basic security measures.
People should at this point know enough to look for the lock icon on their web browser, and seriously question a web site that does not have one when entering personal information. This is such a basic issue, that it is surprising that it was not done at all, and now people are worried about their identities being stolen.
