Garten

If he were to apologize and promise to behave himself then I would hope that UA would allow him back on its flights after a suitable period.

My impression is that he's not likely to do that.

Exterous

Trade journals are easily ignored. Employee reports are easily ignored. If you look back at most of the major breaches they are have a history of ignored warnings from inside and outside the company. I would be shocked if his Twitter stunt hasn't shed more light and attention on the topic than any published article would have. So, from an effectiveness standpoint, Twitter was more likely to get something done despite your views. I am not disagreeing with your views but the role of social media in terms of reporting security issues is evolving - mostly due to the lack of action or attention businesses have placed on more traditional methods of disclosure

Imstevek

it feels like this thread is moving into the foil-hat zone, when it's mentioned he had no other recourse besides social media because he was being quieted. Really? When does Mulder and Scully get put on the case?

Garten

I have no problem with spreading concerns about aircraft safety by social media. It's making threats toward the flight you are on that's a problem.

Imstevek

I have a huge issue with the line being crossed to focus on specific flights, airframes.

docbert

If you watch some of his previous talks (such as the one linked above) he claims to have actually hacked everything from commercial airplanes to military rockets to public buses. He even details how to sneak onto the tarmac at an airport in order to do so (hint: it's easy, you just go in via the private aviation entrance, and then you can just walk up to the 747's in the rest of the airport)

Either he's ........ting, or he deserves to never be allowed on/near any form of public transport in the future.

You can probably guess which of the above my money is on...

Garten

Or both?

Baze

You can't yell fire in a crowded theater (unless there really is a fire). That is a crime and it is NOT protected by free speech. He did the equivalent, he tweeted while on the flight that he could do something, not protected and is definitely fine that it was perceived as a threat and possibly a crime and there are many statutes that allow his property to be seized when he did this. And under some statutes a warrant is not even needed as this could have been perceived as a terrorist threat.

LaserSailor

Career tip for the next interview/resume bullet

"I couldn't get my work published so I tweeted it"

Let us know how that works out.

I think this thread has run its useful course.

kirkwoodj

Agreed. Buh bye.

Exterous

I think 'no other recourse' is a leap that is not supported by the discussion here. Is there a long and well established history of companies ignoring\suppressing warnings? Absolutely - Apple, Sony, Home Depot, Target etc etc etc have had warnings that were not addressed much to the detriment of their customers and were not disclosed until after the breach. Does that mean he had no other possible recourse? No and I don't believe anyone has said that. I do, however, think that this Twitter incident has garnered FAR more interest on the issue of UA security than a traditional publishing or warning would have.

As a slight aside - working in the IT consulting field it was quite eye opening to see how many vulnerabilities go unfixed for a myriad of reasons of which apathy, cost and convenience seem to be the top 3. A breach is a nebulous concept that is often viewed as a small risk when compared with the very real capital expenditure to fix the issue. Often company security relies heavily on obscurity to effective as opposed to good practices (Passwords stored in plain text in 2015?! Come on already!). But you throw in a bit of bad publicity and the costs suddenly become real enough to be worth throwing money at the issue in a knee jerk reaction

WineCountryUA

from the original posted article
Connecting to a private system is an overt act.


I am troubled by the two wrongs make a right line of discussion.

planemechanic

Not me, I hope he is banned for life, not only from UA, but from all US commercial aircraft.

Exterous

Ah I missed that part

I certainly have not said anywhere that two wrongs make a right only that this was likely an effective method of bringing it to United's attention. Effectiveness is a value separate from a right and wrong judgement

Garten

When the guy acts like a jerk to the point that UA feels they need to ban him from their flights it makes it harder, not easier, for them to also acknowledge anything that's valid in what he's saying.