An anonymous reader of Dave Farber's Interesting People list has discovered a glaring flaw in the TSA's protocol for secondary screening:
today at newark airport i used a paperless electronic boarding pass on my cell phone (as i usually do). i got through the id check, stripped down to my skivvies (almost), and as i was about to walk through the magnetometer (they still have those at united newark), they were yelling out that they were checking boarding passes, take them along through the mag.
i said, it's on my phone, you really want i should take my phone through the mag?
they said "no, only take your paper boarding passes".
huh? sure enough, if you said you used a mobile boarding pass, they believed you (anddidn't even look at it (of course, only another scanner could really verify its authenticity.)
so after a bit of conversation, i found out that they were checking the paper boardingpasses to check for the dreaded four esses, meaning "secondary screening". if you are randomly selected for secondary screening at checkin, they currently won't issue you an electronic boarding pass, you have to do a manual check-in.
so now they have created a situation where someone selected for secondary screening can get through the id check with their paper boarding pass showing the SSSS, and then, when they reach the mag where the screening would occur, simply lie, saying they are using an electronic boarding pass to avoid secondary screening.
the latest in TSA improved stupidity equips people to avoid a secondary search
(Image: ssss.JPG, a Creative Commons Attribution (2.0) image from jcortell's photostream)
Here’s the 32 minute video of my presentation at last month’s O’Reilly Security Conference in New York, “Security and feudalism: Own or be pwned.”
So far 864 people in the UK have reported instances of “webcam blackmail” to police in 2016, more than double the number of reported incidents in 2015.
Last week, the San Francisco Municipal Light Rail system (the Muni) had to stop charging passengers to ride because a ransomware hacker had taken over its network and encrypted the drives of all of its servers.
Loot Crate is a totally different kind of subscription service that mails subscribers monthly boxes filled with curated geek, pop culture, and gamer paraphernalia. Its cult following awaits a box every month filled with everything from bobble heads to T-shirts to special edition collectibles. But nothing gets Loot Crate fans as excited as the limited […]
The ARMOR-X Mini Flexible Phone Tripod is a smartphone tripod that is designed with flexible legs to rest on virtually any type of surface. Other tripods have proved useless unless I conveniently have a flat surface in front of me, which is why this particular tripod was appealing enough to try out. The ARMOR-X is compact and easy […]
You don’t need to get an advanced degree and take out massive loans to become a coder. This bundle of 10 courses was designed to teach anyone to code at home for less than it costs to go out for dinner. I was particularly impressed with this new 2017 bundle because it includes courses on […]