An anonymous reader of Dave Farber's Interesting People list has discovered a glaring flaw in the TSA's protocol for secondary screening:
today at newark airport i used a paperless electronic boarding pass on my cell phone (as i usually do). i got through the id check, stripped down to my skivvies (almost), and as i was about to walk through the magnetometer (they still have those at united newark), they were yelling out that they were checking boarding passes, take them along through the mag.
i said, it's on my phone, you really want i should take my phone through the mag?
they said "no, only take your paper boarding passes".
huh? sure enough, if you said you used a mobile boarding pass, they believed you (anddidn't even look at it (of course, only another scanner could really verify its authenticity.)
so after a bit of conversation, i found out that they were checking the paper boardingpasses to check for the dreaded four esses, meaning "secondary screening". if you are randomly selected for secondary screening at checkin, they currently won't issue you an electronic boarding pass, you have to do a manual check-in.
so now they have created a situation where someone selected for secondary screening can get through the id check with their paper boarding pass showing the SSSS, and then, when they reach the mag where the screening would occur, simply lie, saying they are using an electronic boarding pass to avoid secondary screening.
the latest in TSA improved stupidity equips people to avoid a secondary search
(Image: ssss.JPG, a Creative Commons Attribution (2.0) image from jcortell's photostream)
Yesterday, Dell was advising customers not to try to uninstall the bogus root certificate it had snuck onto their Windows machine, which would allow attackers to undetectably impersonate their work intranets, bank sites, or Google mail. Today, they apologized and offered an uninstaller — even as we’ve learned that at least one SCADA controller was […]
Last February, Lenovo shocked its security-conscious customers by pre-installing its own, self-signed root certificates on the machines it sold. These certificates, provided by a spyware advertising company called Superfish, made it possible for attackers create “secure” connections to undetectable fake versions of banking sites, corporate intranets, webmail providers, etc.
Carrying this EDC card is like slinging around a handheld toolbox wherever you go. Its minimal design is small enough to fit in your wallet’s billfold, and it’s TSA-compliant so you’ll never leave it behind. It’s got hex wrenches, metric and imperial rulers, flathead and Phillip’s screwdrivers, and a bottle opener so that you’re ready […]
Today only take an additional 15% off the below drones today using coupon code: DRONE15 at checkoutThe Code Black is our top-selling drone of all time—and for good reason. This powerful, palm-size drone is not only insanely fun to fly, but can capture some serious video footage from up above. With a flight time of […]
Why interrupt your post-Thanksgiving turkey bliss to wait in an epic line, when the best deal of the season is a click away? We’re treating you Mac enthusiasts to the ultimate Black Friday bundle, packed with apps to give your machine a mega boost in the right direction. From Drive Genius to AfterShot Pro to […]