Congressman Calls for Arrest of Security Researcher 574
Christopher Soghoian writes "Yesterday, I published a tool that allows you to Create your own boarding pass for Northwest flights. This was an attempt to document the fragile and broken state of identity/security for domestic flights in the US. Today, Congressman Markey (D-Mass) has called for my arrest." From the ABC article: "'I don't want to help terrorists or help bad guys do bad things on airplanes, but what we have now is what we in the industry call security theater. It's made to make you think you're secure without actually making you secure,' Soghoian said. 'As a member of the academic research community, I consider this to be a public service.' Soghoian admits that he hasn't actually tried to use one of the boarding passes yet."
Ummm. The First Amendment? (Score:5, Interesting)
I can see it now.. (Score:2, Interesting)
Passenger 1, with fake ticket, gets to seat 13F first. Sits down and gets comfortable.
Passenger 2, with real ticket, gets to seat 13F, finds someone else in their seat, and politely claims that it is their seat.
Passenger 3 gets to seat 13F, finds two people arguing over whos seat it is, and considers his mistake.
Flight attendant 1 arrives on scene, cannot determine who is the proper passenger, and has Air Marshall 1 escort them both off the plane, where the receive black bags over their heads and are both never heard from again.
Passenger 3, like passenger 1, forgot to change the seat number they printed for the fake ticket they heard would work 'from a friend on the internet'.
But, let's be serious for a minute. This would never work for actually getting to FLY somewhere. You would get into the seat dispute and the person with the real ticket would win every time. And you'd end up in a dark, dark room with FBI agents, then finally in prison for a long time. Gee, that was worth it.
Of course, the real threat is probably just being able to get to the plane. So, point taken. And it truly is a sad state of affairs for security. I am curious to see if this guy gets arrested and if so, convicted of a crime.
TLF
but of course (Score:5, Interesting)
One, shouldn't they already be on the lookout for frausters and terrorist.
Two, this isn't a new loophole. It's been there a while folks.
Re:Ummm. The First Amendment? (Score:2, Interesting)
They don't have to file a case. Congress did away with Habeas Corpus recently, so they can just 'disappear' you, like all the other terrorists...
I'm really thinking that armed insurrection is going to be coming soon to the U.S....
Re:not likely (Score:4, Interesting)
Passing a fake bill is illegal. Selling a printing press is not, even if that printing press can be used to print bills.... Telling people how to make a plate based on existing currency... it's the same as making any other kind of plate, so also not illegal in all likelihood.
There isn't anything here that hasn't been obvious to every single person who reads Slashdot for years. It's all smoke and mirrors, and anyone with even a modest level of intelligence knows this, not just geeks. The only thing surprising here is that we have a Congressman who is so completely computer illiterate and clueless that he actually believes that the stuff in this article would be a surprise to anyone.
You know, now that I think about it, given the quality of federal legislation in the past few years... it's not really that surprising after all. In fact, it explains a lot.
Re:not likely (Score:5, Interesting)
Don't know what became of that. (This was long before 9/11.)
Re:Another politician... (Score:3, Interesting)
Reminds me of an old southwest.com "HOST" bug (Score:5, Interesting)
When southwest first started offering online checking, i discovered a small bug, when you got the the "Print your boarding pass" screen, with my name in all caps, the letters "HOST" were replaced with "southwest.com"
The first time it happened i thought it was ammusing, I emailed their tech support, saved the HTML to a file and edited it so it had my name again and would match my ID when i checked in.
4 or 5 flights and at least 9 months later it was still happening and I spent a good 3 hours on the phone being transfered arround to different people trying ot get them to understand what the problem was and how fucking ridiculous it was that i had to constantly "hack" my boarding pass because of a bug they'd had for months.
Re:Ummm. The First Amendment? (Score:3, Interesting)
Re:Political spectrum (Score:5, Interesting)
There's a very popular case study in business school about Coke and Pepsi, and how they're both very happy with approximately 49% of the market. People think they have a real "choice". Neither one has to worry about "monopolies". And, they already know each other. It's a fake battle to make people think that they actually have a choice, all the while, both parties are very happy with half of a FUCKING HUGE pie.
Sound familiar?
Re:not likely (Score:3, Interesting)
Indeed. The very first MS Word macro virus was explicitly designed as a 'proof of concept' - in effect, a shot across the bows of the USS Microsoft. While many of us had already expressed serious concern long before this, MS refused to even acknowledge that there was an issue. Even this tangible evidence wasn't enough to garner a timely reaction from MS. It was months later when the software industry slowly ground its gears and began to accept that integrated scripting languages in one's documents could actually be a problem. To this day, the entire automation model is still a liability.
I'm not singling out Microsoft as the cause of all this - WordPerfect had macros long before MS Office ever existed. I'm simply using this anecdote as one of the biggest, most obvious and most egregious examples of people pooh-poohing security concerns until the barbarians are already inside the gates [sic].
Red vs Blue (Score:1, Interesting)
Being pro-business is an extension of this, rather than the other way around. Democrats are more willing to allow use of eminent domain in such situations for the same reason they are more willing to raise taxes. It is subtle difference in thinking: Do the rights of the state exist because they were granted by the people? Do the rights of the individual exist because they were granted by the state?
The case in question was far more narrow, of course. But justices anwsers to those questions are pretty strongly correlated to decisions like this one. For a similar reason, even though Republicans are on TV moaning about "judicial activism" their appointees are far more likely to vote to strike down acts of congress than those of Democrats.
Re:not likely (Score:3, Interesting)
Unfortunately, there are enough weak brained person's around to get the guy for "intent" based on production of the code.
Fraud requires intent. But fraud is not the only possible crime here.
In particular there are a lot of crimes that are designed to make it easier to prosecute fraud by criminalizing conduct that is preparation for fraud. That is how the CANSPAM act works, it does not criminalize spam but it does criminalize activities spammers typically engage in.
The Secret Service agent who led the Shaddowcrew investigation told me that the charge they used most was not fraud or even having stolen credit card numbers. The charge that they used to break the case was possession of a device designed for the purpose of counterfeiting a financial instrument. Once a search of the suspects place turned up a machine for making credit cards a plea bargain was a foregone conclusion.
Looks to me that it is not very difficult to claim that the Web site is a device that enables forgery of a financial instrument. Not only could the creator of the site be liable here, the hosting service might well be.
Re:Well (Score:3, Interesting)
In actual fact they differ on rather a lot, most imporantly the issue of whether Congress should perform oversight of the executive or simply rubber stamp their demands.
This is rather important if you as a US soldier sent to Iraq in insufficient force, lacking essential equipment and having your efforts sabotaged by a civilian leadership whose incompetence is only matched by their mendacity.
Another important difference is that Republicans would like to phase out 'privatize' social security while Democrats beleive in it. The last Democratic President balanced the budget, the last three Republicans all burst it. Tax cuts mean nothing if expenditure runs out of control, the bills will have to be paid some day and taxes will be raised when they do.
But most importantly of all there has never been a US administration that has shown such utter contempt for international law and in particular the laws of war. This is the first US administration to have embraced torture.
Re:Flash Update: The FBI is at The Door (Score:2, Interesting)
It originally said "Russel Coleman and Christopher E Allen from the FBI are at the door. Off to chat."
Now it says "The FBI are at the door. Off to chat."