tsa – Noise https://noise.getoto.net The collective thoughts of the interwebz Mon, 02 Sep 2024 04:01:32 +0000 en-US hourly 1 https://wordpress.org/?v=6.8.2 SQL Injection Attack on Airport Security https://noise.getoto.net/2024/09/02/sql-injection-attack-on-airport-security/ Mon, 02 Sep 2024 11:07:04 +0000 https://www.schneier.com/?p=69312 Interesting vulnerability:

…a special lane at airport security called Known Crewmember (KCM). KCM is a TSA program that allows pilots and flight attendants to bypass security screening, even when flying on domestic personal trips.

The KCM process is fairly simple: the employee uses the dedicated lane and presents their KCM barcode or provides the TSA agent their employee number and airline. Various forms of ID need to be presented while the TSA agent’s laptop verifies the employment status with the airline. If successful, the employee can access the sterile area without any screening at all...

]]> No-Fly List Exposed https://noise.getoto.net/2023/01/23/no-fly-list-exposed/ Mon, 23 Jan 2023 12:02:56 +0000 https://www.schneier.com/?p=66620 I can’t remember the last time I thought about the US no-fly list: the list of people so dangerous they should never be allowed to fly on an airplane, yet so innocent that we can’t arrest them. Back when I thought about it a lot, I realized that the TSA’s practice of giving it to every airline meant that it was not well protected, and it certainly ended up in the hands of every major government that wanted it.

The list is back in the news today, having been left exposed on an insecure airline computer. (The airline is CommuteAir, a company so obscure that I’ve never heard of it before.)...

]]>