recent posts

Web Fraud 2.0: Distributing Your Malware
Opera Update Plugs Multiple Security Holes
Web Fraud 2.0: Digital Forgeries
Web Fraud 2.0: Validating Your Stolen Goods
Web Fraud 2.0: Cloaking Connections

Stories by Category

Stories By Date

related links

The Archives
Security Fix Live: Web Chats
About This Blog
Password Primer
7 Security Tips
Technology Section

syndicate

About This Blog   |   Archives   |   RSS Feeds RSS Feed   (What's RSS?)

Congressman Wants Answers About TSA Site

Citing reports by Security Fix and Wired, the chairman of the House Committee on Oversight and Government Reform is demanding that the Transportation Security Administration produce a raft of documents to explain why it created a Web site for airline travelers that lacked basic security protections.

In a letter sent Friday to the assistant secretary of the TSA, Rep. Henry Waxman (D-Calif.) ordered the agency to produce all documents "relating to the period during which the site operated without encrypted data transfer protections, including the number of travelers who may have submitted their personal information to the site during the period when the site was not SSL-protected." The TSA has until March 9 to submit the documents.

Referring to reporting by Wired's 27B Stroke 6 blogger Ryan Singel about numerous spelling errors on the site, Waxman noted: "In fact, the overall appearance of the site was so poor that web experts first assumed it was a so-called 'phishing' site, a site internet hackers had created to look like a TSA website page."

The "Travel Verification Identity Program" Web site was designed to provide redress for airline travelers who have been delayed or prevented from boarding a plane on account of their name matching an identical one on the agency's "no-fly" list. The Department of Homeland Security has since launched a new version of the site that addresses most of the concerns expressed in Waxman's letter.

By Brian Krebs |  February 24, 2007; 12:30 PM ET From the Bunker , Misc. , Safety Tips
Previous: Fraudsters Declare War on Anti-Scam Services | Next: Mozilla Plugs Firefox Security Holes

Comments

Please email us to report offensive comments.



That's just like the government, isn't it? "Produce all documents..." when there probably aren't any. Why not simply start at the top and proceed down the chain of command until you get to the webmaster, and have a simple, clear conversation?

After all, the issue is obvious...there wasn't anyone at TSA who said, "Okay, we can do this, but we have to do it securely." And why is that? Lack of training, lack of management oversight, etc...typical issues that are seen everywhere.

And it's interesting that DHS has redone the site...they didn't have enough time or expertise to do it right the first time, but they had enough of both to redo it all.

Come on, guys...neither setting up a secure website nor finding out when/why (and who's responsible for) an unsecure website was stood up are rocket science.

H. Carvey
http://windowsir.blogspot.com

Posted by: keydet89 | February 26, 2007 7:15 AM

Now we just need all the browser suppliers to defeat the Vonage popups that we see here on WaPo.com!

Posted by: Rufus | February 26, 2007 3:39 PM

Firefox, bro. Blocks 'em every time!

As for the heart of this issue, yes, the gov't is good at talking and reading and writing, but it's time for ACTION. The bets bet, dismantle the USELESS and POINTLESS TSA or drop the OBVIOUSLY undeserved "S" from its name (I suggets "H" as in HARASSMENT).
I hoped that the Dems would've done a lot more about this mess...guess not.

Posted by: Mozilla | February 28, 2007 9:23 AM

Wow look my Virgins Pussy

Posted by: Virgins Pussy | March 19, 2007 7:06 AM

The comments to this entry are closed.

 
 

©  The Washington Post Company