Larry Seltzer wrote: > I know this makes me a fascist around here but this bothers me a lot. He's > facilitating fraud, and the fact that he himself says they're not good > enough to get you on a plane makes me doubt the value of his research. > Suppose he was making software to print $100 bills. Is that OK because it > shows weaknesses in the currency? > > And if he or anyone else uses these they definitely should be busted.
I think you've missed the point... _If_ these forgeries are good enough to get through initial (usually just the briefest of eye-balling and often kerbside) screening _AND_ that opens the whole system up to some much bigger threat _THEN_ the whole system is totally borked from tip to toe. Ed Markey was quoted as saying: The Bush Administration must immediately act to investigate, apprehend those responsible, shut down the website, and warn airlines and aviation security officials to be on the look-out for fraudsters or terrorists trying to use fake boarding passes in an attempt to cheat their way through security and onto a plane... _IF_ the current system cannot filter out those carrying fake boarding passes, _THEN_ the current system _IS BROKEN_. Further, Markey seems to suggest that he beleives if a terrorist were "enabled" to gain access to a plane by the use of such a fake boarding pass that terrorist would in some way be more likely to NOT be subjected to and/or detected by whatever _OTHER_ checks are put in such terrorists' way. Markey is clearly barking mad and totally devoid of the slighest hint of a grip on how to do what he is supposedly charged with doing -- improving airline/flight safety. Thus it is no wonder US aviation security is the joke that it is. Markey understands this: There are enough loopholes at the backdoor of our passenger airplanes from not scanning cargo for bombs; but can't see that trivially forgeable and weakly "authenticated" bits of paper are a fundamental _design weakness_ in another part of the system: ... we should not tolerate any new loopholes making it easier for terrorists to get into the front door of a plane. Soghoian did not create this loophole -- it was already there and has been for how long? Two? Five? Ten? Forty? years... And, because we know of it already, and have much better layers of checking before and/or after (imagine using this in a transit/layover situation, rather than directly at check-in) use of this one, its existence should be a moot point. Now, if there really is a dire flaw in Northwest Airline's deployment and use of these feeble little bits of paper, Soghoian may just have done Northwest passengers and the DHS a favour. Yes, what he's doing is technically fraud, but to even suggest it begins to equate with forging $100 bills is reactionary nonsense. Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
