[IP] So lets see how far one wants to go in informing the public of a problem
I am getting tired of the statement -- he did us a favor by
publicizing it. The favor one can do is to find a reasonable cure.
What would be your reactions if some person demonstrated the
vulnerability of the internet by crashing it, the serious impact of
viruses on Windows; the serious weakness of our port security by
actually smuggling in a WMD. Mature researchers don't do this, they
talk to the public, newspapers etc.
The statement that the Government should hire the person is just one
more indication that the Hill does not understand at all technology.
Maybe there should be a special GSA rating for virus creators etc.
Dave
Begin forwarded message:
From: Richard Forno <rforno@xxxxxxxxxxxxxxx>
Date: October 31, 2006 10:11:20 AM EST
To: Dave Farber <dave@xxxxxxxxxx>
Subject: Re: [IP] more on Web Site Lets Anyone Create Fake Boarding
Passes
I think the question really comes down to the emperor being peeved
that the
public was told he had no clothes by someone "outside the system."
While the outcome may be the same, I think there's a different sense of
"anger" when you present such a finding (or demo, even) in a
conference or
semi-restricted venue as opposed to just making it available to
EVERYONE on
the net. And, of course, saying the same thing sans an "OMG it
works!" demo
on Capitol Hill seems to be perfectly acceptable. Hypocritical, yes.
Security-wise, this is nothing more than a public secret blown
horribly out
of proportion. I've been on many airport lines where folks asked the
same
thing that this student does, and questioning the utility/real security
benefit presented. Just because it was publicized on the Internet
doesn't
mean aviation security is undermined -- if Joe Sixpack notices and
discusses
something, it's a good bet that Billy BadGuy probably does, too. And
given
how the travelling public is treated these days, they notice LOTS of
little
things standing on endless lines and/or having to scrutinize all
kinds of
shifting - and often nonsensical - security restrictions.
Frankly I think the greater problem isn't the actual "demonstration" but
rather the uninformed, emotional knee-jerk reaction made by folks in
Washington whose first reaction is to accuse/punish the messenger whilst
concurrently running around waving their hands about how the sky is
falling
because someone clearly showed what many in the travelling public have
witnessed and question for years. While emotions run high on
vulnerability
disclosure, I'd posit such is a useful demonstration of civic
participation
in an attempt to implement REAL security and hold those charged with it
accountable for failing their tasks.
The emperor doesn't like accountability. Or being told he's naked.
-rick
Infowarrior.org
On 10/31/06 9:44 AM, "David Farber" <dave@xxxxxxxxxx> wrote:
When will our Senators understand ANYTHING
Begin forwarded message:
From: Jim Huggins <jhuggins@xxxxxxxxxxxxx>
Date: October 30, 2006 9:04:22 PM EST
To: David Farber <dave@xxxxxxxxxx>
Cc: Ip ip <ip@xxxxxxxxxxxxxx>
Subject: Re: more on Web Site Lets Anyone Create Fake Boarding Passes
On Sun, 29 Oct 2006, David Farber wrote (in part):
I do seriously question the ethics and maturity of someone who
demonstrates what is well understood just for the sake of it all.
I guess I'm not convinced that the boarding-pass loophole is actually
well
understood ... at least, by those with the authority to change things.
As evidence, I cite the reaction of Congressman Edward Markey (D-
Mass),
member of the House Homeland Security committee, who, after news of
the
website became widely known, called for the creator of the website
to be
arrested:
http://www.wired.com/news/technology/0,72023-0.html
And then, once it was explained to him that the creator only took a
previously-known attack and made it easier, called on the
government to
*HIRE* him instead:
http://blog.wired.com/27bstroke6/2006/10/congressman_res.html
So, is the guy a criminal or a hero? If Congress can't figure it
out, I'm
not convinced they understand the underlying problems ...
-------------------------------------
You are subscribed as rforno@xxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-
people/
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/