Lawmaker Probes TSA Website Gaffe <http://www.wired.com/science/discoveries/news/2007/02/72790> Ryan Singel 02.23.07 | 12:00 PM A powerful congressional committee is investigating a Transportation Security Administration website that promised to help air travelers caught up in terrorist watch lists, after a Wired News blog revealed that the site was potentially exposing user's personal information to eavesdroppers. The House Committee on Oversight and Government Reform asked the TSA on Friday to turn over documents related to the Traveler Verification Identity Program website to determine how the site was designed, and whether government security and privacy regulations were violated. That site was intended to allow domestic airline travelers whose names are similar to entries on the government's No Fly List and other watchlists to submit a complaint online, instead of calling TSA and requesting a form be sent to them by mail. However, the site was full of misspellings and nonsensical directions, and asked travelers to provide sensitive personal information on an unencrypted page. Travelers in an airport using a wireless connection would be at risk of having their personal information stolen and used to commit identity fraud. Additionally, the site, which was entered from a link on the TSA's main website, was hosted on the website of Desyne.com, a web design company that has a P.O. Box as its contact information -- adding to the impression it was not a legitimate government site. Committee chairman Rep. Henry Waxman (D-California) told TSA in his letter (.pdf) that the "overall appearance of the site was so poor that web experts first assumed it was a so-called 'phishing' site, a site internet hackers had created to look like a TSA website page." Waxman also asked the agency to turn over by March 9 documents regarding Desyne, communications about security with that company, and the period of time that the site was running without encryption. Despite appearances, TSA spokesman Christopher White assured Wired News last week that the site was not part of a phishing attack. "We take IT responsibilities seriously. There was never a vulnerability; just a small glitch," White said. The Traveler Verification Identity Program site was taken down last Friday. It was replaced this week by a completely different webpage offering the same service, but now called the Travel Redress Inquiry Program, or TRIP. <snip> <http://www.wired.com/science/discoveries/news/2007/02/72790> ------------------------------------------- Archives: http://v2.listbox.com/member/archive/247/=now RSS Feed: http://v2.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
participants (1)
-
Randy Burge