Submission + - Lax TSA Website Exposes Traveller's Information (house.gov) 1
sjbe writes: According to a January 2008 report from the US House of Representatives Committee on Oversight and Government Reform, from October 2006 through February 2007 traveller's who utilized the TSA website to attempt to remove their name from the No-Fly list risked having sensitive data, including social security numbers, exposed due to poor security practices. The contractor responsible, Desyne Web Services was awarded a no-bid contract to design the website. The TSA's technical lead on the project reportedly had a conflict of interest having been a former employee of Desyne. The security vulnerabilities were pointed out by Chris Soghoian, a Ph.D. student at the University of Indiana's School of Informatics. The TSA has since taken action to remedy the vulnerabilities but no action was taken to sanction the responsible parties for the vulnerabilities.
