July 28th, 2008

Airport security part 6: Skimming at airport kiosks

Posted by Nathan McFeters @ 7:47 am

Categories: Airport Security, ~Special Series~

Tags: Credit Card, Airport Security, Airport Kiosk, Stiennon, Sales Channel, Financial Services, Sales, Nathan McFeters

We’ve talked a lot about airport security here (see other links at the bottom of this article), but one thing we haven’t covered yet is airport kiosks.  Not that they haven’t caught my attention, there’s just so much wrong at the airport, it takes time to cover it all.  Richard Stiennon posted a story yesterday about his concern over airport kiosks and the use of a credit card as identification.  Stiennon says:

What’s to stop the airline, kiosk manufacturer, or <gasp> a hacker from grabbing my credit card number and CCV info?

Evidently there is some suspicion that that is exactly what is going on at kiosks in Toronto.  One airline, WestJet, as a precautionary measure has shut off the credit card scanning function of their kiosks at 28 airports.

My advice: don’t use credit cards as ID.

Read the rest of this entry »

July 14th, 2008

Airport security part 5: Snakes on planes? Check. Marshalls on planes? Nope.

Posted by Nathan McFeters @ 1:27 pm

Categories: Airport Security, Punditocracy, ~Special Series~

Tags: Airport Security, Transportation Security Administration, Dave Lewis, Nathan McFeters

Update: TSA has commented on the CNN story on their website.

From our good friend Dave Lewis from Liquidmatrix Security Digest, and memorable quotes from Samuel L. Jackson, apparently we can draw the conclusion that we have snakes on planes, but not Federal Air Marshals (FAMs). Dave covered a story that a whistle blower inside of TSA talked to CNN and leaked the fact that these days there are rarely ever FAMs on flights. Dave’s article says:

So, what did they do? Did they put more air marshals in service? Not sure.

Did they say, “our bad, we’ll get right on it”. Nope.

They decided to launch an internal hunt for the leak whistle blower.

From CNN:

The Transportation Security Administration rejected as a “myth” CNN’s report that less than 1 percent of the nation’s daily flights carry armed federal air marshals. Now the agency is conducting an investigation into who talked to CNN and who encouraged other agents to do the same.

A spokesman for the TSA confirmed the investigation.

Spokesman Christopher White said a TSA investigator is looking into the “possible unauthorized release of sensitive and classified information to the news media by covered parties.”

A rational response. Sigh. The TSA refutes the story but, they don’t offer anything to back their version. Rather they claim it as classified information. The marshal in question has asked for anonymity due to fear of reprisals from the TSA. Yeah, the internal investigation won’t validate his position at all will it? (yes, that’s sarcasm)

So, how does one resolve this? Does the TSA come clean? Or do we continue to suffer the pat on the head as they tell us to go play in traffic?

Read the rest of this entry »

July 3rd, 2008

Airport security part 4: Attack of the body scanners!

Posted by Nathan McFeters @ 10:52 am

Categories: Airport Security, Governments, Privacy, United States of America, ~Special Series~

Tags: Imaging, Airport Security, Privacy, Transportation Security Administration, Image, Attack, Madness, Scanners, Document Management, Security

If you read my blog postings semi-often, you know that I’m very, very critical of problems with airport security.  Nicole Wong of the Boston Globe reported that Boston’s Logan International Airport will become the next airport to implement full-body scanners (thanks for the link from the LiquidMatrix guys!) that can see through clothing to detect whether travelers are concealing objects.  Nicole states:

The TSA plans to outfit the airport in October or November with more than one of these so-called whole-body imaging machines, which have raised privacy concerns where they have been tested. The scanners produce three-dimensional images of people’s naked bodies, but the agency says procedures have been modified to protect passenger privacy.

The technology “allows us to screen passengers for any prohibited items quickly and unobtrusively,” said George Naccara, the TSA’s federal security director for Logan. “Efficiency and effectiveness will improve with whole-body imaging.”

[See Video Here] 

[Image courtesy of LeatherneckM31 blog]

Read on…

Read the rest of this entry »

June 15th, 2008

Airport security part 3: Planes, trains, and automobiles

Posted by Nathan McFeters @ 5:03 pm

Categories: Airport Security, Governments, United States of America, ~Special Series~

Tags: Bottle, Security, Nathan McFeters

I took a trip home to Michigan this week via Amtrak, and I got to thinking about previous articles I’ve written about airline security and wondered why are the security concerns so much more lax for trains and cars than they are for planes? 

There’s certainly some obvious reasons, like you can’t just pull a train off of its tracks and point it to some other destination, like the pentagon or white house say, but certainly these trains carry lots of people to many big cities with large train stations.  To be frank, I was blown away when I DIDN’T have to take off my shoes, belt, watch, throw out my bottle of water, give up my five ounce stick of deodorant, and pull out each of my three laptops for separate entry to an X-ray machine.  In fact, nothing went through an X-ray machine.

Actually, I got to thinking about recent car trips I’ve taken.  I drove all the way from Houston into the heart of downtown Chicago with a full UHaul stuffed with computers, TVs, any number of things including at least 8 liters of water.  Certainly if a single bottle of water could build a bomb to create risk to a plane, then 8 liters could create risk on the scale of a nuclear payload.

Why the descrepency in terms of security?  Well, the obvious reason is that trains and autombiles are not quite as flexible for terrorist usage; however, they’ve been used before, and they could be used again.  How about a better reason… it’s ridiculous.  The security you see at the airport is just an illusion meant to make us FEEL safer more than it is about real security.

-Nate

June 9th, 2008

Airport security part 2: TSA is failing us, let my associated ranting begin thusly

Posted by Nathan McFeters @ 9:58 pm

Categories: Airport Security, Governments, United States of America, ~Special Series~

Tags: Transportation Security Administration, Rafal Los, Security, Nathan McFeters

I want to start out by saying that I take great personal risk of getting black listed before my flight to K.C. tomorrow morning, but I thought I’d talk about an article by Rafal Los on how the TSA is failing us again.  This actually reminds me of an older article that I posted on this subject, and I’ve been meaning to follow up on this larger topic as part of the thoughts we’ve put into what our government is doing about security, er, I suppose I mean what it’s not doing, and well, I think you’re getting the picture.

Before I talk about Rafal’s article, I got to thinking… do you ever feel like there is just too many dumb people making big kid decisions in this world?  I mean, things like rules that say you can’t carry more than a four ounce stick of deodorant on a plane?  Seriously?  Because five ounces would be one ounce too many buddy! 

Decisions like this rob us of the opportunity of living in a world of intelligent decisions.  You know what I was thinking, if TSA (or whoever is in charge) has deemed more than four ounces of deodorant dangerous, then what’s to stop me from having me and four of my jihadist buddies bringing four ounces each and combining our 16 ounces of deodorant into one massive plane destroying bomb?

Am I the crazy one here, or are these rules just ridiculous?  It’s frustrating.

Read the rest of this entry »

February 29th, 2008

Airport security part 1: Bluetooth, switchblades and -- wireless X-rays?

Posted by Nathan McFeters @ 10:43 am

Categories: Airport Security, Governments, Hackers, Privacy, United States of America, Wi-Fi security, Wireless, ~Special Series~

Tags: Battery, Airport Security, Bluetooth, Wi-Fi, Wireless, Security, Nathan McFeters

Airport security is obviously a major concern in our country, and I’ve made some observations that I’d like to share from my recent travels.

February and March has turned out to be an insane travelling road show for me. When March completes, I will have spoken at Black Hat twice (Washington D.C. and Amsterdam), met with numerous clients in Indiana, Minnesota, California, and Seattle, travelled to Houston a number of times to catch up with the Ernst & Young Advanced Security Center guys (where I’m employed), and somewhere in that mix I actually went snowboarding in Utah.

What I’ve learned during this time is that I hate flying.

Also, I noticed several things that really concern me about airport security. The following events occurred at various airports during my travels:

• Other people’s Mac books trying to bluetooth associate to mine
• A passenger try to go through the security line with pretty much every personal care product that you could imagine, a knife (I swear, it was a switchblade and it was in his carry on), and something that looked like a mini car battery
• A wireless access point near the X-ray machines called ‘bagcheck’
• A pilot entered the airport in a random hallway through a door that looked like an emergency exit that actually led to a parking lot
• etc.

People’s Mac books trying to Bluetooth associate to mine was slightly disconcerting as I had recently enabled it to pull a file from a friend at Black Hat. Fortunately I still had confirmation notices that didn’t allow a file to be uploaded to me, but I certainly turned Bluetooth back off shortly thereafter.

The passenger with the switchblade and mini car battery (or whatever it was) was directly in front of me. I always feel bad for the TSA folks when I have to unload my three laptops, portable hard drive, wireless antenna, etc. but this guy was angry that they made such a big deal about his switchblade. (By the way, he wasn’t even kind enough to bag up his personal care products.) Then the lady pulls out this battery thing and security guys swoop in and carry the guy away. It was a bit surreal.

Clearly if the wireless ‘bagcheck’ network is what it looks like, one would think it is a terrible idea to connect the X-ray machines, etc. to a wireless network. What was really concerning was that there was a lot of traffic on the network, so even though it was using WEP, I would likely have had enough traffic to actually crack the key. I’m still pretty stunned by this. I’ll only speculate as to what would’ve been possible. As they say, curiosity killed the cat, and I do value my life :).

The pilot just walking in through a random emergency exit door is probably the scariest of the bunch. There was this parking lot I could see outside the door when he came in, and it wasn’t even all fenced in or anything. I’d like to hope that not just anyone can drive to this location, but it would seem pretty simple to get a pilot outfit, wait in the parking lot for a legitimate pilot to come in and just piggy back his entry. No security check occurred.

With all this in mind, it’s absurd that I had to throw away my hair gel since it was 5 oz. and not 4 oz.

–Nate