Skip to: Content
Skip to: Site Navigation
Skip to: Search
THURSDAY, NOVEMBER 26, 2009
| Subscribe to Newser's RSS feeds RSS | Follow Newser on Twitter Twitter


0

Congressional Report Blames TSA for Botched Website

Site lacked basic security features

Share

(Newser) – The TSA awarded a website design and maintenance contract to a firm with whom an administration official had close personal and professional ties, ComputerWorld reports. The site, meant to handle individual requests to have names removed from the TSA’s no-fly list, lacked even rudimentary encryption mechanisms and was not hosted on government servers, making it a ID theft risk.

Launched in March of 2006, the faulty TSA site remained in operation until its security flaws were noticed by a university student in February of 2007. The Department of Homeland Security has established a new site, and the more than 230 people who used the original have been informed that their personal data could have been intercepted.

The TSA's site was supposed to let individuals dispute their place on the no-fly list.(AP Photo/Ric Feld, file)
The TSA's site was supposed to let individuals dispute their place on the no-fly list.(AP Photo/Ric Feld, file)   (Associated Press)
Congress has found that the TSA is at fault for the creation of a website riddled with security holes. (AP Photo/Michael Sohn)
Congress has found that the TSA is at fault for the creation of a website riddled with security holes. (AP Photo/Michael Sohn)   (Associated Press)
A replacement website is now being run by the DHS. (AP Photo/Damian Dovarganes, file)
A replacement website is now being run by the DHS. (AP Photo/Damian Dovarganes, file)   (Associated Press)
« Prev« Prev | Next »Next » Slideshow
OFF THE GRID
11.24.09
Murdoch and Microsoft: The Mice Are Trying to Roar
11.23.09
Books Are Bad for You
0 comments
VIEWING:
 
LEAVE A
COMMENT Comment Policy
Facebook ConnectPost this comment to Facebook?

After connecting you will have the option to post your comment on your Facebook profile.

 

Related Newser Stories

16 Stories

New Software Can Delete Emails Permanently

Software scatters encryption keys among temporary BitTorrent nodes

Aug 5, 09 6:24 PM CDT
(Newser) - Email is inherently insecure, because it has a long shelf-life—even deleted messages can be stored infinitely on the email service of the sender or recipient. Now a team of scientists is poised to unveil software later this month to make them disappear for keeps, reports the Economist. “Vanish”... More »

MORE ABOUT:
email BitTorrent Internet security computer security P2P mall security encryption message

Virus Helps Violate 500K
Bank, Credit Accounts

Infects computers through 'drive-by downloads"

Oct 31, 08 4:35 PM CDT
(Newser) - A computer virus has stolen log-in information for over 500,000 bank accounts and credit and debit cards. The Sinowal Trojan virus has infected computers around the world through “drive-by downloads” that install it without users' knowledge when they visit Web sites running the virus code. Individuals can best... More »

MORE ABOUT:
identity theft computer virus Internet security phishing Trojan viruses malware banks Sinowal

'Every Network Is at Risk' Thanks to Bug

Security expert says DNS flaw could cause Internet-wide chaos

Aug 7, 08 8:05 AM CDT
(Newser) - Security researcher Dan Kaminsky outlined what he calls the biggest Internet security hole since 1997 to a gathering of experts yesterday, and it's a lot worse than had been understood, Wired reports. “Every network is at risk,” Kaminsky said at the Black Hat conference in Las Vegas. "... More »

MORE ABOUT:
Internet domain names Internet security phishing Internet domains cybercrime Dan Kaminsky

16 Stories


Blog post from of the student who spotted the site's flaws
slight paranoia


Technology 
TwitterFollow @NewserTech on Twitter

 
identity theft Department of Homeland Security TSA Internet security phishing encryption

from our news partners