by Mike Masnick
Tue, Jan 15th 2008 6:06am
We've had so many stories of government computer systems or websites that have terrible security or are just useless (but expensive!) that it shouldn't surprise us to hear of another one. Yet, there's always someone who can go a step further. Witness the news that the TSA's website for individuals who find themselves incorrectly on the security watchlist has been found to be insecure, with hundreds of falsely accused travelers exposing personal details by using the site. Even better, it turns out that the company that was hired to build the site got the job in a no-bid contract (meaning there wasn't any competition -- it was just chosen) and the guy responsible for figuring out who to hire just so happened to have been a former employee at that company. So, basically, what happened was that a guy who had taken a job at the TSA hired his former coworkers, with no competition for the job and apparently little oversight, to just build a website that turned out to be insecure. And, of course, without any oversight, it took months before anyone even noticed the site was insecure. And, remember, that this is the TSA we're talking about here -- an organization who's main concern is supposed to be security. I feel safer already.
If you liked this post, you may also be interested in...
- Leading DarkNet Market Agora Temporarily Suspends Service Over Tor Vulnerability Concerns
- 'We Should Put A Metal Detector On The Other Side': The Laughable Waste Of TSA Body Scanners
- Appeals Court: Yes, The FTC Can Go After Companies That Got Hacked Over Their Weak Security Practices
- Internet Of Not-So-Smart Things: Samsung's Latest Smart Fridge Can Expose Your Gmail Password
- TSA At The Movies: Theater Chain Looks To Bring Security Theater To The Movie Theater