by Mike Masnick
Tue, Jan 15th 2008 6:06am
We've had so many stories of government computer systems or websites that have terrible security or are just useless (but expensive!) that it shouldn't surprise us to hear of another one. Yet, there's always someone who can go a step further. Witness the news that the TSA's website for individuals who find themselves incorrectly on the security watchlist has been found to be insecure, with hundreds of falsely accused travelers exposing personal details by using the site. Even better, it turns out that the company that was hired to build the site got the job in a no-bid contract (meaning there wasn't any competition -- it was just chosen) and the guy responsible for figuring out who to hire just so happened to have been a former employee at that company. So, basically, what happened was that a guy who had taken a job at the TSA hired his former coworkers, with no competition for the job and apparently little oversight, to just build a website that turned out to be insecure. And, of course, without any oversight, it took months before anyone even noticed the site was insecure. And, remember, that this is the TSA we're talking about here -- an organization who's main concern is supposed to be security. I feel safer already.
If you liked this post, you may also be interested in...
- Telegraph Publishes The Dumbest Article On Encryption You'll Ever Read... Written By David Cameron's Former Speechwriter
- Chipotle Exposes Private Data By Sending HR E-mails Via Unowned Domain, Doesn't See The Problem
- Hillary Clinton Joins The 'Make Silicon Valley Break Encryption' Bandwagon
- TSA: Terrible At Security But Finally Willing To Work On Its Problems
- Awesome Stuff: The Internet... Who Needs It?