by Mike Masnick
Tue, Jan 15th 2008 6:06am
We've had so many stories of government computer systems or websites that have terrible security or are just useless (but expensive!) that it shouldn't surprise us to hear of another one. Yet, there's always someone who can go a step further. Witness the news that the TSA's website for individuals who find themselves incorrectly on the security watchlist has been found to be insecure, with hundreds of falsely accused travelers exposing personal details by using the site. Even better, it turns out that the company that was hired to build the site got the job in a no-bid contract (meaning there wasn't any competition -- it was just chosen) and the guy responsible for figuring out who to hire just so happened to have been a former employee at that company. So, basically, what happened was that a guy who had taken a job at the TSA hired his former coworkers, with no competition for the job and apparently little oversight, to just build a website that turned out to be insecure. And, of course, without any oversight, it took months before anyone even noticed the site was insecure. And, remember, that this is the TSA we're talking about here -- an organization who's main concern is supposed to be security. I feel safer already.
If you liked this post, you may also be interested in...
- Nest Thermostat Goes From 'Internet Of Things' Darling To Cautionary Tale
- Ding-Dong -- Your Easily Hacked 'Smart' Doorbell Just Gave Up Your WiFi Credentials
- DEA So Forfeiture-Focused It Hired A TSA Screener To Check Travelers And Baggage For 'Guilty' Cash
- Copyright Blocking Security Research: Researchers Barred From Exploring Leaked Archive
- Latest Email Dump Shows Hillary Clinton Telling Aide To Send Classified Documents Over Unsecure Fax Line