by Mike Masnick
Tue, Jan 15th 2008 6:06am
We've had so many stories of government computer systems or websites that have terrible security or are just useless (but expensive!) that it shouldn't surprise us to hear of another one. Yet, there's always someone who can go a step further. Witness the news that the TSA's website for individuals who find themselves incorrectly on the security watchlist has been found to be insecure, with hundreds of falsely accused travelers exposing personal details by using the site. Even better, it turns out that the company that was hired to build the site got the job in a no-bid contract (meaning there wasn't any competition -- it was just chosen) and the guy responsible for figuring out who to hire just so happened to have been a former employee at that company. So, basically, what happened was that a guy who had taken a job at the TSA hired his former coworkers, with no competition for the job and apparently little oversight, to just build a website that turned out to be insecure. And, of course, without any oversight, it took months before anyone even noticed the site was insecure. And, remember, that this is the TSA we're talking about here -- an organization who's main concern is supposed to be security. I feel safer already.
If you liked this post, you may also be interested in...
- TSA Waves Convicted Murderer With Explosives Experience Through Its PreCheck Lane
- Good News: Internet Ad Industry Realizes It Needs To Embrace HTTPS
- FBI Quietly Removes Recommendation To Encrypt Your Phone... As FBI Director Warns How Encryption Will Lead To Tears
- DailyDirt: Breaking Bad... Passwords
- Ted Cruz's New Presidential Campaign Donation Website Shares Security Certificate With Nigerian-Prince.com