by Mike Masnick
Tue, Jan 15th 2008 6:06am
We've had so many stories of government computer systems or websites that have terrible security or are just useless (but expensive!) that it shouldn't surprise us to hear of another one. Yet, there's always someone who can go a step further. Witness the news that the TSA's website for individuals who find themselves incorrectly on the security watchlist has been found to be insecure, with hundreds of falsely accused travelers exposing personal details by using the site. Even better, it turns out that the company that was hired to build the site got the job in a no-bid contract (meaning there wasn't any competition -- it was just chosen) and the guy responsible for figuring out who to hire just so happened to have been a former employee at that company. So, basically, what happened was that a guy who had taken a job at the TSA hired his former coworkers, with no competition for the job and apparently little oversight, to just build a website that turned out to be insecure. And, of course, without any oversight, it took months before anyone even noticed the site was insecure. And, remember, that this is the TSA we're talking about here -- an organization who's main concern is supposed to be security. I feel safer already.
If you liked this post, you may also be interested in...
- Samsung SmartThings Platform Latest To Highlight Internet Of Things Security Is A Joke
- Netflix CEO Says Annoyed VPN Users Are 'Inconsequential'
- FOIA Documents Expose Details On TSA's $47,000 Coin Flipping App
- Citizens On Terrorist Watchlist - Including A 4-Year-Old Boy - Sue Government For Violating Their Rights
- CNBC Asks Readers To Submit Their Password To Check Its Strength Into Exploitable Widget