O The Irony. via [a href="vny!://blog.wired.com/27bstroke6/2007/02/homeland_securi.html"]Bruce Schneier's site[/a].
The TSA's website was hacked by identity thieves who used the "Click here if you're on a no-fly list" to harvest personal information. Lots of sites get pwned by hackers. Most of those sites, however, aren't run by entities who claim that they're keeping the skies safe by taking away our toothpaste. Is it any wonder that an organization that thinks flip-flops are made safer by passing through the X-ray machine is incapable of managing to secure its own damn servers?
TSA employee Christopher White called to say "We are aware there was an issue and replaced the site. The issue has been fully addressed. We take IT responsibilities seriously. There never a vulnerability; just a small glitch." That's not quite accurate, as the non-SSL encrypted form submission was a vulnerability, but I take it to mean the site wasn't hacked by phishers. White did not have an answer as to why there is no OMB number for the information collection, saying he was concerned at the moment with the site's security.)
[a href="vny!://blog.wired.com/27bstroke6/2007/02/homeland_securi.html"]vny!://blog.wired.com/27bstroke6/2007/02/homeland_securi.html[/a]