Jan 14, 2008 : Security Flaw Found in TSA Site
📅 - A congressional report released on Friday revealed that a US Transportation Security Administration-commissioned (tsa.gov) website that was designed to help travelers whose names were wrongly included on airline watch lists, initially had multiple security problems that could have potentially caused identity theft.
Released by the House of Representatives Committee on Oversight and Government Reform, the report (oversight.house.gov/documents/20080111092648.pdf) showed that the TSA awarded the $48,816 contract for the Traveler Redress site based on a request for quotes with requirements that only one Web design firm could seem to adhere to.
The TSA's technical lead and author of a request for comments for the project was a friend of the owner of Desyne Web Services and was temporarily employed at the Virginia firm, the report says. The TSA press office said that the appropriate person for commenting on the report was not available.
The report says: "This redress website had multiple security vulnerabilities: It was not hosted on a government domain, its homepage was not encrypted, one of its data submission pages was not encrypted, and its encrypted pages were not properly certified. These deficiencies exposed thousands of American travelers to potential identity theft."
The redress website was launched in October 2006. Christopher Soghoian, a graduate student at Indiana University, reported last February on his blog (paranoia.dubfire.net/2007/02/tsa-has-outsourced-tsa-traveler.html) that the site contained security problems. The TSA soon disabled the Desyne website and now hosts a traveler redress form on its own website.
Released by the House of Representatives Committee on Oversight and Government Reform, the report (oversight.house.gov/documents/20080111092648.pdf) showed that the TSA awarded the $48,816 contract for the Traveler Redress site based on a request for quotes with requirements that only one Web design firm could seem to adhere to.
The TSA's technical lead and author of a request for comments for the project was a friend of the owner of Desyne Web Services and was temporarily employed at the Virginia firm, the report says. The TSA press office said that the appropriate person for commenting on the report was not available.
The report says: "This redress website had multiple security vulnerabilities: It was not hosted on a government domain, its homepage was not encrypted, one of its data submission pages was not encrypted, and its encrypted pages were not properly certified. These deficiencies exposed thousands of American travelers to potential identity theft."
The redress website was launched in October 2006. Christopher Soghoian, a graduate student at Indiana University, reported last February on his blog (paranoia.dubfire.net/2007/02/tsa-has-outsourced-tsa-traveler.html) that the site contained security problems. The TSA soon disabled the Desyne website and now hosts a traveler redress form on its own website.
Reads: 2762 | Category: General | Source: TheWHIR : Web Host Industry Reviews
URL source: http://www.thewhir.com/marketwatch/011408_Security_Flaw_Found_in_TSA_Website.cfm
Want to add a website news or press release ? Just do it, it's free! Use add web hosting news!
📅 - 
📅 - 
📅 - 
📅 -