lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 17 Nov 2004 16:57:45 -0500
From: "Esler, Joel - Contractor" <joel.esler@...rt-s.army.mil>
To: "David D.W. Downey" <pgpkeys@...keys.net>,
   "Jason Coombs" <jasonc@...ence.org>, <full-disclosure@...ts.netsys.com>,
   <bugtraq@...urityfocus.com>
Subject: RE: RE: Airport x-ray software creating images of phantom weapons?


I am reading between the lines here...

"TSA improperly identified a weapon in a fliers bag.  Instead of taking
responsibility for the accident/misidentification, TSA is blaming it on
the equipment."  Yeah.  What he said.



-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of David D.W.
Downey
Sent: Wednesday, November 17, 2004 10:35 AM
To: 'Jason Coombs'; full-disclosure@...ts.netsys.com;
bugtraq@...urityfocus.com
Subject: [Full-Disclosure] RE: Airport x-ray software creating images of
phantom weapons?


 

> -----Original Message-----
> From: Jason Coombs [mailto:jasonc@...ence.org]
> Sent: Tuesday, November 16, 2004 12:09 AM
> To: full-disclosure@...ts.netsys.com; bugtraq@...urityfocus.com
> Subject: Airport x-ray software creating images of phantom weapons?
> 
> My flight into Midway airport, Chicago, just sat on the
> runway for nearly two hours tonight because of a potential 
> security breach in the terminal, described here:
> 
> http://www.nbc5.com/news/3921217/detail.html?z=dp&dpswid=22659
94&dppid=65194
> 
> A Transportation Security Administration representative at
> Midway airport confirmed for me that the suspicious object 
> displayed on the computerized x-ray machine may have been a 
> phantom image similar to the one in Miami on November 13th:
> 
> Software glitch in security scanner at Miami airport
> 'projected the image of a weapon' that didn't exist
> http://abclocal.go.com/ktrk/news/nat_world/111304_APnat_airport.html
> 


OK, let's stop here for a moment. Before we get to the digitizing of
pictures,
let's look at something here. According to the story, the man's bag had
the
image of a grenade in it. Yet, he was able to move away from the
screening
area, sit down at a set of seats _with_ his bag, then move away from
there to
the food courts with a friend all without being stopped, watched,
tailed, or
any other security measures taken regarding him. 

During this time, the security forces protecting the airport are
informed of
the potential threat, start their sweeps and find the gentleman in the
food
court. Let me ask a couple questions, having spent many years as a
soldier,
that bother me to the extreme regarding this situation.

- WHY was this man allowed out of the screening area in the first place?


- WHY was there no security force on either side of the mouth of the
opening
out of the security checkpoint? 

- WHY was the security force not immediately alerted to the potential
threat
BEFORE the man left the checkpoint?

- WHY was this man allowed to move to a set of seats _having passed the
security checks_ where this supposed 'ghost image' was seen? 

- WHY was this man then allowed to roam freely _within_ the airport to
the food
court? 

- WHY did the security forces NOT have a monitoring device or similar
human
presence watching this man?


Notice nothing of what I have said touches on the electronic
technologies used
to examine baggage, personnel, or passengers, such as what caused this
apparent
ghost image. This is purely monitoring, notification, response, and
crisis
management that I'm speaking of. We have numerous holes within the
security
protocols at this airport that this man slipped through without even
touching
on the original gist of this thread.

Add on the complaints Jason brought up and we have a much larger
security issue
in this country than most people suspect. Is it cause for panic? Hardly.
Is it
cause for a very serious review and a VERY firm set of response policies
created? Yes, definitely.

Just my 2 cents. :-)

--
David D.W. Downey

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists