| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed May 3 19:32:09 2006 From: adam.laurie at thebunker.net (Adam Laurie) Subject: BA website discloses passenger passport numbers and D.O.B. In January of this year I reported to British Airways that it was possible to recover arbitrary passengers' confidential information, including Date Of Birth and passport details, by simply matching a frequent flyer number to a surname when purchasing a ticket via their website. Since this information is printed on every boarding pass, any discarded passes can potentially provide an attacker with the information he needs to access the data via the website. The problem exists because of the US Goverment's requirement for airlines to provide Advance Passenger Information for all passengers destined for their shores. It is left to the airlines themselves to administer the data collection systems, and, therefore, to make their own mistakes in the security systems that control access to that data. The more airlines that implement these systems, the more potential security holes will exist. Full story here: http://www.guardian.co.uk/g2/story/0,,1766138,00.html cheers, Adam -- Adam Laurie Tel: +44 (0) 1304 814800 The Bunker Secure Hosting Ltd. Fax: +44 (0) 1304 814899 Ash Radar Station http://www.thebunker.net Marshborough Road Sandwich mailto:adam@...bunker.net Kent CT13 0PL UNITED KINGDOM PGP key on keyservers
Powered by blists - more mailing lists