lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200411171534.iAHFYbi16095@netsys.com>
Date: Wed, 17 Nov 2004 10:34:35 -0500
From: "David D.W. Downey" <pgpkeys@...keys.net>
To: "'Jason Coombs'" <jasonc@...ence.org>, <full-disclosure@...ts.netsys.com>,
   <bugtraq@...urityfocus.com>
Subject: RE: Airport x-ray software creating images of phantom weapons?


 

> -----Original Message-----
> From: Jason Coombs [mailto:jasonc@...ence.org] 
> Sent: Tuesday, November 16, 2004 12:09 AM
> To: full-disclosure@...ts.netsys.com; bugtraq@...urityfocus.com
> Subject: Airport x-ray software creating images of phantom weapons?
> 
> My flight into Midway airport, Chicago, just sat on the 
> runway for nearly two hours tonight because of a potential 
> security breach in the terminal, described here:
> 
> http://www.nbc5.com/news/3921217/detail.html?z=dp&dpswid=22659
94&dppid=65194
> 
> A Transportation Security Administration representative at 
> Midway airport confirmed for me that the suspicious object 
> displayed on the computerized x-ray machine may have been a 
> phantom image similar to the one in Miami on November 13th:
> 
> Software glitch in security scanner at Miami airport 
> 'projected the image of a weapon' that didn't exist
> http://abclocal.go.com/ktrk/news/nat_world/111304_APnat_airport.html
> 


OK, let's stop here for a moment. Before we get to the digitizing of pictures,
let's look at something here. According to the story, the man's bag had the
image of a grenade in it. Yet, he was able to move away from the screening
area, sit down at a set of seats _with_ his bag, then move away from there to
the food courts with a friend all without being stopped, watched, tailed, or
any other security measures taken regarding him. 

During this time, the security forces protecting the airport are informed of
the potential threat, start their sweeps and find the gentleman in the food
court. Let me ask a couple questions, having spent many years as a soldier,
that bother me to the extreme regarding this situation.

- WHY was this man allowed out of the screening area in the first place? 

- WHY was there no security force on either side of the mouth of the opening
out of the security checkpoint? 

- WHY was the security force not immediately alerted to the potential threat
BEFORE the man left the checkpoint?

- WHY was this man allowed to move to a set of seats _having passed the
security checks_ where this supposed 'ghost image' was seen? 

- WHY was this man then allowed to roam freely _within_ the airport to the food
court? 

- WHY did the security forces NOT have a monitoring device or similar human
presence watching this man?


Notice nothing of what I have said touches on the electronic technologies used
to examine baggage, personnel, or passengers, such as what caused this apparent
ghost image. This is purely monitoring, notification, response, and crisis
management that I'm speaking of. We have numerous holes within the security
protocols at this airport that this man slipped through without even touching
on the original gist of this thread.

Add on the complaints Jason brought up and we have a much larger security issue
in this country than most people suspect. Is it cause for panic? Hardly. Is it
cause for a very serious review and a VERY firm set of response policies
created? Yes, definitely.

Just my 2 cents. :-)

--
David D.W. Downey

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ