[24879] in cryptography@c2.net mail archive
Re: Get a boarding pass, steal someone's identity
daemon@ATHENA.MIT.EDU (John Levine)
Sun May 7 14:43:33 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: 7 May 2006 18:14:12 -0000
From: John Levine <johnl@iecc.com>
To: cryptography@metzdowd.com
In-Reply-To: <874q01bwtm.fsf@snark.piermont.com>
Cc: perry@piermont.com
> http://www.guardian.co.uk/idcards/story/0,,1766266,00.html
>
>The story may be exaggerated but it feels quite real. Certainly I've
>found similar issues in the past.
It sounds real to me, with an airline whose security is slightly but
not greatly worse than typical.
I buy a lot of online tickets in the US and I believe that although I
can enter whatever frequent flyer number I want when I buy a ticket, I
always have to provide a PIN to get access to any history or account
info. But I don't lose my PINs (being a bad user I use the same PIN
many places) so I haven't looked to see how hard it would be to fake
out the various password recovery schemes.
R's,
John
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
