[25071] in cryptography@c2.net mail archive
Re: Get a boarding pass, steal someone's identity
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Tue May 9 19:31:36 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 8 May 2006 11:15:56 -0400
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: "Perry E. Metzger" <perry@piermont.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <87zmhs8tu9.fsf@snark.piermont.com>
On Mon, 08 May 2006 10:38:38 -0400, "Perry E. Metzger"
<perry@piermont.com> wrote:
>
> The person who sent this asked that I forward it anonymously.
>
> From:
> Subject: Re: Get a boarding pass, steal someone's identity
> To: "Perry E. Metzger" <perry@piermont.com>
>
> (If you want to post this, please make it anonymous. Thanks.)
>
> Have you noticed that airline tickets are once again de-facto
> transferable? If you print your own boarding pass at home, you can
> digitally change the name on it before you print. If you have no
> bags to check, then the person who checks your ID at the security
> checkpoint has no way to read the bar code, and the person who reads
> the bar code at the gate does not check your ID.
>
This is hardly either news or sensitive. Schneier described it in
CRYPTOGRAM almost 3 years ago
(http://www.schneier.com/crypto-gram-0308.html#6), as did Eric Rescorla
(http://www.rtfm.com/movabletype/archives/2003_10.html#000546); it's also
been in Slate (http://www.slate.com/id/2113157/fr/rss/).
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
