[25137] in cryptography@c2.net mail archive
Re: Get a boarding pass, steal someone's identity
daemon@ATHENA.MIT.EDU (alex@alten.org)
Wed May 10 10:22:16 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: alex@alten.org
To: "Steven M. Bellovin" <smb@cs.columbia.edu>,
"Perry E. Metzger" <perry@piermont.com>
Cc: cryptography@metzdowd.com
Date: Wed, 10 May 2006 01:36:59 -0500
> ----- Original Message -----
> From: "Steven M. Bellovin" <smb@cs.columbia.edu>
> To: "Perry E. Metzger" <perry@piermont.com>
> Subject: Re: Get a boarding pass, steal someone's identity
> Date: Mon, 8 May 2006 11:15:56 -0400
>=20
>=20
> On Mon, 08 May 2006 10:38:38 -0400, "Perry E. Metzger"
> <perry@piermont.com> wrote:
>=20
> >
> > The person who sent this asked that I forward it anonymously.
> >
> > From:
> > Subject: Re: Get a boarding pass, steal someone's identity
> > To: "Perry E. Metzger" <perry@piermont.com>
> >
> > (If you want to post this, please make it anonymous. Thanks.)
> >
> > Have you noticed that airline tickets are once again de-facto=20=20
> > transferable? If you print your own boarding pass at home, you=20
> > can digitally change the name on it before you print. If you=20
> > have no bags to check, then the person who checks your ID at the=20
> > security checkpoint has no way to read the bar code, and the=20
> > person who reads the bar code at the gate does not check your ID.
> >
> This is hardly either news or sensitive. Schneier described it in
> CRYPTOGRAM almost 3 years ago
> (http://www.schneier.com/crypto-gram-0308.html#6), as did Eric Rescorla
> (http://www.rtfm.com/movabletype/archives/2003_10.html#000546); it's also
> been in Slate (http://www.slate.com/id/2113157/fr/rss/).
>=20
>=20
What's even more hilarious is the "random" body searches depend on a
code (my tickets use "SSSSSS") printed on the boarding pass. To prevent
you from erasing the code via the Paint program or similar they make
you go to a kiosk to print it out. But, if you fly regularly, you will
know that whenever they block you from printing a ticket via the web that
this indicates you will be body searched. So take an old electronic ticket
(if you fly regularly) without the code, change the dates, etc., print it=
=20
out and use it to get through security without a body search.
- Alex
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
