Get a boarding pass, steal someone's identity

Thread: Get a boarding pass, steal someone's identity

Search this list only Search all lists
Get a boarding pass, steal someone's identity
	2006-05-10 06:36:59
> ----- Original Message ----- > From: "Steven M. Bellovin" <smbcs.columbia.edu> > To: "Perry E. Metzger" <perrypiermont.com> > Subject: Re: Get a boarding pass, steal someone's identity > Date: Mon, 8 May 2006 11:15:56 -0400 > > > On Mon, 08 May 2006 10:38:38 -0400, "Perry E. Metzger" > <perrypiermont.com> wrote: > > > > > The person who sent this asked that I forward it anonymously. > > > > From: > > Subject: Re: Get a boarding pass, steal someone's identity > > To: "Perry E. Metzger" <perrypiermont.com> > > > > (If you want to post this, please make it anonymous. Thanks.) > > > > Have you noticed that airline tickets are once again de-facto > > transferable? If you print your own boarding pass at home, you > > can digitally change the name on it before you print. If you > > have no bags to check, then the person who checks your ID at the > > security checkpoint has no way to read the bar code, and the > > person who reads the bar code at the gate does not check your ID. > > > This is hardly either news or sensitive. Schneier described it in > CRYPTOGRAM almost 3 years ago > (http: //www.schneier.com/crypto-gram-0308.html#6), as did Eric Rescorla > (http://www.rtfm.com/movabletype/archives/2003_10.htm l#000546); it's also > been in Slate (http://www.sl ate.com/id/2113157/fr/rss/). > > What's even more hilarious is the "random" body searches depend on a code (my tickets use "SSSSSS") printed on the boarding pass. To prevent you from erasing the code via the Paint program or similar they make you go to a kiosk to print it out. But, if you fly regularly, you will know that whenever they block you from printing a ticket via the web that this indicates you will be body searched. So take an old electronic ticket (if you fly regularly) without the code, change the dates, etc., print it out and use it to get through security without a body search. - Alex ------------------------------------------------------------ --------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomometzdowd.com

[1]

about | contact Other archives ( Real Estate discussion Medical topics )