In what should be a warning to travelers and just about everyone on the Internet, a web site built for the TSA has been found to have significant security issues, endangering travelers, as well as the reputation of the TSA and the company that built the web site.
A report issued on Friday by the House Oversight and Government Reform Committee says that between October 6, 2006, when the TSA launched its Redress Management System [RMS] site, and February 13, 2007, when the site ceased operation following revelations about its lack of security, “[a]t least 247 travelers submitted their personal information through the unsecured ‘file your application online’ link.” Source: Information Week
There is some very interesting commentary on this over at Techdirt.
You can read the report here.
The issues surrounding this, beyond the no-contract bid issued by a person who used to work for the company that built the web site is the apparent lack of understanding about basic security measures.
People should at this point know enough to look for the lock icon on their web browser, and seriously question a web site that does not have one when entering personal information. This is such a basic issue, that it is surprising that it was not done at all, and now people are worried about their identities being stolen.
