46 matches found
Snowden Ten Years Later
In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. But I had a more personal involvement as well. I wrote the essay below in September 2013. The New Yorker agreed to publish it, but the Guardian asked me not to...
New TSA Cybersecurity Emergency Action Rule Impacts Cybersecurity and Compliance
On March 7, 2023, in the wake of President Joe Biden’s National Cybersecurity Strategy announcement, the U.S. Transportation Security Administration TSA issued a cybersecurity emergency action amendment for certain regulated airport and aircraft operators. The new Action Rule can have significant...
Threat Source newsletter (July 14, 2022) — Are virtual IDs worth the security risk of saving a few seconds in the TSA line?
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. I’ve started flying again on a somewhat regular basis now that work conferences and out-of-state vacations are becoming a thing again. I took about 18 months or so off flying during the peak of the pandemic, but now...
TSA’s Terrorist Watch List Comes for Amtrak Passengers
Plus: Microsoft seizes Russian GRU domains, Cash App’s data breach, and Obama’s disinfo admission...
tsa-algerie.com Cross Site Scripting vulnerability OBB-2449627
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
TSA’s First Crack at Guarding Pipelines From Hackers Falls Short
Plus: Anonymous dedicates a hack to Hillary Clinton, Google researchers expose Exotic Lily, and more...
Digital State IDs Start Rollouts Despite Privacy Concerns
Apple has unveiled the first eight states that will roll out digital IDs and drivers licenses on its mobile devices, despite critics’ concerns that the introduction of purely digital forms of identification will raise privacy, security and equanimity issues. Arizona and Georgia will be the first...
Colonial Pipeline attack spurs new rules for critical infrastructure
Following a devastating cyberattack on the Colonial Pipeline, the Transportation Security Administration—which sits within the government’s Department of Homeland Security—will issue its first-ever cybersecurity directive for pipeline companies in the United States, according to exclusive reporti...
TSA Admits Liquid Ban Is Security Theater
The TSA is allowing people to bring larger bottles of hand sanitizer with them on airplanes: Passengers will now be allowed to travel with containers of liquid hand sanitizer up to 12 ounces. However, the agency cautioned that the shift could mean slightly longer waits at checkpoint because the...
Sen. Schumer Pushes for TSA Employee Ban on TikTok App at Work
The Transportation Safety Authority TSA has become the latest federal agency to ban the use of TikTok among its employees based on national-security fears over how ByteDance, the Beijing-based company that owns the app, uses the data collected by it. Some TSA employees have used the app to create...
CSET Version 9.2 Now Available
The Cybersecurity and Infrastructure Security Agency CISA has released version 9.2 of its Cyber Security Evaluation Tool CSET. CSET is a desktop software tool that guides asset owners and operators through a consistent process for evaluating control system networks as part of a comprehensive...
The PCLOB Needs a Director
The US Privacy and Civil Liberties Oversight Board is looking for a director. Among other things, this board has some oversight role over the NSA. More precisely, it can examine what any executive-branch agency is doing about counterterrorism. So it can examine the program of TSA watchlists, NSA...
Terahertz Millimeter-Wave Scanners
Interesting article on terahertz millimeter-wave scanners and their uses to detect terrorist bombers. The heart of the device is a block of electronics about the size of a 1990s tower personal computer. It comes housed in a musician's black case, akin to the one Spinal Tap might use on tour. At t...
Don't Fear the TSA Cutting Airport Security. Be Glad That They're Talking about It.
Last week, CNN reported that the Transportation Security Administration is considering eliminating security at U.S. airports that fly only smaller planes -- 60 seats or fewer. Passengers connecting to larger planes would clear security at their destinations. To be clear, the TSA has put forth no...
tsa-westbound.org Open Redirect vulnerability
Vulnerable URL: http://www.tsa-westbound.org/flashdetection.swf?flashContentURL=https://openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 04.01.2018 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...
Why Is the TSA Scanning Paper?
I've been reading a bunch of anecdotal reports that the TSA is starting to scan paper separately: A passenger going through security at Kansas City International Airport MCI recently was asked by security officers to remove all paper products from his bag. Everything from books to Post-It Notes,...
Lockpickers 3D-Printed Master Key for TSA Luggage Locks and BluePrint Leaked Online
Here're a good news and bad news for you. The good news is that if you lose the keys for your TSA-compliant "Travel Sentry" luggage locks then you can just 3D print your very own TSA master keys. The bad news is that anyone can now 3D print their own master keys to open your bags. Yes, the securi...
Mandriva Linux Security Advisory : openssl (MDVSA-2014:090)
Updated openssl packages fix security vulnerability : A read buffer can be freed even when it still contains data that is used later on, leading to a use-after-free. Given a race condition in a multi-threaded application it may permit an attacker to inject data from one connection into another or...
Updated openssl packages fix CVE-2010-5298
Updated openssl packages fix security vulnerability: A read buffer can be freed even when it still contains data that is used later on, leading to a use-after-free. Given a race condition in a multi-threaded application it may permit an attacker to inject data from one connection into another or...
Debian Security Advisory DSA 2908-1 (openssl - security update)
Multiple vulnerabilities have been discovered in OpenSSL. The following Common Vulnerabilities and Exposures project ids identify them: CVE-2010-5298 A read buffer can be freed even when it still contains data that is used later on, leading to a use-after-free. Given a race condition in a...