Get a boarding pass, steal someone's identity

alex at alten.org alex at alten.org
Wed May 10 02:36:59 EDT 2006 

> ----- Original Message -----
> From: "Steven M. Bellovin" <smb at cs.columbia.edu>
> To: "Perry E. Metzger" <perry at piermont.com>
> Subject: Re: Get a boarding pass, steal someone's identity
> Date: Mon, 8 May 2006 11:15:56 -0400
> 
> 
> On Mon, 08 May 2006 10:38:38 -0400, "Perry E. Metzger"
> <perry at piermont.com> wrote:
> 
> >
> > The person who sent this asked that I forward it anonymously.
> >
> > From:
> > Subject: Re: Get a boarding pass, steal someone's identity
> > To: "Perry E. Metzger" <perry at piermont.com>
> >
> > (If you want to post this, please make it anonymous.  Thanks.)
> >
> > Have you noticed that airline tickets are once again de-facto  
> > transferable?  If you print your own boarding pass at home, you 
> > can  digitally change the name on it before you print.  If you 
> > have no  bags to check, then the person who checks your ID at the 
> > security  checkpoint has no way to read the bar code, and the 
> > person who reads  the bar code at the gate does not check your ID.
> >
> This is hardly either news or sensitive.  Schneier described it in
> CRYPTOGRAM almost 3 years ago
> (http://www.schneier.com/crypto-gram-0308.html#6), as did Eric Rescorla
> (http://www.rtfm.com/movabletype/archives/2003_10.html#000546); it's also
> been in Slate (http://www.slate.com/id/2113157/fr/rss/).
> 
> 

What's even more hilarious is the "random" body searches depend on a
code (my tickets use "SSSSSS") printed on the boarding pass.  To prevent
you from erasing the code via the Paint program or similar they make
you go to a kiosk to print it out.  But, if you fly regularly, you will
know that whenever they block you from printing a ticket via the web that
this indicates you will be body searched.  So take an old electronic ticket
(if you fly regularly) without the code, change the dates, etc., print it 
out and use it to get through security without a body search.

- Alex



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list