Shostack + Friends Blog Archive


US Air Force Hack and TSA

I just blogged about a breach of data which could be used for ID theft in “US Air Force, 33,000 SSNs, Hacker.” I’d like to tie that to a story I mentioned earlier this week, “TSA May Loosen Ban on Razorblades, Knives:”

The Aug. 5 memo recommends reducing patdowns by giving screeners the discretion not to search those wearing tight-fitting clothes. It also suggests exempting several categories of passengers from screening, including federal judges, members of Congress, Cabinet members, state governors, high-ranking military officers and those with high-level security clearances.

I’d be very curious to know how many of those 33,000 officers would be exempted from secondary screening. I’d be even more curious to know how many terrorists impersonating one of those officers would be exempt. I’ll say it again: identity data, unless backed by biometric databases which are immune to hackers, does not and can not make us secure. We do not know how to build a database which is immune to hackers, bribery of its operators, or even operator error.