FC: Reuters on TSA's password-protected files: Not a great idea...

From: Declan McCullagh (declanat_private)
Date: Thu Jan 02 2003 - 14:57:23 PST

  • Next message: Declan McCullagh: "FC: Steve Mann's struggles with Verisign and modest Perl proposal"

        Encryption of Agency's Web Documents Probed
        Tue December 24, 2002 01:27 PM ET
        NEW YORK (Reuters) - Computer security followers are questioning the
        way the U.S. transportation security administration, which oversees
        airport security and other transportation issues, is protecting some
        restricted documents on its Web site.
        Four documents available on the "Security and Law Enforcement" section
        of the TSA Web site can be accessed and stored by any Internet user. A
        password in Microsoft Word keeps the document from curious eyes.
        But once on a user's hard drive, the documents -- intended for local
        law enforcement and airport management -- can then be probed by
        password-breaking software that can spend days or weeks trying
        combinations of passwords, without triggering a security alarm or
        locking the user out of the file.
        A reporter for CNET News.com wrote on Monday that he was able to
        secure the password for the documents from a person he did not name.
        The Transportation Security Administration defended the protection of
        the documents.
        "We think it's safe," a spokesman said. "From our standpoint it's very
        workable and secure."
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/
    Declan McCullagh's photographs are at http://www.mccullagh.org/
    Like Politech? Make a donation here: http://www.politechbot.com/donate/
    Recent CNET News.com articles: http://news.search.com/search?q=declan

    This archive was generated by hypermail 2b30 : Thu Jan 02 2003 - 18:42:33 PST