http://blog.washingtonpost.com/securityfix/2007/02/security_fix_report_on_tsa_sit.html?nav=rss_blogCiting reports by Security Fix and Wired, the chairman of the House Committee on Oversight and Government Reform is demanding that the Transportation Security Administration produce a raft of documents to explain why it created a Web site for airline travelers that lacked basic security protections.
In a letter sent Friday to the assistant secretary of the TSA, Rep. Henry Waxman (D-Calif.) ordered the agency to produce all documents "relating to the period during which the site operated without encrypted data transfer protections, including the number of travelers who may have submitted their personal information to the site during the period when the site was not SSL-protected." The TSA has until March 9 to submit the documents.
Referring to reporting by Wired's 27B Stroke 6 blogger Ryan Singel about numerous spelling errors on the site, Waxman noted: "In fact, the overall appearance of the site was so poor that web experts first assumed it was a so-called 'phishing' site, a site internet hackers had created to look like a TSA website page."
The "Travel Verification Identity Program" Web site was designed to provide redress for airline travelers who have been delayed or prevented from boarding a plane on account of their name matching an identical one on the agency's "no-fly" list. The Department of Homeland Security has since launched a new version of the site that addresses most of the concerns expressed in Waxman's letter.
By Brian Krebs | February 24, 2007; 12:30 PM ET