Security News

2445 readers

1 users here now

founded 2 years ago

MODERATORS

[email protected]

Researchers find SQL injection to bypass airport TSA security checks (www.bleepingcomputer.com)

submitted 2 months ago by [email protected] to c/[email protected]

3 comments fedilink hide all child comments

Researchers Ian Carroll and Sam Curry discovered the vulnerability in FlyCASS, a third-party web-based service that some airlines use to manage the Known Crewmember (KCM) program and the Cockpit Access Security System (CASS). KCM is a Transportation Security Administration (TSA) initiative that allows pilots and flight attendants to skip security screening, and CASS enables authorized pilots to use jumpseats in cockpits when traveling.

Definitions:

SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.

-Wikipedia

top 3 comments

sorted by: hot top controversial new old

[–] [email protected] 24 points 2 months ago (1 children)

Jesus fucking Christ. It's 2024. Sanitize your inputs people.

[–] [email protected] 13 points 2 months ago

Especially since backend web frameworks do all this for you.

[–] [email protected] 17 points 2 months ago

Security theater: Shoes and belts off.

Security circus: Pilot Captain Bobby Tables.