#CyberFLASH: Flight booking systems lack basic privacy safeguards, researchers say

GettyImages-556421117Major travel booking systems lack a proper way to authenticate air travelers, making it easy to hack the short code used on many boarding passes to alter flight details or steal sensitive personal data, security researchers warned on Tuesday.

Passenger Name Records (PNR) are used to store reservations with links to a traveler’s name, travel dates, itinerary, ticket details, phone and email contacts, travel agent, credit card numbers, seat number and baggage information.

The six-digit codes act as pincodes for locating travel records, albeit with vital differences that make them highly insecure compared with even the simple usernames and passwords that consumers use to access email or websites, the researchers said.

The world’s three major global distribution systems (GDS) – Amadeus, Sabre and Travelport – manage a majority of travel reservations but face growing competition from airlines and corporate travel and online booking sites.

“While the rest of the Internet is debating which second and third factors to use, GDSs do not offer a first authentication factor,” researchers at Berlin-based Security Research Labs said in a statement.

Read more here

#CyberFLASH: The Face of Operation Anon Down

ff_anonymous_fAfter a cagy meal of cheap Chinese — suspiciously eyeing diners showing any interest in our conversation — the man who has been the faceless face of Anonymous during this summer’s campaign of leaked secret government documents opens a fortune cookie: “People find difficult to resist you persuasive manner,” its broken English reads.

“I hope so,” he quips. He wants to persuade, although his tools and tactics are infinitely controversial.

This meeting was inordinately difficult to arrange. It required encrypted communication on various platforms, code words and passwords, trust and promises, travel to an undisclosed location, difficult logistics and strict technical requirements.

The result, however, is the only in-person interview with the spokesman for a cell of a secretive global hacktivist group engaged in a furious protest over July’s fatal RCMP shooting of an Anonymous protester in British Columbia.

The shooting brought a headline-grabbing vendetta: cyber attacks on police websites, demands for charges against officers, threats to reveal private information about investigators, allegations of gross misconduct by a public figure, heated rhetoric on social media and — most notably — the release of actual federal Cabinet secrets.

Read more here

Accessing email server from Canada supported personal jurisdiction in the U.S.


The Second Circuit reversed a District Court that held it could not exercise personal jurisdiction over a Canadian defendant accused of accessing email servers located in Connecticut.

Defendant lived and worked in Canada for a U.S.-based company having its principal place of business in Connecticut. She knew her company’s email servers were located in Connecticut.

When she learned that she was about to be terminated from her position, she forwarded confidential company data from her work email account to her personal account.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.