cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

Don't print boarding passes?

OK, some "security expert" has told a reporter to warn people not to print their boarding passes for flights.

 

Instead, you should use the airline app and show the digital boarding pass.  Thus requiring you to turn the brightness on your phone all the way to the max, hand your phone over to the airline check-in people, and store all that data on your phone so that it can be stolen.

 

Oh, and you should never take a picture of your ticket and/or passport and post it on Instagram.

 

I'm sensing, here, that this is someone manufacturing a problem in order to provide a solution.  I mean, how stupid does he think some people are?

 

(OK, I withdraw the question ...)


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
8 Replies
Kaity
Community Manager


@rslade wrote:

 

Oh, and you should never take a picture of your ticket and/or passport and post it on Instagram.

 


It's a bit frightening how people don't seem to know this ... 

dcontesti
Community Champion


@rslade wrote:

.

 

I'm sensing, here, that this is someone manufacturing a problem in order to provide a solution.  I mean, how stupid does he think some people are?

 

(OK, I withdraw the question ...)


Okay, am glad you withdrew the question..................

CraginS
Defender I


@rslade wrote:

OK, some "security expert" has told a reporter to warn people not to print their boarding passes for flights.

...

I'm sensing, here, that this is someone manufacturing a problem in order to provide a solution.  ...

I ran a web search on the name of the "security expert." Hmmm, strong executive experience at IBM running their threat intel organization, and now as CEO of a healthcare security consultancy. He holds degrees in EE and tech management, and his various bios and LI profile show a lot of time in the public eye, including as a TED speaker. It appears he is a strong business manager and leader, but I do not see any credentials or experience of him actually doing security. 

 

I have to wonder, where is the anecdotal, or better, statistical, evidence that theft of frequent flyer points is a problem?

 

Craig

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
rslade
Influencer II

> KaityEagle (Community Manager) posted a new reply in Industry News on 11-22-2019

>   It's a bit frightening how people don't
> seem to know this ... 

Welcome to security. Sometimes it seems as if we live in a different universe than
everyone else ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
In infosec, CLOUD is an acronym: Could Lose Our Under Drawers
- http://twitter.com/#!/SecurityHumor/status/101409284180549632
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Shannon
Community Champion

 

 

Whoever came up with this should propose it to the airlines, and get them to alter their procedures to adopt it before passengers do. Currently, most of the airlines I travel with require a printout of the boarding pass --- if you have a soft copy, that's fine for an e-ticket.

 

The boarding pass printout is obtained from the counters when you check-in, and required at the security & boarding.

 

If I can't facilitate this and consequently miss my flight, the points aren't really going to matter to me.

 

As for taking a picture of that and sharing it, I'm not that far gone yet.  Man LOL

 

 

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz
MikeGlassman
Contributor II

Don't withdraw the question, because the answer is very. You don't think people who read these articles actually understand it all now do you.

 

I know people who have posted credit card info on facebook. I'm sure you've all heard the stories. Sadly, some are true.

 

The issue with boarding passes is something that only the airlines can rectify, and it's not all that difficult to do, but then, there's no difference between having it on your phone or in paper. All you have to not do with the paper boarding pass, is throw them away at the airport.

 

Too much information is stored as it is in the barcode, way too much.

 

By the way, there is absolutely no reason you would need to gibe the stewardess at the boarding gate your phone, you should be able to scan your own code into the scanner window. If they ask for your phone, simply refuse and say you are intelligent enough to do it yourself.

 

But, if anyone thinks that your info still can't be stolen, well....

Sincerely,

Mike Glassman, CISSP
Iguana man
rslade
Influencer II

Actually, I should admit to a really egregious security flop, and one the ISC2
actually caused/required. While I was doing the seminars, back in the days when
not every cell phone had a camera built into them (yes, I *am* that old), I got a
call for a seminar they wanted me to do--in a place where I needed a visa. Due to
the short time frame, they wanted me to email them a scan of my passport. and I
was *already* out teaching a seminar. So I had to *give* my passport to one of
the candidates in the seminar, have him scan it, email me the scan, so I could re-
email it to the ISC2 travel office so they could submit it for the visa ...

(For some reason I have just *way* too many stories resulting from that
particular seminar ...)

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
By the way, I hear that in addition to providing backdoors into
your computer, Adobe Reader has a new feature that can render
PDFs. - https://twitter.com/mattblaze/status/429679017030340609
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
CISOScott
Community Champion

I remember one time about 7 years ago, walking from work to the subway and I saw a bunch of papers in my path. Having the inquisitive mind that I have, I picked them up and it was someone's airline itinerary. I was shocked (shocked I tell you!) to see the amount of info on there. The most disturbing thing I saw on there (and it was for a flight for later on that evening) was that there was a dedicated link (I know you can't click on a printed link) but it was spelled out for this individual if they wanted to cancel their flight. If I was a jerk I could have messed up this individuals day. Hopefully the airlines would have had some other protections in there to actually verify I was the individual before allowing the cancellation, but I remember the link looking like it was personalized for this individual.