Sydney Domestic Security Meltdown – The Day Paranoia Reigned

Posted on April 20, 2011 by Brad Heap

About 3.30pm yesterday one of the security scanners at Sydney’s Domestic Terminal lost power resulting in 16 passengers passing through security without being correctly screened. Out of the many thousands of passengers who pass through Sydney Domestic every day this is a very minor problem.

However, the paranoia that has strangled the airline industry since the September 11 attacks saw what was a minor security machine malfunction turn into a farce that affected flights and travellers across Australia. All passengers in the terminal, and on flights that were still boarding at Sydney Domestic were forced to leave the air-side area of the terminal and planes landing at the airport were made to queue for hours on the tarmac until every passenger was re-screened.

In other words the failure to correctly screen 16 passengers resulted in thousands of people being stuffed about by overbearing and unnecessary security regulations which see public freedom curtailed in the name of fighting an invisible and mostly physiological enemy.

This paranoia and curtailing of public freedom has sees us live in a society where you are many times more likely to be killed in a plane accident than a terrorist attack. Yet in the United States $8.1 billion is spent on the TSA to enforce ~~compulsory child molestation~~ air-line security while only $77 million is spent on investigating airline accidents.

It is all a bit ridiculous isn’t it? Which reminds me of this infographic:

Terrorist Attack Infographic

My hope is one day we will wake to the realisation that the biggest threat to our safety and freedom is not a few men who live in dusty caves in the middle-east but instead our own governments curtailing our freedoms in a manner akin to that of Orwell’s 1984.

Auckland City Council’s Carparking Machines were hacked not skimmed

Posted on November 26, 2009 by Brad Heap

Breaking news seems to be coming form the Twitterverse this morning.

It appears that the Auckland City Council’s parking machines were storing the credit card numbers of all cards entered into the machines and the database storing this data has been hacked.

There is a discussion going on here at Public Address: http://publicaddress.net/system/topic,2226,hard-news-a-bigger-breach.sm

There is no reason why after the transaction was processed for the council to store the credit card numbers unless they were using them as a form of tracking of people using the carpark, if this is the case they still should have never stored the credit card numbers, at a minimum a hash sum of the number would have worked. There appears to be much more to come on this story.

Update:

This just in from Mr A. Source:

Auckland City’s PCI certification is under serious review which will compromise their ability to carry out any credit card transactions. This will also potentially impact the new Auckland Council. Basically, internal systems at Auckland City have been compromised.

http://publicaddress.net/system/topic,2226,hard-news-a-bigger-breach.sm?p=142117#post142117

The ongoing Toll Road Website Saga

Posted on January 8, 2009 by Brad Heap

And today’s other top story.

NZTA was told in mid December they had security issues but did nothing.

http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10550914

Does the NZTA even know what HTTPS is?

Posted on January 7, 2009 by Brad Heap

I have been laughing over the last few days as the New Zealand Transport Authority has become more red faced over the massive security hole in their toll road payment system.

On January 25 the Silverdale to Puhoi motorway extension will open, however to drive on it you will need to pay tolls, and for the last two months or so the NZTA have been advertising the www.tollroad.govt.nz website heavily so regulary uses of the new road can set up accounts.

On Monday a computer user realised that the website was not encrypting credit card information which means that anyone who knows anything about packet snifting or the like could intercept peoples credit card details as they used the website.

Now first and foremost this should never happen. Not on any ecommerce site, let alone a government website. Ecommerce programing 101 would surely teach you that first you must always encrypt data through using SSL and HTTPS not plain HTTP.

But what was more funny is that the red faced NZTA denied that there was anything wrong with the site! Refusing to take it offline or stop processing accounts.

That was until today when with egg on their face they took down the site for maintenance and admitted they stuffed up. Time to get new programmers one thinks.