Slightly off topic, but this is hardly the biggest blunder of the airline industry. A company I worked for last year absolutely tore them apart in a talk at 33c3.
In short, information like your address or passport number is easily accessible, and while it wasn't in the talk (I think), we were able to recover plaintext credit card numbers during the research.
Because the children have no control over who their parents are, and we shouldn't punish with a lifetime of diminished opportunities because their parents aren't as "good" as others.
Sure, and if we imagine a hypothetical entity that has 10 products with security holes and then releases and 11th, it might be worth looking at the 11th more suspiciously. Things don't happen in a vacuum.
The tool phones home. Their website doesn't have HTTPS. It's plausible that the tools phones home over an unencrypted channel (I didn't look, so I could be wrong).
My overall impression is that they don't do security very well.
Yes, but in theory some sort of MAC could stop it from accessing important files, or anti-virus could detect it and stop it too. But once the password leaves the computer, it's going to take a lot more effort to mitigate the damage. Also, your browser is on your side for protecting against malware, so for example if you have Flash disable, that's a whole vector you can just ignore.
> What makes an attack like this so effective is that you never expect to see something as convincing as this
I've been working on phishing and counter-phishing recently, and if someone is actually putting any effort in, you have to expect something like this. Very legitimate looking email, the correct signature (complete with up to date font/logo), and a virtually perfect copy of the login page to whatever service they're using. All of this, even just to target a single person, is under 8 hours of work, which is to say, it's a simple task for someone who really wants to phish you.
The article mentions having an IDS and disaster recovery plans, and this is the best you can hope for as pretty much everyone is susceptible to this, and AI still can be beaten.
> F.B.I. agents on the case, advised by N.S.A. technical experts, do not believe Mr. Martin is fully cooperating, the officials say. He has spoken mainly through his lawyers, James Wyda and Deborah Boardman of the federal public defender’s office in Baltimore.
It sounds like they're just mad that he didn't confess immediately, instead of doing the smart thing of having professional handle everything. Do they really expect someone to cooperate gladly when repercussions could be severe?
Since this is all about docs, having gone from Java/Scala to Rust, I cannot emphasize enough how much better Rust is at this. With `cargo doc` I get a local set of static files for the exact version of the libraries I'm using. Why can't everything be this easy?