[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[DFRI-listan] Fwd: [hub@xxxxxxxx] PNR hacking demo today at CCC

To: "listan@xxxxxxxxxxxxx" <listan@xxxxxxxxxxxxx>
Subject: [DFRI-listan] Fwd: [hub@xxxxxxxx] PNR hacking demo today at CCC
From: Erik Josefsson <erik.hjalmar.josefsson@xxxxxxxxx>
Date: Tue, 27 Dec 2016 19:05:25 +0100
In-reply-to: <58629A85.27280.74D878B@edward.hasbrouck.org>
References: <58629A85.27280.74D878B@edward.hasbrouck.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Icedove/45.4.0

-------- Forwarded Message --------
Subject: [hub@xxxxxxxx] PNR hacking demo today at CCC
Date: Tue, 27 Dec 2016 08:44:53 -0800
From: Edward Hasbrouck <edward@xxxxxxxxxxxxx>
Reply-To: PNR mailing list <hub@xxxxxxxx>
Organisation: The Practical Nomad
To: hub-at-mypnr.eu@xxxxxxxxxxxxxxx

https://hasbrouck.org/blog/archives/002279.html

Today at the 33rd Chaos Communication Congress (33C3) in Hamburg,
Germany, white-hat hackers from Security Research Labs will publicly
demonstrate their ability to access and alter other people's airline
reservations (PNRs).
They exploit vulnerabilities including ones that I wrote about and
called to the attention of all of the four major Computerized
Reservation Systems in 2002. But the CRSs have made a deliberate choice
not to close these because (a) government authorities have not enforced
existing data protection laws (in other countries than the USA, which
has no such laws) against CRSs, airlines, or travel agencies, and (b)
these travel companies put their profits ahead of passengers' privacy
and security.
There's been some advance coverage in German news media. But the CRS
exploits discussed in these news stories are not the most serious of
those that I expect the folks from SRLabs (perhaps best known for their
previous public demonstrations of "BadUSB" exploits) to demonstrate at
33C3. Watch the livestream here at 21:45 CET in Hamburg:
https://streaming.media.ccc.de/33c3

Recorded video will be posted later, but I don't know how soon. I'll add
a link once it is available.

In the meantime, here are links and answers to some of the most
frequently-asked  questions I've been getting in the last few days:

https://hasbrouck.org/blog/archives/002279.html

Best regards,

Edward Hasbrouck

----------------
Edward Hasbrouck
<edward@xxxxxxxxxxxxx>
<https://hasbrouck.org>
<https://twitter.com/ehasbrouck>
+1-415-824-0214

"The Practical Nomad: How to Travel Around the World" (5th ed., 2011)
<https://hasbrouck.org/PN>

Consultant to The Identity Project:
<https://papersplease.org>

GnuPG/PGP public key:
<https://hasbrouck.org/ehasbrouck.asc>
fingerprint:
0B0B 8F74 CEA3 83AB 97B3 F6AF BB7E F636 165C 22F5

_______________________________________________
hub-at-mypnr.eu mailing list
hub-at-mypnr.eu@xxxxxxxxxxxxxxx
http://lists.xwalck.se/cgi-bin/mailman/listinfo/hub-at-mypnr.eu

Attachment: signature.asc
Description: OpenPGP digital signature

Prev by Date: [DFRI-listan] Rättsliga aspekter på att driva Tor-relän
Next by Date: [DFRI-listan] Activist Media Appointment in Turkey
Previous by thread: [DFRI-listan] Rättsliga aspekter på att driva Tor-relän
Next by thread: [DFRI-listan] Activist Media Appointment in Turkey
Index(es):
- Date
- Thread