https://waterpigs.co.uk/services/microformats-to-atom/?url=https%3A//kampusg.blogspot.com https://www.blogger.com/profile/07165318657263240552 https://kampusg.blogspot.com https://kampusg.blogspot.com/2023/01/a-hacker-stumbled-upon-tsas-no-fly-list.html A hacker stumbled upon TSA's no-fly list via unsecured … 2023-01-22T12:08:00-08:00 2023-01-22T12:08:00-08:00

Everybody makes mistakes at work but, leaving the no-fly list exposed on the internet seems like a really bad mess-up.

That's reportedly what happened with the U.S. airline CommuteAir. The Daily Dot reported(Opens in a new window) that a Swiss hacker known as "maia arson crimew" found the unsecured server while using the specialized search engine Shodan. There was apparently a lot of sensitive information on the server, including a version of the no-fly list from four years ago. Somewhat hilariously that was reportedly found via a text file labeled "NoFly.csv." That is...not hard to guess.

A blog post(Opens in a new window) from crimew titled "how to completely own an airline in 3 easy steps" cited boredom as the reason for finding the server. They were just poking around and found it.

"At this point, I've probably clicked through about 20 boring exposed servers with very little of any interest, when I suddenly start seeing some familiar words," crimew says in their blogpost. "'ACARS', lots of mentions of 'crew' and so on. Lots of words I've heard before, most likely while binge-watching Mentour Pilot YouTube videos. Jackpot. An exposed jenkins server belonging to CommuteAir."
http://activitystrea.ms/schema/1.0/article