Clear passenger data stolen. A unencrypted laptop with the personal data, including name, address, SSi number, passport number, date of birth, etc. of every one of the 33,000+ users of the the Clear system has been stolen. The Clear system allows travelers who register and pay an annual fee to bypass airport security lines by using a smart card in some airports. TSA has suspended new registrations until Verified Identity Pass, Inc., a subsidiary of GE, figures out how to install PGP. VIP is the only private contractor allowed to register users to the Clear system. Via
The Department of Homeland Security has expressed interest [PDFs] in forcing all commercial airline passengers to wear a taser bracelet that can be used to incapacitate anyone on an airline. This video, from the company that will produce the bracelets, explains how the bracelet would be put on the passenger at the point that they clear security, and would not be removed until they leave secure areas. It would take the place of boarding passes, carry personal and biometric information about the passengers, track and monitor every passenger via GPS and shock the wearer on command, immobilizing him or her for several minutes. DHS official, Paul S. Ruwaldt of the Science and Technology Directorate, office of Research and Development is also excited about the possiblility of using it as an interrogation tool at airports. Ah freedom, who knew it smelled like burning flesh?
A new MS Internet Explorer vulnerability is discovered. Most digerati already know about the spammer and lamer trick to publish URLs that look like legitimate hostnames to fool people in to trusting a malicious site. This trick is frequently used by spammers to steal people's PayPal accounts, by tricking them in to "resetting" their password at a site owned by the spammer but disguised as PayPal.com. Today's new IE vulnerability is significantly worse. By including an 0x01 character after the @ symbol in the fake URL, IE can be tricked in to not displaying the rest of the URL at all. Don't expect a patch right way, the guy who found the hole released it to BugTraq on the same day he notified Microsoft. (via Simon Willison)