This was a lovely, fun and lighthearted read, not what you'd expect from an IT security post. (Thanks for posting--I was about to, you beat me to the punch!)

TLDR: Don't publicly share your boarding pass or booking reference/record locator, because it can be used to log into airline websites and get personal information, in some cases including your passport number.
posted by Pfardentrott at 8:17 AM on September 16, 2020 [2 favorites]

This piece made me laugh out loud several times. Lots of fun. And my jaw dropped at the May 1st phone call.
posted by brainwane at 8:19 AM on September 16, 2020 [2 favorites]

This is amazing and I cannot imagine the fortitude of a man who had Tony Abbott's personal phone number and did not immediately try and ruin his day with it. The sheer ethics on this man.

Also I am not surprised that Amadeus would do shit like this. I have heard stories.
posted by Merus at 8:22 AM on September 16, 2020 [12 favorites]

This was entertaining writing, although the fun was dampened a bit by the failure to mention what a colossal fucking arsehole Abbott is. In fact it kind of describes him as a nice guy, a cool Australian who needs a little computer help, and not as, say, a misogynist, racist, homophobic shithead.
posted by EndsOfInvention at 8:25 AM on September 16, 2020 [32 favorites]

Well, Tony Abbott showing curiosity and wanting to broaden his understanding of an area where he knows he is ignorant is a bit of a turn-up for the books but it is also behaviour I want to see more of from Abbott
posted by Merus at 8:40 AM on September 16, 2020 [8 favorites]

But let us dispense with frivolous cog talk. Cheap tricks such as “Inspect Element” are used by programmers to try and understand how the website works. This is ultimately futile: Nobody can understand how websites work.

The hack is strong with this one.
posted by flabdablet at 9:02 AM on September 16, 2020 [20 favorites]

This was entertaining writing, although the fun was dampened a bit by the failure to mention what a colossal fucking arsehole Abbott is. In fact it kind of describes him as a nice guy, a cool Australian who needs a little computer help, and not as, say, a misogynist, racist, homophobic shithead.

I loved this piece, but yeah, this is the danger of apolitical collegiality. The people overseeing cruel, racist systems can be nice! But that doesn't change the racism and cruelty of the systems they ran.
posted by Ouverture at 9:15 AM on September 16, 2020 [14 favorites]

Anybody who knows anything about the history of Australia's National Broadband Network already understands that Abbott is as clueless when it comes to IT as he is on practically any other topic you care to name with the notable exception of the public promotion of Tony Abbott.

In particular, you wouldn't get a ciggie paper between Abbott and Trump on global warming. And Abbott had been using it as a political wedge issue and making it a culture war signifier for years before Trump was even elected.
posted by flabdablet at 9:39 AM on September 16, 2020 [10 favorites]

This poor excuse for the complete failure of a human being, the dickhead onion eater called Tony Abbot who the British government have appointed as a trade adviser. Mr clean coal, the racist, misogynist and homophobe. Pity nothing seriously untoward happened.
posted by adamvasco at 9:50 AM on September 16, 2020 [4 favorites]

I think this post has blown up, and that the audience mangopdf was originally writing for would use “Tony Abbot” as shorthand for “ colossal fucking arsehole and then some”. That’s what makes his humanisation so surprising - and also why the author was afraid of being chucked into the cybercrime hole by the cops
posted by The River Ivel at 10:02 AM on September 16, 2020 [18 favorites]

Yeah, I agree with The River Ivel on the intended audience and the intended reading.
posted by brainwane at 10:15 AM on September 16, 2020 [1 favorite]

I really loved this bit:

We’re not done just because a web page says we’re done

I wanted to see if there were juicy things hidden inside the page. To do it, I had to use the only hacker tool I know.

[caption] Right click > Inspect Element, all you need to subvert the Commonwealth of Australia

Listen. This is the only part of the story that might be confused for highly elite computer skill. It’s not, though. Maybe later someone will show you this same thing to try and flex, acting like only they know how to do it. You will not go gently into that good night. You will refuse to acknowledge their flex, killing them instantly.

And the annotations! Like "after years of practice, i now think entirely in lowercase"! And

I explain the security issue I want to report, and midway through he interrupts with “sorry…. who are you and what’s the organisation you’re calling from?” and I’m like “uhhhh I mean my name is Alex and uhh I’m not calling from any organisation I’m just like a person?? I just found this thing and…”.

I have SO BEEN THERE in Alex's place, explaining that I am a weird solo person who does not represent any particular institution and have wandered into your chess game unarmed.
posted by brainwane at 10:21 AM on September 16, 2020 [16 favorites]

That was a great article! So funny and well written, such good explanations of what happened.
posted by medusa at 10:45 AM on September 16, 2020 [1 favorite]

Reminds me that you can just go on twitter and search for "my new credit card" and almost always find someone posting an image of their new card in a moment or two...(not going to link to them but super not hard to find...) I know there were some twitter handles that were re-tweeting them but looks like the ones I knew about haven't in a while....
posted by inflatablekiwi at 11:43 AM on September 16, 2020 [1 favorite]

Well now I'm going to Right Click>Inspect Element on every booking to see what the airline is saying about me.
posted by TWinbrook8 at 12:22 PM on September 16, 2020 [1 favorite]

I mean, fuck Tony Abbott, but I can also see why the author may not have included the phrase "fuck Tony Abbott" in the process of trying to do things above board, which involved getting fuck Tony Abbott's office to sign off on the post.

I kind of assumed that "Anyway that’s why I vote right wing now baybeeeee" was a nod in that direction, but I am entirely biased by the fact that this writing style is my jam.
posted by evidenceofabsence at 12:29 PM on September 16, 2020 [9 favorites]

Saw this a little while ago when a MeFite tweeted it; great story, thanks for posting. And so well-written that a non-techie like me can get most of the jokes.
posted by Pink Frost at 12:29 PM on September 16, 2020 [1 favorite]

We can live in a future TWinbrook8 with wearable screens that update as the flight add more details...

Nice read!
posted by k3ninho at 12:31 PM on September 16, 2020

In the end, this is a viral post highlighting the embarrassing fact that Tony Abbott posted his boarding pass including barcode and record locator on the internet--so in addition to serving its primary purpose of being entertaining and informative, I think it kind of slyly works as political journalism too.
posted by Pfardentrott at 1:21 PM on September 16, 2020 [3 favorites]

I tend to lean the other way with this. Why do disposable, paper boarding passes that ALREADY have so much personal info on them also provide the keys to the kingdom for anyone who has ever right-clicked on a webpage? When the security is so weak that I could teach it to random 10yos inside of the airport, I'm leaning toward it being the airlines who should be embarrassed, not the person who has taken a pic of their boarding pass.
posted by nushustu at 1:52 PM on September 16, 2020 [8 favorites]

TWinbrook8, if you find Harold Holt in there I think you're legally obligated to come back here and tell us.
posted by evidenceofabsence at 1:59 PM on September 16, 2020 [4 favorites]

Also fun: "hard mode"! (check the box then elsewhere on the screen) 🍊🍎🍌
posted by pianissimo at 5:44 PM on September 16, 2020 [1 favorite]

I loved this, thanks for posting it. It was funny and demystifying, and I'm definitely going to read more of his stuff. One of my favorite parts:

I also asked whether they could give me permission to publish this blog post, and they were all like “Seen 2:35pm”.
posted by theatro at 5:45 PM on September 16, 2020

My more enterprising 7th graders use "inspect element" to remove the 0's from their grade book before showing their parents.
posted by nestor_makhno at 6:13 PM on September 16, 2020 [6 favorites]

"show page source" is a handy tool for speeding through a number of mandatory online corporate training modules at my workplace, I've found. Only thing is that it's so easy that I have to remember to slow down lest my ability to finish a half day of training in 10 minutes triggers some alarm bells.
posted by senor biggles at 7:01 PM on September 16, 2020 [3 favorites]

Okay, the diversion to the giant orange wheezing kazoo thing left me in tears.
posted by MrVisible at 8:14 PM on September 16, 2020 [1 favorite]

"show page source" is a handy tool for speeding through a number of mandatory online corporate training modules at my workplace, I've found.

You can't just leave us hanging like that. Give me some details which I definitely will not use to commit crimes.
posted by medusa at 8:55 PM on September 16, 2020 [6 favorites]

Often a poorly written training webpage will send more information than is strictly required to render the page, such as the URL of the final quiz, or even the URL of where it sends you if you complete the quiz correctly. The quiz questions might be visibly marked as "correct" and "incorrect" in the source.

For the first year or so, the Washington Post's anti-adblock wall would render the entire page before fading it out and requiring you to disable your ad blocker, but you could right-click, inspect element, and then remove the anti-adblock wall and whatever stopped the page from scrolling. They've fixed it now, unfortunately.
posted by Merus at 9:37 PM on September 16, 2020 [3 favorites]

Developer tools is a super useful thing if you have the right skills to use it. I would say, yeah, tier 1 of internet haxxoring is turning off an anti-adblock wall or just seeing what random text is embedded in the page itself, sometimes you find a prime minister's phone number. Next you learn how to pick apart the data requests made (XHR/JSON/etc.) and work out what data might be hidden there. Then you learn how to interrogate the JavaScript objects attached to the window and invert the thought process of the programmer who made the page.

At this point you're ready to start writing code that uses Chromedriver to manipulate the webpage programatically and extract its bones and cronch them. Mastering this, at last you're ready to embark on the phase that's like that part in a sci-fi film where the AI breaks free and starts to convert the solar system to paperclips. I've actually had to build a toolchain to pick apart a website serving a user's manual using a custom flash widget that dumps the pages out as individual SWF entities, and push each of them through a flash to image to OCR pipeline and convert the entire online insane Flash manual to a more usable text-based PDF.

Of course, now that browsers don't do Flash anymore, they replaced that with basically the same insane process except each page is just a picture of a page rather than flash. As if someone came back to revisit this stupid thing after Flash got banned, and thought "what's the dumbest way I can go about this?"
posted by axiom at 10:53 PM on September 16, 2020 [5 favorites]

All this useful info buried in the source code and to date I have only used that trick to solve geocaching puzzles.
posted by pianissimo at 11:52 PM on September 16, 2020 [4 favorites]

I’m disappoint that, as far as I can tell, there’s no joke buried in the HTML when you click Inspect Element.

Great story, though.
posted by Kattullus at 1:27 AM on September 17, 2020 [1 favorite]

Most entertaining thing I've read on the Web this year, thanks so much for posting this!
posted by Dysk at 5:33 AM on September 17, 2020 [2 favorites]

It's pretty telling that the actual trick takes him a few hours, but the saga of reporting what happened in an above-board way takes months.

Also, the part where the 'contact me' form on Tony Abbott's webpage does not work at all and just returns a 403 error. I think we've all been there....
posted by subdee at 6:56 AM on September 17, 2020 [3 favorites]

This was an enjoyable read.

I’d said that people post pictures of their boarding passes all the time, not knowing that it can sometimes be used to get their passport number and stuff.

A couple of months ago I found a book which I clearly has been reading in 2009 when I took a pair of flights from Vancouver BC to Dawson City in the Yukon. I know this because my boarding passes for that day were tucked in as a bookmark. National carrier Air Canada was the first flight to Whitehorse; I made a connection there to regional carrier Air North, which has somewhat less in the way of resources. My AC boarding pass looked exactly as it did when it came out of the printer eleven years ago. The Air North one was on thermal paper and the entire sheet had faded to a soothing and undifferentiated silvery-grey, like a heavy fog. I confess I did post a shot of the two passes on social media with the legible AC pass almost entirely obscured save for a bit of my name. If someone could somehow fish information to find out the number of the passport I had in 2009 from that white noise, more power to them.
posted by ricochet biscuit at 7:05 AM on September 17, 2020 [1 favorite]

OTOH, sometimes I’m randomly assigned Pre-check, not having gone through the program, and I wonder if there is some way to insert that code into the matrix.
posted by TWinbrook8 at 9:51 AM on September 17, 2020

> I’m disappoint that, as far as I can tell, there’s no joke buried in the HTML when you click Inspect Element.

I don't want to spoil it, but there is an easter egg to be found the main page.
posted by fragmede at 6:25 PM on September 17, 2020 [1 favorite]

The people overseeing cruel, racist systems can be nice

No one who knows Tony Abbott would ever describe him as nice.
posted by daybeforetheday at 3:28 AM on September 18, 2020 [1 favorite]

Many horrible people are quite personable, even friendly, when it suits them. It costs them very little.
posted by Chrysopoeia at 7:43 AM on September 18, 2020 [2 favorites]