|
|
|
|
|
|
by ttyyzz
664 days ago
|
|
|
It was the most humongous deal if we talk about IT security. SQL injection shouldn't be a thing in today's IT landscapes. And here we are giving everyone and their mother admin access to a database where the attackers can literally get not only on a plane but also in the fucking Cockpit. So yes, big big deal. |
|
|
You can easily get on a plane, you buy a ticket to board it.
People try and succeed to get weapons through TSA checkpoints. I don't know what the idea is though. If you want to shoot and kill someone, do it at the security checkpoint, as happened at Domodedovo. People hijacked planes because the media covered it. You could also hijack busses. I don't know. What is the threat model?
Bag handlers smuggle drugs. I don't know. Airports are fairly porous.
I don't think this little SQL hack gets you into a cockpit. I suppose I could also buy an ordinary ticket, change in the bathroom into pilot clothes, and then bluff my way in. It should be obvious what personal facts about me make that easier for me than for someone else.
Do you see what I mean? This isn't a big deal. It's fun to be dramatic about that's for sure. IMO the large number of high drama personalities in the "security" field - when you are a customer, and on the other side, the technical person is high drama - is harmful to security goals.