This is absolutely nuts. SQL Injection 101 attack on a site authorized by DHS for TSA vetting of known crew members. I’d bet there aren’t even audit logs that would be able to show if the system was tampered with.
How many other auxiliary sites with deep ties into critical infrastructure are this poorly secured?
Follow
@gregatron5 @briankrebs @dangoodin
I can't give figures but probably far too many.
