Biggest things I did not know: The damn things run Windows XP. And they are required to have Ethernet connections.
Naked pictures on a Windows box connected to the internet? I bet you a dollar they're already hacked.
The machines are also set up with a "Level Z" user, which is essentially an administrative user. Level Z users can access test mode (where images can be saved), export raw image files, and enable or disable privacy filters applied to images. The Level Z user also seems to be the only person who can create and modify accounts and change passwords.
TSA documents say the following people are Level Z users: people at TSA headquarters, contractor maintenance techs, and "super users." No details on who these "super users" are.
The machines also are required to be able to upload and download data to an internal hard drive, and to external USB drives. It is therefore not at all true that they "cannot" save images, as the TSA has claimed.
Knowing these technical details, I'm even less convinced of the TSA's ability to protect passenger privacy with these scanners than I was before. All it takes to save raw scanner images to a thumb drive is the password to the "Level Z" account? Please tell me that's not just a Windows XP admin account, because anyone with Google can learn how to get around that in 10 seconds.
No comments:
Post a Comment