Skip to main content


Showing posts from August, 2009

XSS Vulnerability in the Real Life: Passports

I'm traveling again. This time to Australia. I travel a few times a year, always departing from the U.S.

Each time I travel internationally, the check-in airline agent dutifully inspects my passport. The latter has acquired a sizable collection of visa labels, admittedly much flashier than the dull black-on-white photo page of the Polish passport. The visas usually occupy the whole page, look nice, and are formatted to somewhat resemble a passport page -- they have a picture, same personal data, and the two machine readable lines on the bottom.

Each and every time the airline personnel will ignore the photo page and look at the first official-enough-looking visa. Somehow it always happens to me in the U.S., and never abroad. Heck, they get angry at me for pointing out that they really should not be looking at the flashy visa labels, but at the picture page. Sigh.

Call me paranoid, but if this isn't a huge honking screaming-in-yer-face security vulnerability in the passport ins…