Don't post photos to the micro-ticket friends: be careful of hackers targeting-flights, tickets, information on privacy-IT
With the Internet, airline booking seems to become especially quick and easy, selection, value, everything can be done on the phone, then ticket at the airport boarding gate.
General this is indeed the case-as long as you have not been targeted by hackers.
Germany a safety Research Institute recently released a security report shows that we currently use air ticket reservation system there is a huge security hole. 3 the world's largest ticket distribution system in the world (referred to as GDS) unreasonable storage/use of passenger information, but do not appropriate measures of protection.
Amadeus, and Sabre, and Travelport GDS three mastering 90% booking behavior, according to Germany the security researcher reports, which distribute the three giants of the IT systems are very old, from 780 of the last century, with the passage of time, they are only parts of the system have been updated, rather than the entire schema upgrades. This means, the security index system is very weak.
Each after GDS distribution of tickets will has a PNR code (PNR also said set seat records number, records has passenger set seat of full information, General for five bit digital and letters of combination, now has upgrade to six bit), this coding was print in tickets and luggage signed Shang, so as long as was see or took to has you of tickets or luggage signed, theory he on can get you booking Shi reserved of information, including family address, and mailbox, and phone, and credit card,, and often passenger number, and you booking Shi of IP address.
(This is the associated PNR code behind the passenger information, including email, phone, credit card and other information)
And to make matters worse, due to the airline and GDS are not limiting the number of password authentication, so very brutal ways for hackers to crack your password . In this way, a hacker can change your booking information, your trip could be canceled, or if you receive an itinerary you didn't make a reservation. More common and more frightening is the possibility of incoming Internet fraud--because the crooks already know that all of your information.
Now that we know the problem is how that happens, solutions: upgrading security systems. Limiting the number of each IP address to access booking information, reinforced with verification code to password-protected, even current PBR yards had to be replaced with a more scientific approach--but this may be a relatively lengthy process.
别再把机票照片发到
微信朋友圈:小心黑客盯上 - 机票,车票,隐私 - IT资讯
有了互联网,订机票似乎变得特别简单快捷,选座、值机,一切都可以在手机上完成,到时候去机场取票登机就可以。
常规的情况的确是这样——只要你没有被黑客盯上。
德国的一个安全研究院日前发布了一份安全报告,显示我们目前使用的机票预定系统存在巨大的安全漏洞。3个全世界最大的全球票务分发系统(简称GDS)不合理地储存/使用旅客信息,但又做不好相应的保护措施。
Amadeus、Sabre、和Travelport三个GDS掌握了90%的订票行为,而根据德国这个安全研究员的报告,这三个分发巨头的IT系统都极其老旧,源自上世纪七八十年代,随着时间的推移,他们只对系统的部分做了更新,而不是整个架构的升级。这意味着,这种系统的安全指数是十分虚弱的。
每个经过GDS分发的机票都会有一个PNR码(PNR也称订座记录编号,记录了旅客订座的完整信息,一般为五位数字与字母的组合,现已升级到六位),这个编码被打印在机票和行李签上,所以只要有人看到或者拍到了你的机票或行李签,理论上他就可以获得你订票时预留的信息,包括家庭住址、邮箱、电话、信用卡号、常旅客号码,以及你订票时的IP地址。
(这是PNR码后面关联的旅客信息,包括邮箱、电话、信用卡号等各种信息)
更糟糕的是,由于现在的航空公司和GDS都没有限制密码验证的次数,所以黑客可以通过非常粗暴的方式破解你的密码。这样一来,黑客可以变更你的订票信息,你的行程可能会被取消,或者收到一个你没有预定的行程。更常见也更可怕的是可能会有接踵而来的网络诈骗——因为骗子已经知道了你所有的信息。
既然我们知道了问题是怎么产生的,解决方案也就有了:升级安全系统。限制每个IP地址访问访问订票信息的次数,用验证码来加固密码保护,甚至现行的PBR码也要用一种更科学的方法替代——但这个可能是一个相对漫长的工作。