FlyCASS essentially offers FAR121 and FAR135 airlines a way to manage KCM and CASS requests without having to develop their own infrastructure. It pitches itself as a service requiring zero upfront cost to airlines that can be fully set up in 24 hours, with no technical staff required.

The researchers note that each airline has its own login page, which is exposed to the internet. According to the research, these login pages could be bypassed using a simple SQL injection.

"With only a login page exposed, we thought we had hit a dead end," Carroll said in his writeup. "Just to be sure though, we tried a single quote in the username as a SQL injection test, and immediately received a MySQL error.

"This was a very bad sign, as it seemed the username was directly interpolated into the login SQL query. Sure enough, we had discovered SQL injection and were able to use sqlmap to confirm the issue. Using the username of ' or '1'='1 and password of ') OR MD5('1')=MD5('1, we were able to login to FlyCASS as an administrator of Air Transport International!" //

When it came to disclosing the findings, it seems the US authorities didn't want this coming out, if the researchers' account is anything to go by. Carroll says the DHS completely ignored all attempts to disclose the findings in a coordinated way.

He also claimed the TSA "issued dangerously incorrect statements about the vulnerability, denying what we had discovered." //

"After we informed the TSA of this, they deleted the section of their website that mentions manually entering an employee ID, and did not respond to our correction. We have confirmed that the interface used by TSOs still allows manual input of employee IDs."

As if that weren't twisted enough, now we learn that the TSA whistleblowers who came forward with their concerns about this development are facing retaliatory investigations of their own. //

As Leavitt also notes on Twitter/X, the Quiet Skies program has not even been shown to be effective at its purported aim. //

The whole Quiet Skies program seems like a civil liberties nightmare anyway.

Over four years the OIG examined, the found Quiet Skies confirmed precisely zero passengers as aviation security threats. I can think of far better uses for the hundreds of thousands of dollars DHS puts into this.

I ran into a friend, actor, and politician, Siaka Massaquoi, who looked fresh as a daisy. “Jeez,” I said to him. “This is brutal.”

“Yeah,” he replied with a smile. “I’ve been here since 3:30 am.”

What in the world? That was two hours before we arrived.

Turns out Siaka is on a “list.” He entered the Capitol on January 6, 2021, but has not been charged with anything. His apartment was raided by over 20 armed FBI agents on June 10, 2021, and he’s been under investigation ever since for “associating with members of a social media group.” //

As I keep repeating, he has not been charged or convicted of anything – isn’t this exactly what the Fifth Amendment was designed to prevent? Namely that you can’t be punished without due process? Where’s the due process here?

Julie Kelly 🇺🇸
@julie_kelly2
·
Follow
Americans charged—not convicted, charged—with petty offenses related to Jan 6 are on terrorist watch list at TSA and must undergo invasive, extensive searches numerous times. Any Republican who thinks this regime won’t do the same under “red flag” laws is an idiot. Or John Cornyn
2:25 PM · Jun 12, 2022

In an exclusive breaking story, several Federal Air Marshal whistleblowers have come forward with information showing that former U.S. Representative and Presidential candidate Tulsi Gabbard is currently enrolled in the Quiet Skies program. Quiet Skies is a TSA surveillance program with its own compartmentalized suspected terrorist watchlist. It is the same program being weaponized against J6 defendants and their families. Quiet Skies is allegedly used to protect traveling Americans from suspected domestic terrorists. //

Air Marshals were first assigned to Gabbard on Jul. 23, a day after she criticized Kamala Harris, Biden, and the National Security State in an interview with Laura Ingraham. FAMs were mobilized on Jul. 24 and assigned to their first flight with her on Jul. 25.

Q1. What kinds of batteries does the FAA allow in carry-on baggage (in the aircraft cabin)?

Q2. What kinds of batteries does the FAA allow in checked baggage (including gate-checked bags)?