I’m flying ATA to Seattle today, so I tried to use their web site to check in. I had some printer trouble while printing boarding passes, so I clicked the “Go Back” button on the boarding pass page. Imagine my surprise when I got someone else’s boarding pass. I immediately pegged it as a session-rollover hole, so I called ’em up and spoke to a helpful lady at their Internet service desk. I followed up with a screenshot showing the other passenger’s boarding pass, and they followed up with a call from their webmaster. It turns out that instead of including a “your session has timed out” page like, oh, 99.8% of other e-commerce sites, they throw up this fake boarding pass. It’s being fixed. I’m glad it was a placeholder and not a real security flaw, and I’m even gladder that they took prompt action to square it away. I hope their IT staff’s attitude is reflective of the flight and cabin crew’s attitude.
Office 365 for IT Pros
RSS
Paul's Down-Home Page 