A pair of security researchers say they discovered a vulnerability in login systems for records that the Transportation Security Administration (TSA) uses to verify airline crew members at airport security checkpoints. The bug let anyone with a “basic knowledge of SQL injection” add themselves to airline rosters, potentially letting them breeze through security and into the cockpit of a commercial airplane, researcher Ian Carroll wrote in a blog post in August.
Carroll and his partner, Sam Curry, ...