In April, @samwcyo and I discovered a way to bypass airport security via SQL injection in a database of crewmembers. Unfortunately, DHS ghosted us after we disclosed the issue, and the TSA attempted to cover up what we found.

Here is our writeup: https://t.co/g9orwwgoxt

— Ian Carroll (@iangcarroll) August 29, 2024