Caution with the FAA UAS Registration Site

I just registered @ https://registermyuas.faa.gov ;. Upon completing and hitting submit, I was emailed someone else's registration. When I login, I am presented with someone's complete information. Sorry, Justin, maybe you got mine...

Views: 3582


Admin
Comment by Thomas J Coyle III on December 21, 2015 at 4:43pm

The FAA is in complete control and nothing can go wrong, nothing can go wrong, nothing can go wrong.......... LOL!!


Developer
Comment by Craig Elder on December 21, 2015 at 4:55pm

Did you forward that on to the FAA?

Comment by Mark on December 21, 2015 at 5:08pm

Beauty!

We're dealing with Amazon.com as host for registermyuas.faa.gov hosted on their cloud servers.

host registermyuas.faa.gov
registermyuas.faa.gov is an alias for d16417z4ai8aj5.cloudfront.net.
d16417z4ai8aj5.cloudfront.net has address 54.192.54.161
d16417z4ai8aj5.cloudfront.net has address 54.192.54.20
d16417z4ai8aj5.cloudfront.net has address 54.192.55.72
d16417z4ai8aj5.cloudfront.net has address 54.192.54.25
d16417z4ai8aj5.cloudfront.net has address 54.192.54.111
d16417z4ai8aj5.cloudfront.net has address 54.192.55.248
d16417z4ai8aj5.cloudfront.net has address 54.240.190.183
d16417z4ai8aj5.cloudfront.net has address 54.192.54.50

I don't know if it's good or bad, but I am blocking most of Amazon APIs and resources as I traced many activities to and from their servers.

So, FAA sells us to a third Acme parties "as-is" - take it or leave it.

Comment by JB on December 21, 2015 at 5:15pm

I wonder how many millions it will cost the FAA to reverse engineer that problem.  :-(

That you were sent the wrong registration is one thing, but that you got someone elses login is quite something else. Their emailing server must have a bug and is not assigning the correct email address to the right user. That requires quite some doing to stuff that up.

Expect black helicopters soon for hacking their system....

Comment by Mark on December 21, 2015 at 6:13pm

JB, it's not a mail server. Mail server does what it was told to do. Program, however feeds mail server with information to send. And that program is screwed by geniuses who wrote the program without extensive checking and verifying all possible scenarios of outcome.

My guess is it was done by the lowest bidder and/or by a short staff available at the time. I am doing it day-in-day-out and I may have an idea of what happened. Either way - projects like this best when done with good planning ahead, not on a short notice using Twitter's bootstrap.

Comment by Drone Tinker on December 21, 2015 at 7:31pm

Ah... Blind submission to the works of organized man herders. Nothing going on here aside from a slow operating modern version of Jonestown. Now I finally understand the other meaning of this web community's name :)

Comment by DG on December 21, 2015 at 7:45pm

Looks like I'll start using Outpost again to monitor all packets passing through my network. 

Over at RCG,  a screen capture was posted of someone claiming to have already been harassed by LOE for not having his drone registered by today. I can't confirm the validity, but this was just posted at Forbes

http://www.forbes.com/sites/johngoglia/2015/12/21/attention-model-a...

Comment by Philip Giacalone on December 22, 2015 at 1:34am

Hi Phillip,

Yikes! Looks like you've uncovered a major bug in the FAA's registration website. Did you report it? 

I've seen bugs like this before in poorly implemented websites. It can be caused by a middleware bug in which the server is incorrectly holding onto the user's session data. If that middleware is stateful (a bug), then the user has a good chance of seeing someone else's session data. Ooops!

These bugs can make it into production if the developers do not test under a multi-user scenario and in a test environment that matches production. 

BTW, it's not likely that Justin got Phillip's certificate -- although someone else probably did! 

In any event, the FAA database now contains an incorrect mixture of user data (your data is now mixed with Justin's data, etc). This creates a nasty problem for the FAA, since they will end up with an unknown number of completely invalid database entries. 

Comment by R. D. Starwalt on December 22, 2015 at 4:46am

I am at a loss on how to stop the insanity that is running rampant in federal, state, and municipal governments.

There really is a zombie plague. It is just exhibiting itself in the minds of people making these decisions.

In what universe does anyone think a registering a model airplane with a government database is productive or contributes to making anything better?

The Forbes article has one good statement:

...the people at the FAA responsible for this new registration requirement are either woefully incompetent or – worse – intentionally misleading the public and now law enforcement about its new registration requirements.  It seems high time for the DOT Inspector General or Congress to step in.

-=Doug

Comment by Paul on December 22, 2015 at 5:50am

Just for fun tried to visit the sign up page from Canada I get this.

ERROR

The request could not be satisfied.


The Amazon CloudFront distribution is configured to block access from your country. 


Generated by cloudfront (CloudFront) Request ID: SMWW7IBakuLDSn5BD4vg9be97K7FuZbrso0pfzkVIMtim-ldAtfMtA==

Comment

You need to be a member of DIY Drones to add comments!

Join DIY Drones

Groups

Season Two of the Trust Time Trial (T3) Contest 
A list of all T3 contests is here. The current round, the Vertical Horizontal one, is here

© 2019   Created by Chris Anderson.   Powered by

Badges  |  Report an Issue  |  Terms of Service