[iwar] [fc:GAO.-.Key.U.S..computers.still.vulnerable]

From: Fred Cohen (fc@all.net)
Date: 2002-02-05 21:00:21


Return-Path: <sentto-279987-4435-1012971526-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Tue, 05 Feb 2002 21:02:07 -0800 (PST)
Received: (qmail 9027 invoked by uid 510); 6 Feb 2002 04:59:11 -0000
Received: from n33.groups.yahoo.com (216.115.96.83) by all.net with SMTP; 6 Feb 2002 04:59:11 -0000
X-eGroups-Return: sentto-279987-4435-1012971526-fc=all.net@returns.groups.yahoo.com
Received: from [216.115.97.166] by n33.groups.yahoo.com with NNFMP; 06 Feb 2002 04:58:46 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_1_3); 6 Feb 2002 04:58:46 -0000
Received: (qmail 11740 invoked from network); 6 Feb 2002 04:58:45 -0000
Received: from unknown (216.115.97.172) by m12.grp.snv.yahoo.com with QMQP; 6 Feb 2002 04:58:45 -0000
Received: from unknown (HELO red.all.net) (12.232.72.98) by mta2.grp.snv.yahoo.com with SMTP; 6 Feb 2002 04:58:45 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g1650MX25472 for iwar@onelist.com; Tue, 5 Feb 2002 21:00:22 -0800
Message-Id: <200202060500.g1650MX25472@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Tue, 5 Feb 2002 21:00:21 -0800 (PST)
Subject: [iwar] [fc:GAO.-.Key.U.S..computers.still.vulnerable]
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit

Key U.S. computers still vulnerable

By Reuters
February 4, 2002, 8:50 PM PT

WASHINGTON--Government computers that handle trillions of dollars in tax
refunds and Social Security benefits remain vulnerable to cyberattacks
despite previous warnings, a government report released Monday said.

The report by the General Accounting Office, Congress' investigative arm,
found that computer-security controls at the Treasury Department's Financial
Management Service remain lax, despite warnings dating back to 1997.

"Billions of dollars of payments and collections are at significant risk of
loss or fraud, sensitive data are at risk of inappropriate disclosure, and
critical computer-based operations are vulnerable to serious disruptions,"
the report said.

The FMS pays out more than $1.9 trillion annually for Social Security and
veterans benefits, tax refunds and federal employee salaries. The system
also administers most federal government collections, taking in $2 trillion
in taxes, fines and duties.

The GAO report found weaknesses at nearly every point in the system,
including the following:
€ inadequate access controls, such as passwords and locks.
€ poorly administered system software, including duplicate or obsolete
programs.
€ poor segregation of employee duties, giving certain employees more control
than they should have had.
€ no comprehensive security program that covered the entire system.

The GAO recommended that the FMS install a comprehensive security management
program and fix individual weaknesses identified in a confidential version
of the report.

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2002-12-31 02:15:03 PST