Saturday, September 6, 2008

IRS computers vulnerable - who would have thought?

I'm sure you're all shocked:

The US Internal Revenue Service is putting tax payers at risk by operating thousands of web servers that contain security vulnerabilities or have not received proper authorization, a new report has concluded.

According to the Treasury Inspector for the Tax Administration - a Treasury Department watchdog - the IRS operates 2,093 web servers with at least one vulnerability. It said 540 of those servers contained one or more vulnerabilities rated high risk. The report identified 1,811 internal servers that had not been approved to connect to the network. Some 1,150 of those were being used for non-business purposes.

Boy, I'd love to get a peek at the list of non-business applications.

While some of the vulnerabilities are techno-geeky (Buffer Overflows), some are blank passwords. I guess you need extra security training to know about those.

How did this happen?
The authors blamed the vulnerabilities on employees who failed to carry out duties as required.
Gee, ya think? I guess this is why you have an auditor check out how things are working. I don't know, it's sort of like an audit after you fill out your taxes, but audits you, not us.

Boy, I can't wait for socialized medicine.

No comments: