IRS – Helping You Put Your Data at Risk

October 29th, 2008 by Agent Smith (0) In the News,security breach

Everyone fears the Internal Revenue Service! But now it’s for a new reason. It seems using two applications they provide exposes taxpayers’ data to security breaches. The IRS deployed two critical computer systems although they new of their weak security and the risks they embedded.

The Treasury Inspector General for Tax Administration (TIGTA) office, explains DarkReading, has recently issued a statement saying the IRS’s mainframe-based Customer Account Data Engine (CADE) for managing taxpayer accounts and its Account Management Services (AMS) for IRS access to taxpayer data contained security flaws that the IRS identified but did not fix before deploying them last year.

The billion-dollar, high-sensitivity CADE system is one of the key elements of the IRS’s computer modernization program, and processed about 20 percent of the 142 billion tax returns filed to the IRS.

AMS, meanwhile, includes taxpayer identification numbers in its application error log, and its operating system has only a 77.8 percent compliance rate with the required security settings, according to the report.

TGTA has no proof on any data being compromised or being accessed by any wrong doers, yet the risk has been quite real.

A Critical Look at Biometrics Security

October 29th, 2008 by Agent Smith (0) endpoint security

Biometrics security systems are cool and receiving quite a lot of media exposure. They are also starting to become common place, as more devices, such as laptops, start to implement them and thus individual users gain access to these technologies. But are these security devices really effective?

ITSecurity.com has recently published and extensive article analyzing the pros and cons of different biometric measurement, such as fingerprints, iris and facial traits. While fingerprint readers can be fooled with latex copies, more secure readings, based on iris or facial recognition, are either expensive or restrictive. For example eye/iris readings leave out disabled personnel. However, fingerprind readers are common place and anyone can recognize them and understand their utility.

In the end, the most effective biometric security system seems to be based on facial readings. This metric isn’t exclusive when it comes to the people it can scan, but access is definitely restricted by costs. So what would you choose? Higher quality or a lower cost?

Employees Dodge Security to Increase their Productivity

October 28th, 2008 by Agent Smith (0) Research and Studies,security breach

The most recent survey released by security firm RSA showed that technology workers are very resourceful when it comes to bypassing corporate security policies to get their work done more effectively.

The 2008 Insider Threat Survey showed that over 50% of those surveyed believed security policies to be too restrictive. The overwhelming majority is familiar with the policies enforced by their employers, that’s why they know how to circumvent them. As a consequence, more than half manage to access their work email accounts from public computers and even more check their emails through public wireless networks.

According to the Security Focus article on the survey, respondents came from three different countries, the US, Brazil and Mexico.

What solutions are there for companies in these conditions? Tightening security would definitely not be the answer. Instead of blocking their access to technological advantages, they should adapt their security solutions to enable access while still preserving the desired level of security.

Deloitte Lost Hundreds of Thousands of Pension Details

October 20th, 2008 by Agent Smith (0) Data Encryption,Data Theft & Loss,security breach

Deloitte has recently admitted it had lost a laptop containing pension details on hundreds of thousands of individuals. What is different though is that finally this laptop contained encrypted information, was password-protected and no misuse of the stored information has been discovered. While losing laptops is not something to take lightly, I am happy to report those having it won’t be able to easily access the stored information.

So what did the laptop contain? According to the Register, 150,000 railway workers’ details, details on all UK Vodafone staff with pensions and as well as records of other unnamed pension funds were stored on the said laptop. No addresses or bank information though. How it was stolen? From a handbag of a Deloitte employee. Vodafone Staffers, as well as the railway workers have received letters letting them know what has happened soon after the theft. We’re now looking forward to see where the “thorough investigation” takes Deloitte.

Indianapolis Gets New Site with Security Breach Included

October 17th, 2008 by Agent Smith (0) Identity Theft,security breach

If there were any Indianapolis inhabitants whose past hid minor drug or alcohol offenses, their secrets were revealed by the new website developed for the city of Indianapolis. 33,000 individuals were affected by this incident, the records being available for 11 days from September to November.

The spreadsheet accidentally posted online contained the names, dates of birth and social security numbers of all those charged with minor offenses in 2006 and 2007. It was taken down on October 9, when the Information Services Agency found out about it.

To make sure no other breaches occur, the entire site was taken offline and replaced with its old version, although officials told Indystar they were confident no other sensitive information was exposed. The cause of this breach was human error, concluded Kevin Ortell, interim chief information officer.

« Previous Entries
© Endpoint Security Info 2010. Wordpress Theme by Arcsin

blogarama - the blog directory Technology Blogs - BlogCatalog Blog Directory Blog Directory Find Blogs in the Blog Directory
valid CSS valid XHTML