Re: [ISN] IRS Computers Vulnerable

From: mea culpa (jerichoat_private)
Date: Sat Jan 16 1999 - 15:54:38 PST

  • Next message: mea culpa: "[ISN] A Plague of Bugs"

    Reply From: Lawrence Hughes <lawrence.hughesat_private>
    
    Concerning the issue about IRS sending sensitive info over the line
    unencrypted... some years ago I (and a certain well known security expert
    now famous for his writings on information warfare) responded to an IRS
    RFP for a secure communications system (think of it as a Crosstalk-like
    program with hardware DES encryption). We built, and the IRS signed off
    on, exactly such a system. Alas, Congress never actually authorized the
    funds for this. This all took place about 10 years ago. When Congress
    screwed us, we tried selling the product direct to the public. We ran one
    ad in PC Magazine (for about 25K).  We got LOTS of responses.
    Unfortunately, most of them were from outside the U.S. Another friendly
    branch of the government (based in Ft. George Mead, Md.) informed us that
    under NO circumstances would they allow any of our secure versions to
    leave the U.S. ("too strong").  As a direct result of the IRS deal falling
    through, and being denied access to the only market that responded, my
    venture failed. So much for claims that export restrictions don't harm
    U.S. software companies.
    
    NOW whose fault is it that sensitive info is being sent unencrypted? 
    
    Lawrence Hughes
    
    -----Original Message-----
    From: mea culpa <jerichoat_private>
    Date: Friday, January 15, 1999 12:19 AM
    
    >A List of Problems 
    >
    >But the GAO said "serious weaknesses" remain. Among them:
    >     * Computer hackers could access IRS data with relative ease
    >       because information isn't encrypted before it is transmitted
    >       over telephone lines. IRS says it has no evidence such a crime has
    >       occurred.
    
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:16:05 PDT