http://www.duluthsuperior.com/mld/duluthsuperior/news/local/11877088.htm June 12, 2005 ASSOCIATED PRESS ST. PAUL - The delivery of thousands of driver's licenses and state identification cards was delayed recently and the state's vehicle registration Web site was suspended because of insecure Web pages and the limitations of an old computer system. As the Department of Public Safety works to bring its vehicle registration site back online, the Star Tribune of Minneapolis learned that other state agency Web sites may be vulnerable to computer hackers, including the Department of Transportation, the Board of Accountancy and the Health Professionals Services Program. Officials from the health program, which helps doctors and health workers who have problems with drugs, alcohol and mental or physical ailments, received an e-mail saying their Web site was being used to corrupt another computer system, said Monica Feider, manager of the program. A computer security company determined that a hacker had hijacked the program's Web site and gained access to its case management database. Feider disclosed the problem in a March 31 letter sent to nearly 2,000 health professionals. "The case management system database includes private and public information about you," she wrote. "The security company believes that the primary purpose of the attack was most likely to use our system to launch additional attacks against other organizations. The security company also reported that the breach may have been used to seek data for the purpose of identity theft." The database includes names, addresses, dates of birth and illnesses of the health workers. It also includes names and phone numbers of people who referred them to the program. "We don't know that any personal data was accessed. That's the most frustrating piece," she said. "If we could have ruled that out we wouldn't have had to send the letter. But because we couldn't say for certain, we decided to err on the side of caution." At the Board of Accountancy, a hacker forced a weeklong suspension of the online renewal system earlier this year. Forensic computer investigators determined the hacker didn't gain access to private data because it was stored on a separate server, said Doreen Johnson Frost, the board's executive director. At the Department of Transportation, a Web site that takes license plate and credit card information of motorists seeking passes to drive in freeway fast lanes had offered applications through an online link that was not secure. As many as 1,500 motorists were believed to have used the MnDOT site in April while it had an unsecured link, but it's unclear how many entered credit card data through that link or through other secured links. _________________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 23-28 - 2,000+ international security experts, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Mon Jun 13 2005 - 01:30:05 PDT