http://australianit.news.com.au/articles/0,7204,20330947%5E15841%5E%5Enbv%5E,00.html SEPTEMBER 05, 2006 The Australian DISTRICT banks controlled by the US Federal Reserve have inadequate security for online auctions of Treasury bonds, leaving information and systems vulnerable to hackers, the US Government Accountability Office claims. The office, the investigative arm of Congress, recommends in a report released last week that the Fed form an "effective management structure" for co-ordinating security, and find a way to test auction software. The Fed acknowledges the problems, with qualifications. It says it has fixed many glitches and claims remaining security gaps wouldn't necessarily permit access violations. Fed banks help the Treasury process trillions of dollars in bids. The banks developed software that compares auction bids and determines how much to award to each bidder. Louise Roseman, director of the Fed board's Division of Reserve Bank Operations and Payment Systems in Washington, says in a response included in the office's report that officials "have taken corrective actions to remediate many of the findings in the report". "Although we consider the information security control vulnerabilities identified in the Treasury auction system report significant and warranting our serious attention, they should not be construed as allowing successful circumvention of Treasury auction management and business operational controls," Roseman says on behalf of Fed chairman Ben Bernanke. The office says the Fed banks are vulnerable to hackers for several reasons: including that anyone on the internet may have been able to reset a user's password, data encryption isn't strong enough and the auction application process isn't sufficiently monitored. _________________________________ HITBSecConf2006 - Malaysia The largest network security event in Asia 32 internationally renowned speakers 7 tracks of hands-on technical training sessions. Register now: http://conference.hitb.org/hitbsecconf2006kl/
This archive was generated by hypermail 2.1.3 : Tue Sep 05 2006 - 23:26:05 PDT