http://www.news-press.com/apps/pbcs.dll/article?AID=/20080324/NEWS01/80324038/1075 By Bill Cotterell Florida Capital Bureau Political Editor The News-Press March 24, 2008 TALLAHASSEE -- State employees who tried to hide their computer tracks by using a "proxy site" might have exposed their personal information to hackers in Germany. The Department of Financial Services found out late last week that, at least five times, employees contacting the state payroll system had gone through the proxies that throw up a dead end when supervisors try to find out where a computer user has been. The department said there have been no security breaches and no known cases of identity theft, but the department has ordered a statewide re-set of passwords when employees access the payroll system. It doesn't involve e-mail or other computer systems, just the payroll site where employees can view their W-4 forms and other payment data. Kevin Cate, deputy communications director for DFS, said a "proxy site" is like a mirror held up to a computer. He said an employee wanting to contact a site like YouTube or MySpace on a state computer might go to a proxy site and then enter several other sites. If the boss checks later, all that would show would be the employee's entry to the proxy site. It's possible that, after using the proxy site for some Web surfing, employees might have thought they'd logged out -- but they were still linked to the proxy. Then, when they went on the state's payroll site and entered their user names and passwords, the information might have been exposed to anyone on the other end of the computer link. Cate said DFS has broken all known proxy links. He said the state's payroll site, MyFloridaCFO.com, is completely secure and if employees use it, they have nothing to fear. But if they use proxy sites, they have now way of knowing if their inputs are secure, he said. ___________________________________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Tue Mar 25 2008 - 00:35:24 PST