[ISN] Security breach under scrutiny at the Clark County auditor's office

From: InfoSec News <alerts_at_private>
Date: Mon, 6 Apr 2009 00:30:03 -0500 (CDT)
http://www.newsandtribune.com/clarkcounty/local_story_094202804.html

By MATT KOESTERS
News and Tribune
April 04, 2009

Concerns over applications installed on a computer in the Clark County 
auditor’s office have prompted an internal investigation, but law 
enforcement officials have not been asked to get involved.

Yet.

In a Thursday e-mail obtained by The Evening News, Clark County 
government systems administrator Matt Dyer told the county commissioners 
he received a phone call Monday indicating that there were concerns 
about applications on one of the computers in the auditor’s office.

Dyer said he believed the two programs — “Cain & Abel” and “LCP” — could 
be used to breach security and discover user passwords on the county 
network.

“Due to the nature of these programs, this kind of activity cannot be 
tolerated and is illegal,” Dyer wrote. “If the administrator password is 
compromised, then that person would have full access to all county 
office computers and servers.

“Due to the severity of this situation, and our liability if information 
protected by HIPAA laws and state laws becomes compromised, I have 
spoken with [Auditor] Keith Groth and have informed him on all the 
details, including the persons that may be involved.”

[...]


_______________________________________________      
Best Selling Security Books and More!
http://www.shopinfosecnews.org/
Received on Sun Apr 05 2009 - 22:30:03 PDT

This archive was generated by hypermail 2.2.0 : Sun Apr 05 2009 - 22:43:22 PDT