http://www.darkreading.com/vulnerability_management/security/government/showArticle.jhtml?articleID=224000393 By Tim Wilson DarkReading March 22, 2010 With tax time rapidly approaching, the U.S. Internal Revenue Service still has not sealed up all of the holes that could allow insiders or external hackers to access taxpayer data, according to a new report. In a study (PDF) issued last week, the Government Accountability Office states that the IRS has corrected less than one-third of the 89 security weaknesses identified in its audit of the tax agency last year. "While IRS has corrected 28 control weaknesses and program deficiencies, 61 of them -- or about 69 percent -- remain unresolved or unmitigated," the report states. "For example, IRS continued to install patches in an untimely manner and used passwords that were not complex. In addition, IRS did not always verify that remedial actions were implemented, or effectively mitigate the security weaknesses." Weaknesses in IRS systems "continue to jeopardize the confidentiality, integrity, and availability of financial and sensitive taxpayer information," the GAO says. "IRS did not consistently implement controls that were intended to prevent, limit, and detect unauthorized access to its systems and information. [...] ___________________________________________________________ Register now for HITBSecConf2010 - Dubai, the premier deep-knowledge network security event in the GCC, featuring keynote speakers John Viega and Matt Watchinski! http://conference.hitb.org/hitbsecconf2010dxb/Received on Tue Mar 23 2010 - 23:47:31 PDT
This archive was generated by hypermail 2.2.0 : Tue Mar 23 2010 - 23:54:58 PDT