[ISN] White House Tour Cybersecurity: Send In Your SSN - Via Unencrypted, Unprotected Email!

From: InfoSec News <alerts_at_private>
Date: Tue, 18 Jan 2011 01:54:34 -0600 (CST)
http://lauren.vortex.com/archive/000799.html

By Lauren Weinstein
January 13, 2011

Greetings. Before the U.S. government proceeds at all with their 
controversial and risky Trusted Identities in Cyberspace Internet ID 
scheme, perhaps they should demonstrate their ability to follow for 
themselves the most basic of Internet security procedures.

Very large numbers of persons tour the White House every year. All 
prospective tour guests 14 years of age and older are required to 
pre-submit their Social Security Numbers (SSNs) for security checks 
(apparently it is common for children under the age 14 to have their 
SSNs submitted as well).

One might assume that information as sensitive as SSNs would be handled 
by the associated authorities with the same care and diligence as, say, 
a typical bank Web site -- using SSL/TLS encryption for the protection 
of this data that is so often abused for identity fraud.

But that assumption would apparently be false. An array of Congressional 
Web sites instruct would-be White House tour guests to submit their 
personal information (names, dates of birth, social security numbers, 
etc.) via standard unencrypted email to (for example) various addresses 
@mail.house.gov!

[...]


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
Received on Mon Jan 17 2011 - 23:54:34 PST

This archive was generated by hypermail 2.2.0 : Tue Jan 18 2011 - 00:07:18 PST