Hi, I have read both of the original advisories, and all of the replies on this subject, and nobody yet has properly assessed AND emphasized the actual risk associated with this tax software. Lots of software programs do not encrypt sensitive data, but what makes this tax software different, and what increases the associated risk *substantially*, is that so much of your sensitive personal and financial information is contained, unencrypted, IN ONE PLACE. Your full name, address, date of birth, phone number, social security number, bank account numbers, employment information, income information, credit card numbers (if making tax payment with CC), stocks, bonds, other investments, business information, etc - ALL IN ONE PLACE. If you are married filing jointly, or have children or dependants on your tax return, then the personal and financial info for even more people is exposed. All of the information is guaranteed to be current and correct too. This is a gold mine for identity thieves. Identity theft is one of the fastest growing crimes in the US right now too. Reference: http://www.consumer.gov/idtheft/ Vendors of tax software should not allow users to leave all of this data in one place unencrypted; the risk is too great. Note also that other tax software programs not mentioned in the original advisories are also vulnerable to this issue (thanks for noting those issues, kjk). I'm not at liberty to discuss those other tax software packages though. Regards, ken Ken Williams ; CISSP eSecurityOnline - an eSecurity Venture of Ernst & Young ken.williamsat_private ; www.esecurityonline.com ; 1-877-eSecurity
This archive was generated by hypermail 2b30 : Fri Mar 14 2003 - 15:28:05 PST