http://www.buzzfeed.com/justinesharrock/exclusive-army-admits-to-major-computer-security-flaw
By Justine Sharrock
BuzzFeed Staff
August 30, 2013
The United States Army's Deputy of Cybersecurity Roy Lundgren has
confirmed with BuzzFeed the existence of a major computer security flaw
that enables unauthorized access to users without proper security
clearance. They say the best fix is to make soldiers aware of proper
conduct, instead of fixing the technology itself.
Countless computers, and the soldiers who use them, remain vulnerable to a
simple hack, which can be executed by someone with little or no security
expertise.
The hack allows users with access to shared Army computers to assume the
identities of other personnel, gaining their securities clearances in the
process, and having their activity logged as that user.
In order to log into a shared Army computer you need to insert your
personal Common Access Code military ID. Each card contains a chip that
has the individual soldier’s permissions and security details, and which
helps the military track your activity. Once you remove the card, you are
fully logged out. But the hack overrides that system during the shut down
period.
"There are instances where the log-off process does not immediately
complete upon removal of the CAC. This occurs when the system is running
logoff scripts and shutting down applications," Lundgren told BuzzFeed.
"The period of time that a system can be accessed following CAC removal
before system logoff completes is normally not sufficient to gain
unauthorized access."
[...]
--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
