--- Begin Message ---
GAO "SERIOUS FLAWS" IN GOVERNMENT COMPUTERS
The General Accounting Office (GAO) has issued a new report on
Federal government computer security and controls. The report
looked specifically at the U.S. Government's Financial
Management System (FMS) - the computers that control over $1
trillion in Federal government spending.
The FMS system includes all paychecks, payments to vendors, tax
refunds and the millions of entitlement checks issued every year
by the government. According to the GAO audit the government
payment computers had serious flaws in both physical and system
security.
The GAO noted that U.S. government data centers "had weak
network security configurations that allowed us to identify user
names and compromise the associated passwords, which resulted in
our gaining unauthorized access to the mainframe production
environment of a key financial application at one data center,
the development environments at another data center, and an
unrelated procurement application at a third data center."
The GAO auditors also found that physical security controls at
three of the five computer sites they visited were "not
sufficient" to control access to these centers.
"For example, at one data center management was not able to
provide us with list of individuals granted physical access to
the building because the security system was not functioning
properly," states the GAO report.
"Programmers at one data center were also serving as backup
computer operators, which significantly increases the risk for
unauthorized or inappropriate changes to production data and
source code or disclosure of sensitive data," states the GAO
report.
MSN MESSENGER SECURITY
MSN Messenger and Windows Messenger XP can both be used to
obtain personal information about a user. According to security
experts, hackers can access Messenger display names and contact
email addresses by using a simple JavaScript operating on a
website.
MSN Messenger software is set to respond to Microsoft websites
such as microsoft.com, hotmail.com and hotmail.msn.com to reveal
the email address of the user and all the email addresses of the
user's contacts. This little known feature could be used by
Microsoft to track a user and all their contacts from its web
sites.
In addition, hacker software can alter these website addresses
on the MSN user's computer, adding other sites that will then be
allowed to access all the email addresses.
****************************************************************
FOR THE BEST ENCRYPTION SOFTWARE VISIT www.softwar.net
OFFICIAL SOFTWAR COMMUNICATION
SOFTWAR EMAIL NEWSLETTER COPYRIGHT (C) 2002 SOFTWAR INC.
02/06//02 TO UNSUBSCRIBE REPLY WITH UNSUBSCRIBE AS SUBJECT
****************************************************************
--- End Message ---
