**Written by Doug Powers
Office of Personnel Management Director Katherine Archuleta attempted to answer a House panel’s questions yesterday about a hack that accessed records of nearly all federal employees. The testimony was a real confidence-builder in the government’s security level:
Archuleta partly blamed dated equipment, because there’s no level of incompetence that can’t be defended by responding “if only we’d have had more funding.”
The OPM was clearly not prepared (and that’s putting it mildly) for such hack attempts, but how the agency reportedly went about securing the system should be the plot for the movie Idiocracy II.
From ARSTechnica via Twitchy:
Some of the contractors that have helped OPM with managing internal data have had security issues of their own—including potentially giving foreign governments direct access to data long before the recent reported breaches. A consultant who did some work with a company contracted by OPM to manage personnel records for a number of agencies told Ars that he found the Unix systems administrator for the project “was in Argentina and his co-worker was physically located in the [People’s Republic of China]. Both had direct access to every row of data in every database: they were root. Another team that worked with these databases had at its head two team members with PRC passports. I know that because I challenged them personally and revoked their privileges. From my perspective, OPM compromised this information more than three years ago and my take on the current breach is ‘so what’s new?’”
I’m no expert on this stuff, but it sounds like the OPM essentially handed the keys to the car to people wearing “security guard” jackets at the parking garage and said “keep it safe, but don’t drive it!” And you know how that was bound to turn out:
**Written by Doug Powers
Twitter @ThePowersThatBe
Здесь можно оставить свои комментарии. Выпуск подготовленплагином wordpress для subscribe.ru
No comments:
Post a Comment