Who's running dozens of top-secret unpatched databases? The Dept of Homeland Security

  • 22 November 2015
  • 0 replies
  • 66 views

Userlevel 7
By: 20 Nov 2015 at 23:34, Kieren McCarthy
 


 
 
 
The US Department of Homeland Security is running dozens of unpatched databases, some of which are rated "secret" and even "top secret," according to an audit.
An inspection [pdf] of the department's IT infrastructure found huge security gaps, including the fact that 136 systems had expired "authorities to operate" – meaning that no one was in charge of keeping them updated. Of the 136, 17 were classified as "secret" or "top secret."
 Unsurprisingly, with so many systems not undergoing active maintenance, the audit found that many did not have up-to-date security patches, leaving them open to hacking efforts. The problems extended from browsers to PCs to databases. It also found a large number of weak passwords.
"We found additional vulnerabilities regarding Adobe Acrobat, Adobe Reader, and Oracle Java software on the Windows 7 workstations," the department's inspector general noted in a 66-page report. "If exploited, these vulnerabilities could allow unauthorized access to DHS data."
 
full article

0 replies

Be the first to reply!

Reply