-
January 12th, 2006, 03:58 PM
#1
eWeek Article: Security Audit Flags Thousands of Military User Accounts
A colleague of mine sent this out to us. Amazing what an audit can find. Now I wonder what their action plan will be or will they just write thousands of deviations?!? Heh.
Link: http://www.eweek.com/article2/0,1895...06dtx1k0000599
Story Lead-in:
Up to 20 percent of the computer accounts used by the U.S. military are unauthorized or abandoned, providing a major opportunity to hackers and foreign governments who want to spy on the United States, according to a senior military official.
An ongoing audit of user accounts in the armed services has uncovered an epidemic of expired and unauthorized accounts, including 3,000 in DISA (Defense Information Systems Agency), 1,500 in the U.S. Army's Korean operation, and thousands more spread throughout the military services.
I've seen this type of thing with accounts before. Non-existent, broken or outdated processes. I wonder if there are people who "inherit" jobs from other people and just use that person's, or worse, someone else's account to perform a task - like running scripts or jobs.
The article also shows evidence of social engineering to hi-jack accounts or system access and other violations, like unmonitored enabled ports and services... man this article reads more like an audit report, and the more I think of it - I am not sure it should have been published to the general public, at least without sufficient time to address the vulnerable areas.
\"We\'re the middle children of history.... no purpose or place. We have no Great War, no Great Depression. Our great war is a spiritual war. Our great depression is our lives. We\'ve all been raised by television to believe that one day we\'ll all be millionaires and movie gods and rock stars -- but we won\'t. And we\'re learning slowly that fact. And we\'re very, very pissed off.\" - Tyler (Brad Pitt) Fight Club.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|