AOH :: ISNQ5408.HTM

Sneaky state employees may have inadvertantly exposed info to hackers




Sneaky state employees may have inadvertantly exposed info to hackers
Sneaky state employees may have inadvertantly exposed info to hackers



http://www.news-press.com/apps/pbcs.dll/article?AID=/20080324/NEWS01/80324038/1075 

By Bill Cotterell  
Florida Capital Bureau 
Political Editor  
The News-Press
March 24, 2008

TALLAHASSEE -- State employees who tried to hide their computer tracks 
by using a "proxy site" might have exposed their personal information to 
hackers in Germany.

The Department of Financial Services found out late last week that, at 
least five times, employees contacting the state payroll system had gone 
through the proxies that throw up a dead end when supervisors try to 
find out where a computer user has been. The department said there have 
been no security breaches and no known cases of identity theft, but the 
department has ordered a statewide re-set of passwords when employees 
access the payroll system.

It doesn't involve e-mail or other computer systems, just the payroll 
site where employees can view their W-4 forms and other payment data.

Kevin Cate, deputy communications director for DFS, said a "proxy site" 
is like a mirror held up to a computer. He said an employee wanting to 
contact a site like YouTube or MySpace on a state computer might go to a 
proxy site and then enter several other sites.

If the boss checks later, all that would show would be the employee's 
entry to the proxy site.

It's possible that, after using the proxy site for some Web surfing, 
employees might have thought they'd logged out -- but they were still 
linked to the proxy. Then, when they went on the state's payroll site 
and entered their user names and passwords, the information might have 
been exposed to anyone on the other end of the computer link.

Cate said DFS has broken all known proxy links. He said the state's 
payroll site, MyFloridaCFO.com, is completely secure and if employees 
use it, they have nothing to fear. But if they use proxy sites, they 
have now way of knowing if their inputs are secure, he said.


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 

Site design & layout copyright © 1986-2014 CodeGods