By James Carlson
June 19, 2008
The Kansas Department of Administration is tightening its computer
security standards after an audit revealed Wednesday that state
equipment slated for sale to the public contained confidential
A review of the state surplus property program, which sells outdated
equipment to the public, found seven of the 15 machines inspected
contained information considered confidential under state and federal
law, including one computer that still had 2,856 Social Security numbers
in a file.
"After reading through this report, I had to take a couple nitroglycerin
tablets and go lay down," said Rep. Virgil Peck, R-Tyro, a member of the
Legislative Post Audit Committee that received the results.
Some of the computers were reformatted, but that doesn't permanently
delete all files. Auditor Allan Foster demonstrated an off-the-shelf
program that can retrieve such data off a hard drive.
He said some state agencies had policies for properly removing
information but thought the surplus program would wipe the hard drives
clean. Other agencies had no policy at all.
Attend Black Hat USA, August 2-7 in Las Vegas,
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com