By Tim Wilson
March 22, 2010
With tax time rapidly approaching, the U.S. Internal Revenue Service
still has not sealed up all of the holes that could allow insiders or
external hackers to access taxpayer data, according to a new report.
In a study (PDF) issued last week, the Government Accountability Office
states that the IRS has corrected less than one-third of the 89 security
weaknesses identified in its audit of the tax agency last year.
"While IRS has corrected 28 control weaknesses and program deficiencies,
61 of them -- or about 69 percent -- remain unresolved or unmitigated,"
the report states. "For example, IRS continued to install patches in an
untimely manner and used passwords that were not complex. In addition,
IRS did not always verify that remedial actions were implemented, or
effectively mitigate the security weaknesses."
Weaknesses in IRS systems "continue to jeopardize the confidentiality,
integrity, and availability of financial and sensitive taxpayer
information," the GAO says. "IRS did not consistently implement controls
that were intended to prevent, limit, and detect unauthorized access to
its systems and information.
Register now for HITBSecConf2010 - Dubai, the premier
deep-knowledge network security event in the GCC,
featuring keynote speakers John Viega and Matt Watchinski!