AOH :: ISNQ6934.HTM

DHS Cybersecurity Watchdogs Miss Hundreds of Vulnerabilities on Their Own Network




DHS Cybersecurity Watchdogs Miss Hundreds of Vulnerabilities on Their Own Network
DHS Cybersecurity Watchdogs Miss Hundreds of Vulnerabilities on Their Own Network



  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--1457021584-862428879-1284012536=:7340
Content-Type: TEXT/PLAIN; CHARSET=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE
Content-ID:  

http://www.wired.com/threatlevel/2010/09/us-cert/ 

By Kevin Poulsen
Threat Level
Wired.com
September 8, 2010

The federal agency in charge of protecting other agencies from computer 
intruders was found riddled with hundreds of high-risk security holes on 
its own systems, according to the results of an audit released 
Wednesday.

The United States Computer Emergency Readiness Team, or US-CERT, 
monitors the Einstein intrusion-detection sensors on nonmilitary 
government networks, and helps other civil agencies respond to hack 
attacks. It also issues alerts on the latest software security holes, so 
that everyone from the White House to the FAA can react quickly to 
install workarounds and patches.

But in a case of =E2=80=9Cphysician, heal thyself,=E2=80=9D the agency =E2=80=94 which forms the 
operational arm of DHS=E2=80=99s National Cyber Security Division, or NCSD =E2=80=94 
failed to keep its own systems up to date with the latest software 
patches. Auditors working for the DHS inspector general ran a sweep of 
US-CERT using the vulnerability scanner Nessus and turned up 1,085 
instances of 202 high-risk security holes (.pdf).

=E2=80=9CThe majority of the high-risk vulnerabilities involved application and 
operating system and security software patches that had not been 
deployed on =E2=80=A6 computer systems located in Virginia,=E2=80=9D reads the report 
from assistant inspector general Frank Deffer.

[...]


--1457021584-862428879-1284012536=:7340
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________________      
Subscribe to InfoSec News - www.infosecnews.org 
http://www.infosecnews.org/mailman/listinfo/isn 

--1457021584-862428879-1284012536=:7340--

Site design & layout copyright © 1986-2014 CodeGods