cancel
Showing results for 
Search instead for 
Did you mean: 

You thought our government IT were incompetent

Community Veteran
Posts: 38,251
Thanks: 937
Fixes: 56
Registered: 15-06-2007

You thought our government IT were incompetent

http://www.theregister.co.uk/2015/06/12/second_opm_data_breach/
http://www.theregister.co.uk/2015/06/13/standard_form_86_data_breach/
http://www.nextgov.com/cybersecurity/2015/06/white-house-tells-agencies-tighten-online-security-imme...
Quote
U.S. Chief Information Officer Tony Scott "recently launched" what officials are calling a 30-day cybersecurity sprint.
According to White House officials, the emergency procedures include:
"Immediately" deploying so-called indicators, or tell-tale signs of cybercrime operations, into agency anti-malware tools. Specifically, the indicators contain "priority threat-actor techniques, tactics and procedures" that should be used to scan systems and check logs.
Patching critical-level software holes "without delay." Each week, agencies receive a list of these security vulnerabilities in the form of DHS Vulnerability Scan Reports.
Tightening technological controls and policies for "privileged users," or staff with high-level access to systems. Agencies should cut the number of privileged users; limit the types of computer functions they can perform; restrict the duration of each user's online sessions, presumably to prevent the extraction of large amounts of data; "and ensure that privileged user activities are logged and that such logs are reviewed regularly."
Dramatically accelerating widespread use of  of "multifactor authentication" or two-step ID checks. Passwords alone are insufficient access controls, officials said. Requiring personnel to log in with a smartcard or alternative form of ID can significantly reduce the chances adversaries will pierce federal networks, they added, stopping short of mandating multi-step ID checks.
6 REPLIES
Community Veteran
Posts: 5,322
Thanks: 467
Fixes: 1
Registered: 21-03-2011

Re: You thought our government IT were incompetent

...or stop using Microsoft tools Wink
Now Zen, but a +Net residue.
Kremmen
Rising Star
Posts: 496
Thanks: 5
Fixes: 1
Registered: 13-04-2013

Re: You thought our government IT were incompetent

There are ways and means to help stop unauthorised access but some sensitive sites seem oblivious. As correctly stated, passwords are definately not enough.
Even in my non secret company we had safeword tokens, sort of like what Nationwide give out.
Let's be careful out there !
nanotm
Pro
Posts: 5,671
Thanks: 108
Fixes: 1
Registered: 11-02-2013

Re: You thought our government IT were incompetent

the stupid thing is MS accounts have had the options to utilise 2 step auth for the last 8+ years (might of been a beta test option in the beginning though) as have bank accounts and various other types of online accounts, hell 10 years ago a forum I was using had 3 factor auth 2 step login at every attempt, cant believe so called secure sites don't have such basic tools /
just because your paranoid doesn't mean they aren't out to get you
PowerLee
Rising Star
Posts: 543
Thanks: 12
Registered: 12-03-2013

Re: You thought our government IT were incompetent

The problem with 2 step authentication on any security system is humans are just lazy.
Same issue killed off PSA Peugeot / Citroen keypad immobiliser, lazy humans moaned about having to type in there 4 digit pin before turning the key to start the car - most people didn't even bother changing the default factory pin code  Roll eyes
Kremmen
Rising Star
Posts: 496
Thanks: 5
Fixes: 1
Registered: 13-04-2013

Re: You thought our government IT were incompetent

I had a L reg Xantia with that. I thought it was a good security tool as it immobilised the fuel pump with the wrong code. There wasn't even a dealer override as they had to phone me when they wrote down the wrong code at service time.
Let's be careful out there !
PowerLee
Rising Star
Posts: 543
Thanks: 12
Registered: 12-03-2013

Re: You thought our government IT were incompetent

There is a easy free way to reset the code back to factory default but its not practical for a car thief.
Whenever I left my 405 with a garage I would set a service code of 1111 with the S button so garage could start it but not change my own pin code.