tl;dr: A security audit found security holes and a year later: not all of the holes were fixed. On Sep 26, 2012 3:15 AM, "Bit WAshor" <[email protected]> wrote:
> SENSITIVE financial data could be at risk after it was revealed that a > council’s IT network could be open to outside attacks following an audit of > its systems. > The detailed look into IT systems at South Derbyshire District Council has > highlighted several issues which could see the authority left open to > external attack. > The problem arose as a result of an interim audit report, undertaken by > Grant Thornton, which highlighted key risk areas. > Specialist vulnerability testing discovered a ‘number of issues which > needed to be addressed’ in order to protect council computer systems and > sensitive data. > After the problem was highlighted in November 2011, the council set up an > action plan. > However, despite making progress, some problems such as weak or blank > passwords on servers and issues with domain administrator credentials > remain. > The report stated: “We acknowledge that the council is working with > suppliers to resolve some of the issues. > “Without full resolution of issues raised in relation to external > vulnerability testing, management cannot be assured that the council’s IT > network and systems are secure from attacks. > “A successful attack could interrupt net- works services and be used to > access sensitive financial data.” > The council stated: “The remaining issues are more complex to resolve and > the resolutions could have implications for the relevant business process.” > The authority revealed that the password problem was being addressed but > changes could impact the working of software. > A deadline of November has been set for the resolution of the problems, > which were deemed a medium priority, meaning ‘action is required to address > a significant deficiency’. > The recommendations will be discussed at a meeting of the council’s audit > sub committee at the Civic Offices, in Civic Way, Swadlincote, on September > 26. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
