infosec-news September 2010 archive
Main Archive Page > Month Archives  > infosec-news archives
infosec-news: [ISN] DHS Cybersecurity Watchdogs Miss Hundreds of

[ISN] DHS Cybersecurity Watchdogs Miss Hundreds of Vulnerabilities on Their Own Network

From: InfoSec News <alerts_at_nospam>
Date: Thu Sep 09 2010 - 06:10:48 GMT
To: isn@infosecnews.org

http://www.wired.com/threatlevel/2010/09/us-cert/

By Kevin Poulsen
Threat Level
Wired.com
September 8, 2010

The federal agency in charge of protecting other agencies from computer
intruders was found riddled with hundreds of high-risk security holes on
its own systems, according to the results of an audit released
Wednesday.

The United States Computer Emergency Readiness Team, or US-CERT,
monitors the Einstein intrusion-detection sensors on nonmilitary
government networks, and helps other civil agencies respond to hack
attacks. It also issues alerts on the latest software security holes, so
that everyone from the White House to the FAA can react quickly to
install workarounds and patches.

But in a case of “physician, heal thyself,” the agency — which forms the
operational arm of DHS’s National Cyber Security Division, or NCSD —
failed to keep its own systems up to date with the latest software
patches. Auditors working for the DHS inspector general ran a sweep of
US-CERT using the vulnerability scanner Nessus and turned up 1,085
instances of 202 high-risk security holes (.pdf).

“The majority of the high-risk vulnerabilities involved application and
operating system and security software patches that had not been
deployed on … computer systems located in Virginia,” reads the report
from assistant inspector general Frank Deffer.

[...]

_______________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn