|
Kansas Health and Environment Department faces serious password related security problems
Incident Date: 2003 Incident Location: Topeka KS USA Kansas state legislative auditors discovered serious password-related computer security problems at Kansas Health and Environment Department. The auditors used password-cracking software and discovered more than 1,000 of the department’s account passwords within three minutes, including passwords associated with administrator accounts. This finding represented 60% of the total number of accounts in the department. The total percentage of cracked password rose to 90% of all accounts after 11 hours. Agency practices reportedly included using a simple pattern for password creation that would allow current or former employers to log onto any computer. Auditors found that they could walk into empty offices during one lunch hour and access computers that were logged on and unlocked. Other security problems included failures to delete former-employee user accounts, improper firewall configuration, and inadequate virus prevention. The Kansas Health and Environment Department leads efforts for dealing with hazardous wastes, epidemics, immunizations and, most recently, the Kansas bioterrorism program. It is also the official caretaker of Kansas birth certificates. Story Sources Title: Kansas auditors crack 1,000 passwords Author: Wilson P. Dizard III Date: 11/7/2003 Publication: Government Computer News Publication Location: USA Publication URL: http://www.gcn.com/vol1_no1/daily-updates/24132-1.html Title: KDHE computers at 'high risk' Author: Scott Rothschild Date: 10/23/2003 Publication: Journal-World Publication Location: Lawrence KS USA Publication URL: http://www.ljworld.com/section/stateregional/story/149509 Do you have additional information to contribute regarding this story? If so, please email siteupdates@passwordresearch.com with the details and source.
<-- Back to Authentication Story Index |