Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Davis questions security of Treasury Web site

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Davis questions security of Treasury Web site
Date: Fri, 18 Feb 2005 03:30:06 -0600 (CST) 
http://www.gcn.com/vol1_no1/daily-updates/35113-1.html

By Mary Mosquera 
GCN Staff
02/17/05

Rep. Tom Davis (R-Va.), chairman of the House Government Reform
Committee, wrote today to Van Zeck, the Treasury Department's
commissioner of the Public Debt, to express concern over the safety
and security of personal information collected on the
www.treasurydirect.gov Web site, which enables people to purchase
government savings bonds electronically.

Treasury received a D+ on the 2004 federal computer security scorecard
Davis' committee released yesterday.

"I am concern(ed) about the extent of personal information that is
required to be disclosed on the Web site," Davis wrote. While many
online financial transactions require individuals to submit their
credit card account numbers, treasurydirect.gov instructs users to
electronically transmit their Social Security number, driver's license
number, bank routing number and account number, home address, date of
birth and e-mail address, in addition to other personal information.

"Expecting individuals to provide their personal banking account
information rather than relying on their credit card information is
troubling to me," Davis said. Transacting online purchases with a
credit card provides a shield to consumers that is not available to
individuals who transmit personal bank account routing and Social
Security numbers over the Internet.

Davis also found troubling a disclaimer in the Web site's privacy and
security notice that Treasury cannot guarantee the confidentiality of
the personal information as it travels across the Internet. However,
the notice said the Bureau of the Public Debt uses the Secure Sockets
Layer protocol and 128-bit encryption technology to protect the
information.

"We'll be taking a look at other Web sites. Part of the effort to
promote e-gov is to have citizens feel confident that the information
they provide will be safe and secure. Otherwise it will be hard to
promote e-gov," said House Government Reform Committee spokesman Drew
Crockett.



_________________________________________
Bellua Cyber Security Asia 2005 -
http://www.bellua.com/bcs2005
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Davis questions security of Treasury Web site, InfoSec News <=
Previous by Date:  [ISN] RSA: Microsoft on 'rootkits': Be afraid, be very afraid, InfoSec News
Next by Date:  [ISN] Confidential data left on old PCs, InfoSec News
Previous by Thread:  [ISN] RSA: Microsoft on 'rootkits': Be afraid, be very afraid, InfoSec News
Next by Thread:  [ISN] Confidential data left on old PCs, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]