September 09, 2008
IRS security sucks on ice. Why are people surprised by this?
So, the IRS got audited and it turns out that their security sucks. I mean, it really sucks. The part about them having 2000 or so servers with security weaknesses is pretty much par for the course, but what really freaks me out are the additional 2000 or so (alright, 1811 - but close enough) unapproved internal web servers.
Wait. Unapproved? You mean like somebody just came in and dropped some arbitrary web server into the IRS infrastructure? Yep. Now, as you probably know, this happens in every organization. People set up software without permission, deploy apps under the radar, etc. They do all kinds of crazy shiz. But 1811 times? That's more than I've ever seen - even at organizations that dwarf the IRS in size and that are run more or less like the wild west.
Now, this concerns me, don't get me wrong. But are you really all that surprised?
Posted by Ed at September 9, 2008 08:21 AM | TrackBack