Government Roundup

It’s been quite a week for government information security. For the fellow connoisseurs of human folly, here’s the recap.

First and foremost, the NSA’s website was down for reasons unspecified. Since officials at the NSA would not comment on whether or not it was the work of attackers, we’re left to assume that it probably was.

Next, the GSA has shut down a web page used by contractors due to application security issues – basically, there wasn’t any authentication on the site; sure, you had to type a username and password in, but the website had two states: authenticated and not-authenticated. By manipulating the URL parameters, one could call up documents belonging to other companies or submit document on their behalf. Ouch.

The IG (Inspector General) continues to get it done; he’s continued the tradition of past reports and said that the DoD’s security posture continues to be below par. From the report: