Kansas Health and Environment Department faces serious password related security problems
Incident Date: 2003
Incident Location: Topeka KS USA
Kansas state legislative auditors discovered serious password-related computer security problems at Kansas Health and Environment Department. The auditors used password-cracking software and discovered more than 1,000 of the departmentís account passwords within three minutes, including passwords associated with administrator accounts. This finding represented 60% of the total number of accounts in the department. The total percentage of cracked password rose to 90% of all accounts after 11 hours.
Agency practices reportedly included using a simple pattern for password creation that would allow current or former employers to log onto any computer. Auditors found that they could walk into empty offices during one lunch hour and access computers that were logged on and unlocked. Other security problems included failures to delete former-employee user accounts, improper firewall configuration, and inadequate virus prevention.
The Kansas Health and Environment Department leads efforts for dealing with hazardous wastes, epidemics, immunizations and, most recently, the Kansas bioterrorism program. It is also the official caretaker of Kansas birth certificates.
Title: Kansas auditors crack 1,000 passwords
Author: Wilson P. Dizard III
Publication: Government Computer News
Publication Location: USA
Publication URL: http://www.gcn.com/vol1_no1/daily-updates/24132-1.html
Title: KDHE computers at 'high risk'
Author: Scott Rothschild
Publication Location: Lawrence KS USA
Publication URL: http://www.ljworld.com/section/stateregional/story/149509
Do you have additional information to contribute regarding this story? If so, please email firstname.lastname@example.org with the details and source.