Sign in / up

back to article Homeland Insecurity: OIG audit identifies numerous deficiencies

An Office of the Inspector General audit into the US Department of Homeland Security has identified a range of deficiencies across the agency, which is responsible for America's cybersecurity. The 36-page audit (PDF) was published with the positive title "[Department of Homeland Security (DHS)] Can Strengthen its Cyber Mission …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. tony2heads
    Facepalm

    A structured query language injection vulnerability at ICE

    like the Bobby Tables exploit?

    3 0 Reply
  2. Alister
    Facepalm

    A file potentially containing sensitive information was unprotected on a USSS website. Viewing this file could give an unauthorised individual detailed system information about the web server that hosts the website

    Probably robots.txt

    4 0 Reply
  3. Mephistro
    Devil

    Dear OIG:

    Just three words:

    HORSE. ALREADY. BOLTED.

    Better luck next time!

    1 0 Reply
  4. Anonymous Coward
    Anonymous Coward

    comments closed?

    No more comments in the last 24 hours?

    0 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: comments closed?

      Nope - we signpost when comments are disabled or no longer accepted.

      0 0 Reply
  5. badssl
    WTF?

    Security deficiencies audited. Really?

    "DHS components must also address the information security deficiencies we identified."

    Given no "HTTPS", "SSL", "TLS" string can be found in the audit report, should we assume the Man in the Middle vulnerabilities (present for months, probably years) in the majority of DHS domains will not be addressed (as not included among the identified deficiencies)?

    https://badssl.netray.nl/badssl_dhs.gov.pdf

    (compiled on Sept. 17 2015)

    1 0 Reply
  6. ElReg!comments!Pierre

    Confirmed

    A few years back I had to trash a pristine mail addy because it got swamped by spam and fishing attempts 2 days after I gave it on a DHS form upon entry in the US (that was the sole use I made of this adress). Since then, whenever the DHS drone insists the field must absolutely be filled, I put in a valid but extremely long addy (doesn't fit in the allowed space, and so is mostly unreadable) and I haven't had any further problem.

    1 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like