Forgot your password?
typodupeerror
Government Security Your Rights Online

Security Vulnerability Found On US Federal Government Contractors Site 35

Posted by samzenpus
from the open-book dept.
dstates writes "SAM (Systems for Awards Management) is a financial management system that the US government requires all contractors and grantees to use. This system has recently been rolled out to replace the older CCR system. Friday night, thousands of SAM users received the following message: 'Dear SAM user, The General Services Administration (GSA) recently has identified a security vulnerability in the System for Award Management (SAM), which is part of the cross-government Integrated Award Environment (IAE) managed by GSA. Registered SAM users with entity administrator rights and delegated entity registration rights had the ability to view any entity's registration information, including both public and non-public data at all sensitivity levels.' From March 8 to 10, any registered user who searched the system could view confidential information including account and social security numbers for any other user of the system. Oops! The Government Services Administration says that they have fixed the problem."
This discussion has been archived. No new comments can be posted.

Security Vulnerability Found On US Federal Government Contractors Site

Comments Filter:
  • Hackers (Score:4, Insightful)

    by presspass (1770650) on Sunday March 17, 2013 @12:56PM (#43197455)

    This is the real reason to hype a 'cyberwar':

    Malfeasance.

  • by Anonymous Coward on Sunday March 17, 2013 @01:05PM (#43197527)

    Half of our shared government is devoted to the proposition that government itself is THE problem our country has, and any step taken to damage the credibility of, or simply interfere with government is a positive step.

    Therefore, funding at all levels is cut, and even minimal oversight gets cut.

    Without oversight, contractors get more 'emergency' jobs, and have to expand, without anyone checking what they're doing. So, they buy more computers, hire more staff, and roll out services as quick as they can.

    Who would be surprised that minimal standards for something as tertiary to the money-making process as security gets ignored in this process? You hire contractors to cover government jobs so they can work faster (sloppy), automate more, not double-check everything.

    When inevitable problems occur, you blame the contractor, hire the next contractor, and pretend everything is good for a while longer.

    The end result meets the ideal though - a completely inefficient government, more privatization, and a way to pretend all the corruption is just how government works, even though you're actually forcing it to act this way.

  • Re:fixed ? (Score:4, Insightful)

    by wonkey_monkey (2592601) on Sunday March 17, 2013 @01:18PM (#43197593) Homepage
    Firstly, how do you know that's all they did? Secondly, why wouldn't it constitute a fix, if it (y'know) fixes the problem?
  • by Anonymous Coward on Sunday March 17, 2013 @01:57PM (#43197761)

    Right the fuck on! It's amazing anyone trusts the government for anything. I have literally NEVER heard of any kind of problem like this happen in a private enterprise.

  • by Anonymous Coward on Sunday March 17, 2013 @02:26PM (#43197903)

    I have literally NEVER heard of any kind of problem like this happen in a private enterprise.

    Sony kept PSN user info in an internet facing, plaintext database.

    Not defending the government, but rather pointing out that if you've 'never heard of this in private business,' you haven't paid a lick of attention.

    --CanHasDIY

This place just isn't big enough for all of us. We've got to find a way off this planet.

Working...