Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Government Security Your Rights Online

Security Vulnerability Found On US Federal Government Contractors Site 35

dstates writes "SAM (Systems for Awards Management) is a financial management system that the US government requires all contractors and grantees to use. This system has recently been rolled out to replace the older CCR system. Friday night, thousands of SAM users received the following message: 'Dear SAM user, The General Services Administration (GSA) recently has identified a security vulnerability in the System for Award Management (SAM), which is part of the cross-government Integrated Award Environment (IAE) managed by GSA. Registered SAM users with entity administrator rights and delegated entity registration rights had the ability to view any entity's registration information, including both public and non-public data at all sensitivity levels.' From March 8 to 10, any registered user who searched the system could view confidential information including account and social security numbers for any other user of the system. Oops! The Government Services Administration says that they have fixed the problem."
This discussion has been archived. No new comments can be posted.

Security Vulnerability Found On US Federal Government Contractors Site

Comments Filter:
  • SPOF (Score:2, Interesting)

    by gmuslera ( 3436 ) on Sunday March 17, 2013 @01:42PM (#43197705) Homepage Journal
    Making all government contractors to sign in in a single "trusted" site is a good recipe for disaster. In fact, is the perfect honeypot to convince people that we are under attack.
  • Not Really (Score:2, Interesting)

    by Anonymous Coward on Sunday March 17, 2013 @03:42PM (#43198251)

    The reason Northrop Grumman is raping your ass is because congress comes up with a random budget at random times. Therefore, we can only fix problems on their schedule, which means that we have to pay Northrop to drop other customers to do the work we desperately need, when it becomes desperate enough to get congressional add money, and then pay them to keep everyone on staff that is no longer working on their project because we tied up resources for this, and then we get to pay them to get extra people up to speed quickly.

    Before you go blame this on our programming, only one of these has been due to a real failure in anything other than politics. We did find a latent bug that didn't get triggered for the first decade of the airplane. However, that's 3 lines of code and 2 test flights. All of these other 3x the estimated cost projects were done 2 years late and in an emergency instead of in the schedule we had NG on contract for.

    You can get better, but you can't pay more for Northrop. However, it's our fault for consistently binging and purging at their trough.

panic: kernel trap (ignored)