Select Page
closeLook how old this is!
I post at SearchCommander.com now, and this post was published 18 years 6 months 10 days ago. This industry changes FAST, so blindly following the advice here *may not* be a good idea! If you're at all unsure, feel free to hit me up on Twitter and ask.

Yesterday, it was reported that…

“Oregon Department of Revenue officials thought they were tightly secured against data theft. ”

Then they went on to say that

 “an employee from using an office computer to surf porn sites and download a Trojan horse, a hidden spyware program not yet known to intrusion-detection software. The Trojan installed itself Jan. 5 and for the next four months secretly captured and relayed data to the hackers who created it.”

Well I think there’s some liability here on the part of the State of Oregon. This is ridiculous.

First, many companies prevent independant users from having full administrative access for exactly this reason – to prevent casual web surfing, time wasting, and installation of any unauthorized software. Our tax dollars at work. 

Second, a spokesman for the Dept of Revenue said “There are so many new sites, we couldn’t keep up with them,”  However, if the computer was really protected, then there would have been monitoring software installed. This would give an alert that came up when the offending program was installed. Something like WinPatrol, or the Microsoft Free Anti Spyware program would have detected an unknown sactivity immediately, regardless of how new or undiscovered it was.

Third, if routine maintennance, like spyware and virus scanning were done on a regular weekly or monthly basis as it should be, then there’s no way it could have run undetected for four solid months.   

Bottom line, in my opinion, the Oregon Department of Revenue did not take the necessary reasonable precautions to protect our data, and that should be obvious to even the most inexperienced IT professionals.

read the whole story at OregonLive

If you like what you've seen here, would you please share this?