The House Oversight and Government Reform Committee has taken the Transportation Security Administration to task over itswebsite security. According to a report, the TSA had major leaks in an important web page that could allow personal data to be harvested, Vnunet has reported. A hacker could have obtaineddetails about individuals, including names, address, Social Security numbers and eye color. In fact, the site wasn’t even hosted on a government server. Instead the hosting was put outto a private contractor, and it was given on a no-bid contract. Reports have stated that the TSA employee who awarded the contract was a childhood friend of the contractor. As if all thatwasn’t bad enough, a number of pages listed as having SSL certification actually didn’t, a flaw discovered by a Ph.D. student who gave evidence to the committee. "There weremultiple factors that contributed to security vulnerabilities in the TSA traveler redress website, including poor procurement practices, conflicts of interest and weak oversight," the reportstated. "The result of these shortcomings was that an insecure website collected sensitive personal information from American travelers for months without detection by TSA." Theproblems have now been corrected, and these days the site is hosted by the Department for Homeland Security.
- Private data of some Facebook and Twitter users leaked through malicious apps
- Newegg was cracked, customer data has leaked, and security is clearly scrambled
- New bill proposes 5-year extension of Patriot Act and permission for NSA data collection
- Air Force blocks sites that published Cablegate leaks