There is no patch….

for human stupidity. This article from SFGate proves it.

More than one-third of Internal Revenue Service employees and managers who were contacted by Treasury Department inspectors posing as computer technicians provided their computer login and changed their password, a government report said Wednesday.

You would think the government would put out some kind of memo telling people to never give out their passwords or let someone talk them into changing their password to one chosen for them. How could they even justify dropping the ball? “Well, he said he worked for the IT department. I know it was over the phone but his voice sounded so techy that I believed him.”

Want to know what the worst part was?

“We were able to convince 35 managers and employees to provide us their username and change their password,” the report said.

That was a 50 percent improvement when compared with a similar test in 2001, when 71 employees cooperated and changed their passwords.

Let’s think about this for a minute. If this kind of test has been done before, and so many failed, they should have some kind of training to stop this from happening. This is a major security issue and it seems that the weakest link, human stupidity, is not being addressed. Maybe, just maybe, this is a wake up call and something will be done about it. Failing once isn’t too bad because you can fix the issue but failing twice is inexcusable.

Where are the network admins/managers? Why are they not following up on this kind of thing in an effort to secure their network? Time for another security audit and lots of “Do this but don’t do that” memos.

I’m not conceited, I’m just better than you. -Author Unknown

17.Mar.05 Government, Moron