Slashdot Mirror

← Back to Stories (view on slashdot.org)

IRS Rolls Out Risky Tax Processing Systems

Posted by ScuttleMonkey on from the history-repeats-itself dept.

GovIT Geek writes to tell us that, despite known security issues, the IRS has decided to roll out two new applications for tax processing systems. "The [IRS inspector general] concluded in a September annual audit that security weaknesses in the agency's updated tax processing systems could enable malicious intruders to gain unauthorized access to taxpayer information and prevent the IRS from recovering applications during an emergency. The Customer Account Data Engine is a tax processing tool being deployed in phases to replace the existing repositories of taxpayer information, while the Account Management Services systems aim to provide employees with faster and better access to taxpayer account data."

5 of 66 comments (clear)

  1. naturally... by X0563511 · · Score: 4, Interesting

    I think the response to this shouold be someone, somewhere, repeatedly breaking in and posting financial info on politicians. Do it enough times, they will get the message.

    If you go do this, make sure you remember you didn't hear it from me, and that you do NOT brag about it. Don't be stupid.

    --
    For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
  2. Inflammatory Article by TheNecromancer · · Score: 2, Interesting

    Just another inflammatory article. What are they supposed to do? Hold off upgrading their systems until the new system is 100% rock-solid? Sorry, but every new software system has SOME bugs in it. TFA states that the project managers felt the vulnerabilites were acceptable at the time. Managing software projects involve iterations of identifying critical (or not so critical) defects (as many as you can before release), and then going back and updating the software to fix any defects that you didn't have time for the first go-around.

    --
    Attention all planets of the Solar Federation! We have assumed control! - Neil Peart
    1. Re:Inflammatory Article by TheNecromancer · · Score: 2, Interesting

      Well then, you've obviously never managed a software project. If they are to wait until 100% of all the defects/vulnerabilities are fixed before they release, then THE SOFTWARE WOULD NEVER BE RELEASED!! It's like waiting to buy a computer: you could wait a month or two more, so that they drop the prices a little bit more, but when that month comes, you just say the same thing. Lather, rinse, repeat.

      It doesn't really matter what the project is about. It can be tax information, HIPAA info, or credit card info. Software project managers have to decide if the defects they have are important enough to delay the release of the software. In this case, they felt it was an acceptable risk. But to say that they should have fixed 100% of the defects beforehand is pure ignorance.

      --
      Attention all planets of the Solar Federation! We have assumed control! - Neil Peart
  3. Emergency? by supernova_hq · · Score: 2, Interesting

    prevent the IRS from recovering applications during an emergency

    And what praytell is considered an IRS Emergency? In my world, an emergency is something that requires medical assistance, police or rescue to be involved.

    If by emergency, they mean "someone has deleted the files", isn't that what automated backups are for? I don't care what software you are using, a proficient IT department, given the proper resources (tape drive auto system, etc) can recover ANYTHING!

  4. TFA says by Anonymous Coward · · Score: 1, Interesting

    After the audit, IRS officials reported that 11 of the 22 security vulnerabilities detected by the IG had been corrected.

    Yeah, closing 50% of security vulnerabilities will suffice, no one will ever figure out how to exploit the remaining 11.

    Furthermore, 22 known vulnerabilities were identified, how many more are making the application ripe for exploitation?