Slashdot Mirror
IRS Rolls Out Risky Tax Processing Systems
GovIT Geek writes to tell us that, despite known security issues, the IRS has decided to roll out two new applications for tax processing systems. "The [IRS inspector general] concluded in a September annual audit that security weaknesses in the agency's updated tax processing systems could enable malicious intruders to gain unauthorized access to taxpayer information and prevent the IRS from recovering applications during an emergency. The Customer Account Data Engine is a tax processing tool being deployed in phases to replace the existing repositories of taxpayer information, while the Account Management Services systems aim to provide employees with faster and better access to taxpayer account data."
I know how my taxes are getting d';update taxtable set refund = '50000000' where uid = 'jeanbaptiste';--
This is the IRS! For crying out loud. Don't TELL them!
Deleted
What are they supposed to do? Hold off upgrading their systems until the new system is 100% rock-solid? Sorry, but every new software system has SOME bugs in it.
Two things (simplified):
A - Yes, they should. And SQL bug at your library might put a book on the wrong shelf; the same bug in a table at the IRS leads to audits, tax fraud investigations, and has serious implications on your life. A program in such a high profile program absolutely needs to be as bug free as possible.
B - This isn't even about bugs in implementation, the issue is a security vulnerability due to the design. You'll secure your email so some packet snooper can't see the pictures from that party last night, but you're comfortable with the IRS rolling out a system that would allow the same snooper to interfere with the recording of billions of dollars in transactions?