Kansas auditors crack 1,000 passwords

The Kansas Health and Environment Department has serious IT security and disaster recovery problems, the state's legislative auditor has found. The auditors said they used password-cracking software to decipher more than 1,000 of the department's passwords'including several administrative passwords'or 60 percent of the total, in three minutes.

The department began fixing the security weaknesses and other problems found in its systems as soon as it learned of them, department secretary Roderick L. Bremby said in response to the report.

'The department's antivirus system was badly flawed, allowing computers to become infected with a large number of different viruses, worms and Trojan horses,' said the report, Kansas Department of Health and Environment Information Systems: Reviewing the Department's Management of Those Systems.

'The department's firewall was poorly configured, creating several large holes in and out,' the report said. Auditors found that the department lacked or failed to enforce many basic security policies, such as procedures for incident response, physical security, configuration documentation and former-user account deletion. They also found several major problems with security planning.

The auditors concluded that the department lacked the tools necessary to recover from a disaster and said the plan, left over from the year 2000 rollover, 'would be nearly useless in a disaster.'

In response to the auditors' recommendations, the department hired FishNet Security Inc. of Kansas City, Mo., for a complete vulnerability assessment.

In response to the auditors' recommendations to overhaul systems security and other IT problems, Bremby wrote, 'All recommendations will be ranked and prioritized by risk, and deadlines will be established to complete all recommendations as quickly as possible.' He encouraged the auditors to conduct a second review within a year.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected