Undisclosed Security Vulnerabilities Exist US Passport/Visa Database: Report
http://www.securityweek.com/undisclosed-security-vulnerabilities-exist-us-passportvisa-database-report
Summary
Recently, there has been vulnerabilities within the US Consular Consolidated Database or CCD. The CCD is the database that holds all the information of everyone that has applied for a visa in the past 20 years. It holds over “290 million passport-related records, 184 million visa records and 25 million records on U.S. citizens overseas.” This is a national security threat because the information in the database could be manipulated and allow unverified immigrants receive a visa, as well as jeopardize the safety of US citizens who are oversees. The vulnerability was found during a routine monitoring and testing phase. These vulnerabilities stem from an aging database system. According to the report from ABC
This case is relevant to both US citizens and other foreigners. It is also relevant to the security of anybody using computer systems. This is an important case for our class to know because it shows that any system can develop vulnerabilities over time. It is important for any person or company to update both hardware and software to protect data. For companies, it is extremely important to run routine monitoring and testing operations of current systems. While it may be mundane, it will eventually expose huge risks exactly like this one. I think it is also smart for companies to create a policy for any hardware they use so these security risks do not arise from outdated hardware.
Wow, I did not know about the vulnerabilities within the CCD. You really don't think about things like the CCD unless it affects you personally, but to know that so many people's information is vulnerable to people stealing it and using it to create false citizenship or to have people who aren't supposed to be having Visa's enter the country is scary! People oversees should have their information protected as well and we really need to keep up with our system databases in order to prevent these vulnerabilities from happening.
ReplyDeleteGovernment databases are pretty easy to access. They are trying to improve them, but nothing is fast or easy. It is the norm, but you don't know how many are vulnerable until they are reported. Good article.
ReplyDeleteI also thought this was more important: "The mere fact that the CCD systems are aging is another problem. Legacy systems require work arounds and compromises to get them connected to newer systems. Not a great thing for security."
DeleteOlder systems are typically a security risk at the front end, which has implications for the back end.