Integralis AG / Miscellaneous
24.06.2008
Release of a Corporate News, transmitted by DGAP - a company of EquityStory AG.
The issuer is solely responsible for the content of this announcement.
---------------------------------------------------------------------------
Many municipal registry offices as wide open as a barn door they fail to
look after sensitive personal data
Ismaning, 24 June 2008 Integralis Security experts have highlighted a
serious security leak in software used by many German registry offices to
access personal information via the police and tax offices, among other
things. The security breach can offer potential hackers access to sensitive
personal information about millions of German citizens.
In the television programme 'Report München' screened last night by the
broadcasting corporation ARD, Integralis provided details of the security
leak.
The particular software used by many public authorities utilises a master
password that appears in a link displayed on the web page of the software
manufacturer in plain text.
Numerous local and municipal authorities using the software neglected to
reset this default password. This means that administrative access to the
personal data of German citizens is available via the Internet.
It would even allow a hacker to open a new account with full
administrator's access rights, and this would make it impossible to
distinguish between legitimate and illegitimate users.
Invitation to commit identity theft
This leaves the door wide open to anyone wanting to steal people's
identities. As Dr. Matthias Rosche, Director of Consulting and member of
the Management Board of Integralis explains, a potential hacker would be
able to simply log in using a normal web browser and the password available
to everyone and therefore gain unrestricted access to the web application
run by the registry offices. The hacker would then have unrestricted access
to all passport information held in those offices, including unique
document identifiers. 'Its an absolute paradise for criminals,' says
Rosche, and he issues this warning: 'Information such as a person's
previous address, details of their children, religious affiliations,
tax-related data, but also information about an individuals´ occupation and
income, are thus provided on a silver platter by the registry offices.
Since it is possible to retrieve such information using en bloc queries,
the expert fears that the data records of millions of citizens may already
be freely available on the Internet. 'It would be fair to say that what we
are looking at here goes beyond a mere security leak but falls into the
category of gross negligence. In his view, these data records provide the
perfect material to assist professional criminals to commit identity theft
and forge identity papers. It would allow them to open bank accounts in the
name of a third party, or rent apartments in short, it is 'an invitation
to criminals of every description,' says Rosche.
Not an isolated case
Integralis has repeatedly observed instances of rather careless behaviour
in the handling of confidential information, particularly in the public
sector. According to security specialists, the reason for this is an
insufficient level of awareness among IT managers. In many examples, there
is also a complete absence of any security standards, security checks or
concepts in the implementation of e-Government projects.
Contact:
Integralis AG
Peter Banholzer (IR)
Tel:+49 89 945 73 178
peter.banholzer@integralis.com
DGAP 24.06.2008
---------------------------------------------------------------------------
Language: English
Issuer: Integralis AG Robert-Bürkle-Str. 3
85737 Ismaning
Deutschland
Phone: +49 (0)89 94573-178
Fax: +49 (0)89 94573-180
E-mail: ir@integralis.com
Internet: www.integralis.com
ISIN: DE0005155030
WKN: 515503
Listed: Regulierter Markt in Frankfurt (Prime Standard); Freiverkehr
in Berlin, Stuttgart, München, Hamburg, Düsseldorf
End of News DGAP News-Service
---------------------------------------------------------------------------
DGAP-News: Integralis AG:Integralis highlights serious security gap in public-sector administration systems
| Source: EQS Group AG