Integralis AG / Miscellaneous 24.06.2008 Release of a Corporate News, transmitted by DGAP - a company of EquityStory AG. The issuer is solely responsible for the content of this announcement. --------------------------------------------------------------------------- Many municipal registry offices as wide open as a barn door they fail to look after sensitive personal data Ismaning, 24 June 2008 Integralis Security experts have highlighted a serious security leak in software used by many German registry offices to access personal information via the police and tax offices, among other things. The security breach can offer potential hackers access to sensitive personal information about millions of German citizens. In the television programme 'Report München' screened last night by the broadcasting corporation ARD, Integralis provided details of the security leak. The particular software used by many public authorities utilises a master password that appears in a link displayed on the web page of the software manufacturer in plain text. Numerous local and municipal authorities using the software neglected to reset this default password. This means that administrative access to the personal data of German citizens is available via the Internet. It would even allow a hacker to open a new account with full administrator's access rights, and this would make it impossible to distinguish between legitimate and illegitimate users. Invitation to commit identity theft This leaves the door wide open to anyone wanting to steal people's identities. As Dr. Matthias Rosche, Director of Consulting and member of the Management Board of Integralis explains, a potential hacker would be able to simply log in using a normal web browser and the password available to everyone and therefore gain unrestricted access to the web application run by the registry offices. The hacker would then have unrestricted access to all passport information held in those offices, including unique document identifiers. 'Its an absolute paradise for criminals,' says Rosche, and he issues this warning: 'Information such as a person's previous address, details of their children, religious affiliations, tax-related data, but also information about an individuals´ occupation and income, are thus provided on a silver platter by the registry offices. Since it is possible to retrieve such information using en bloc queries, the expert fears that the data records of millions of citizens may already be freely available on the Internet. 'It would be fair to say that what we are looking at here goes beyond a mere security leak but falls into the category of gross negligence. In his view, these data records provide the perfect material to assist professional criminals to commit identity theft and forge identity papers. It would allow them to open bank accounts in the name of a third party, or rent apartments in short, it is 'an invitation to criminals of every description,' says Rosche. Not an isolated case Integralis has repeatedly observed instances of rather careless behaviour in the handling of confidential information, particularly in the public sector. According to security specialists, the reason for this is an insufficient level of awareness among IT managers. In many examples, there is also a complete absence of any security standards, security checks or concepts in the implementation of e-Government projects. Contact: Integralis AG Peter Banholzer (IR) Tel:+49 89 945 73 178 peter.banholzer@integralis.com DGAP 24.06.2008 --------------------------------------------------------------------------- Language: English Issuer: Integralis AG Robert-Bürkle-Str. 3 85737 Ismaning Deutschland Phone: +49 (0)89 94573-178 Fax: +49 (0)89 94573-180 E-mail: ir@integralis.com Internet: www.integralis.com ISIN: DE0005155030 WKN: 515503 Listed: Regulierter Markt in Frankfurt (Prime Standard); Freiverkehr in Berlin, Stuttgart, München, Hamburg, Düsseldorf End of News DGAP News-Service ---------------------------------------------------------------------------
DGAP-News: Integralis AG:Integralis highlights serious security gap in public-sector administration systems
| Source: EQS Group AG