Gmail, Hotmail Pose Government Security Risk

  /     /     /  
Publicated : 22/11/2024   Category : security


Gmail, Hotmail Pose Government Security Risk


Australian auditor recommends blocking Webmail on government networks to prevent insider and external threats.



(click image for larger view)
Slideshow: How Firesheep Can Hijack Web Sessions
Government use of Webmail is under fire in Australia, with one government oversight group calling for it to be blocked inside government agencies.
That recommendation comes from the Australian National Audit Office (ANAO), which recently audited four Australian government agencies to assess the effectiveness of their information security framework, network security management, access management, and equipment security.
The audit examined four groups inside the Australian government: the Office of Financial Management, ComSuper (which handles government pensions), Medicare Australia, and the Department of the Prime Minister and Cabinet. They served as a representative cross-sample of agencies and their approach to IT, or ICT (information and communication technologies), as it is often known abroad.
Interestingly, auditors found that government employees were actively using Webmail accounts such as Gmail and Hotmail. According to the ANAOs
report
, Webmail accounts were accessible in one of the audited agencies, and logs showed that some staff were using these accounts on a regular basis.
That finding lead the ANAO to recommend that emails using public Web-based email services should be blocked on agency ICT systems, as these can provide an easily accessible point of entry for an external attack and subject the agency to the potential for intended or unintended information disclosure.
The move would appear designed to help stem
Wikleaks-type scandals
. But auditors also cited more mundane -- and likely prevalent -- concerns, such as stopping
financial cybercrime
, as well as simply maintaining service levels. Vulnerabilities within ICT systems may allow an attacker to gain access to sensitive information, including information about government decision-making, significant financial transactions, and aggregate personal and financial information, according to the report. Attackers could also potentially cause disruption to agency services, payments, and public information.
From a security and risk standpoint, the audit also identified password practices as a sore point. In fact, auditors were able to compromise roughly 20% of passwords at three different agencies, using brute-force techniques. While this percentage compared favorably with private sector standards, it called on agencies to review their
password practices
, and especially their administrative password practices, since it successfully cracked multiple administrator passwords as well.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Gmail, Hotmail Pose Government Security Risk