u.s. general services administration – Computer Security Articles

When Your Smart ID Card Reader Comes With Malware

May 17, 2022 admin A Little Sunshine, cac reader, cert-cc, david dixon, michael danberry, militarycac.com, saicoo, The Coming Storm, u.s. general services administration, will dormann

Credit to Author: BrianKrebs| Date: Wed, 18 May 2022 01:07:59 +0000

Millions of U.S. government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and controlled spaces, and provides access to government computer networks and systems at the cardholder’s appropriate security level. But many government employees aren’t issued an approved card reader device that lets them use these cards at home or remotely, and so turn to low-cost readers they find online. What could go wrong? Here’s one example.

Independent Krebs

IRS: Selfies Now Optional, Biometric Data to Be Deleted

February 22, 2022 admin A Little Sunshine, id.me, Internal Revenue Service, irs, login.gov, Sen. Ron Wyden, u.s. general services administration

Credit to Author: BrianKrebs| Date: Tue, 22 Feb 2022 17:50:33 +0000

The U.S. Internal Revenue Service (IRS) said Monday that taxpayers are no longer required to provide facial scans to create an account online at irs.gov. In lieu of providing biometric data, taxpayers can now opt for a live video interview with ID.me, the privately-held Virginia company that runs the agency’s identity proofing system. The IRS also said any biometric data already shared with ID.me would be permanently deleted over the next few weeks, and any biometric data provided for new signups will be destroyed after an account is created.

Independent Krebs

IRS To Ditch Biometric Requirement for Online Access

February 7, 2022 admin A Little Sunshine, id.me, Internal Revenue Service, Sen. Ron Wyden, The Washington Post, u.s. general services administration

Credit to Author: BrianKrebs| Date: Mon, 07 Feb 2022 20:56:52 +0000

The Internal Revenue Service (IRS) said today it will be transitioning away from requiring biometric data from taxpayers who wish to access their records at the agency’s website. The reversal comes as privacy experts and lawmakers have been pushing the IRS and other federal agencies to find less intrusive methods for validating one’s identity with the U.S. government online.

Independent Krebs

U.S. Govt. Makes it Harder to Get .Gov Domains

March 17, 2020 admin .gov, cybersecurity and infrastructure security agency, John Levine, Other, The Internet for Dummies, U.S. Department of Homeland Security, u.s. general services administration

Credit to Author: BrianKrebs| Date: Sat, 07 Mar 2020 15:01:21 +0000

The federal agency in charge of issuing .gov domain names is enacting new requirements for validating the identity of people requesting them. The additional measures come less than four months after KrebsOnSecurity published research suggesting it was relatively easy for just about anyone to get their very own .gov domain. In November’s piece It’s Way Too Easy to Get a .gov Domain Name, an anonymous source detailed how he obtained one by impersonating an official at a small town in Rhode Island that didn’t already have its own .gov.

Independent Krebs

It’s Way Too Easy to Get a .gov Domain Name

November 26, 2019 admin cisa, cybersecurity and infrastructure security agency, dotgov bill, dotgov.gov, exeterri.gov, John Levine, The Coming Storm, town.exeter.ri.us, U.S. Department of Homeland Security, u.s. general services administration, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Wed, 27 Nov 2019 02:08:55 +0000

Many readers probably believe they can trust links and emails coming from U.S. federal government domain names, or else assume there are at least more stringent verification requirements involved in obtaining a .gov domain versus a commercial one ending in .com or .org. But a recent experience suggests this trust may be severely misplaced, and that it is relatively straightforward for anyone to obtain their very own .gov domain.