"A government audit (PDF) has pinpointed more than 3,800 vulnerabilities -- 763 of which are high-risk -- in the Federal Aviation Administration's Web-based air traffic control system applications, including some that could potentially put air travel at risk.
The U.S. Department of Transportation report, with the help of auditors from KPMG, determined that the ATC's Web-based applications aren't secured from attacks or unauthorized access, and that the FAA hasn't set up the necessary intrusion-detection functions to catch security incidents at ATC locations.
And the FAA's Air Traffic Organization, which heads up ATC operations, received more than 800 security incident alerts in fiscal 2008, but still had not fixed 17 percent of the flaws that caused them, "including critical incidents in which hackers may have taken over control of ATO computers," the report says.
The auditors tested 70 of the FAA's ATC Web applications, including ones that provide information to the general public, as well as to pilots and controllers, and some internal apps. Of the vulnerabilities they discovered, nearly 2,600 were considered low-risk threats, such as unprotected folders of sensitive data and weak passwords." - DarkReading