"A government audit
(PDF) has pinpointed more than 3,800 vulnerabilities — 763 of which
are high-risk — in the Federal Aviation Administration's Web-based air
traffic control system applications, including some that could
potentially put air travel at risk.
The U.S. Department of Transportation report, with the help of
auditors from KPMG, determined that the ATC's Web-based applications
aren't secured from attacks or unauthorized access, and that the FAA
hasn't set up the necessary intrusion-detection functions to catch
security incidents at ATC locations.
And the FAA's Air Traffic Organization, which heads up ATC
operations, received more than 800 security incident alerts in fiscal
2008, but still had not fixed 17 percent of the flaws that caused them,
"including critical incidents in which hackers may have taken over
control of ATO computers," the report says.
The auditors tested 70 of the FAA's ATC Web applications,
including ones that provide information to the general public, as well
as to pilots and controllers, and some internal apps. Of the
vulnerabilities they discovered, nearly 2,600 were considered low-risk
threats, such as unprotected folders of sensitive data and weak
passwords." – DarkReading
Read more: http://darkreading.com/security/government/showArticle.jhtml?articleID=217400024
