State computers headed for sale had private information

[InfoSec News <alerts () infosecnews org>]

http://cjonline.com/stories/061908/sta_292615657.shtml

By James Carlson
The Capital-Journal
June 19, 2008

The Kansas Department of Administration is tightening its computer 
security standards after an audit revealed Wednesday that state 
equipment slated for sale to the public contained confidential 
information.

A review of the state surplus property program, which sells outdated 
equipment to the public, found seven of the 15 machines inspected 
contained information considered confidential under state and federal 
law, including one computer that still had 2,856 Social Security numbers 
in a file.

"After reading through this report, I had to take a couple nitroglycerin 
tablets and go lay down," said Rep. Virgil Peck, R-Tyro, a member of the 
Legislative Post Audit Committee that received the results.

Some of the computers were reformatted, but that doesn't permanently 
delete all files. Auditor Allan Foster demonstrated an off-the-shelf 
program that can retrieve such data off a hard drive.

He said some state agencies had policies for properly removing 
information but thought the surplus program would wipe the hard drives 
clean. Other agencies had no policy at all.

[...]


_______________________________________________      
Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com