rivercrow

ComputerWorld has an article about a coroner in Pennsylvania who has been charged with disclosing his log-on credentials to local reporters.

A Pennsylvania coroner has been charged with giving illegal access to a county 911 computer system to local newspaper reporters who then allegedly used his username and password to access a confidential law enforcement Web site for information for their news stories.

The story also shows why good information security practices are so critical, specifically the collection and retention of useful logs…

A 911 center supervisor later warned police of a possible breach of the site and a county IT worker checked logs for the site, according to the grand jury report. That review found log-in information for some Web site visits that used Kirchner’s username and password from IP addresses traced to computers used by reporters at the newspaper.

…the appropriate use of banners…

The confidential site includes warnings telling users that they are entering a secure government computer system and that unauthorized access may result in criminal prosecution, according to the grand jury.

…and the relevance of building a time-line with corroborating evidence.

A series of related e-mails between the reporters and the coroner about the use of the site was also detailed in the grand jury report.

Why’d he do it? Probably why many folks skip process–for convenience.

One of the reporters told the grand jury that Kirchner gave her his 911 log-in information so she could get answers to her news questions without having to call him and ask him the questions.

Trackback URI | Comments RSS