U.S. General Services Administration

When Your Smart ID Card Reader Comes With Malware

Posted on May 18, 2022 by BrianKrebs

Millions of U.S. government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and controlled spaces, and provides access to government computer networks and systems at the cardholder’s appropriate security level. But many government employees aren’t issued an approved card reader device that lets them use these cards at home or remotely, and so turn to low-cost readers they find online. What could go wrong? Here’s one example. Continue reading When Your Smart ID Card Reader Comes With Malware→

IRS: Selfies Now Optional, Biometric Data to Be Deleted

Posted on February 22, 2022 by BrianKrebs

The U.S. Internal Revenue Service (IRS) said Monday that taxpayers are no longer required to provide facial scans to create an account online at irs.gov. In lieu of providing biometric data, taxpayers can now opt for a live video interview with ID.me, the privately-held Virginia company that runs the agency’s identity proofing system. The IRS also said any biometric data already shared with ID.me would be permanently deleted over the next few weeks, and any biometric data provided for new signups will be destroyed after an account is created. Continue reading IRS: Selfies Now Optional, Biometric Data to Be Deleted→

IRS To Ditch Biometric Requirement for Online Access

Posted on February 7, 2022 by BrianKrebs

The Internal Revenue Service (IRS) said today it will be transitioning away from requiring biometric data from taxpayers who wish to access their records at the agency’s website. The reversal comes as privacy experts and lawmakers have been pushing the IRS and other federal agencies to find less intrusive methods for validating one’s identity with the U.S. government online. Continue reading IRS To Ditch Biometric Requirement for Online Access→

US Government Sites Give Bad Security Advice

Posted on March 25, 2020 by BrianKrebs

Many U.S. government Web sites now carry a message prominently at the top of their home pages meant to help visitors better distinguish between official U.S. government properties and phishing pages. Unfortunately, part of that message is misleading and may help perpetuate a popular misunderstanding about Web site security and trust that phishers have been exploiting for years now. Continue reading US Government Sites Give Bad Security Advice→

U.S. Govt. Makes it Harder to Get .Gov Domains

Posted on March 7, 2020 by BrianKrebs

The federal agency in charge of issuing .gov domain names is enacting new requirements for validating the identity of people requesting them. The additional measures come less than four months after KrebsOnSecurity published research suggesting it was relatively easy for just about anyone to get their very own .gov domain.

In November’s piece It’s Way Too Easy to Get a .gov Domain Name, an anonymous source detailed how he obtained one by impersonating an official at a small town in Rhode Island that didn’t already have its own .gov. Continue reading U.S. Govt. Makes it Harder to Get .Gov Domains→

It’s Way Too Easy to Get a .gov Domain Name

Posted on November 27, 2019 by BrianKrebs

Many readers probably believe they can trust links and emails coming from U.S. federal government domain names, or else assume there are at least more stringent verification requirements involved in obtaining a .gov domain versus a commercial one ending in .com or .org. But a recent experience suggests this trust may be severely misplaced, and that it is relatively straightforward for anyone to obtain their very own .gov domain. Continue reading It’s Way Too Easy to Get a .gov Domain Name→