IRS Rolls Out Risky Tax Processing Systems 66
GovIT Geek writes to tell us that, despite known security issues, the IRS has decided to roll out two new applications for tax processing systems. "The [IRS inspector general] concluded in a September annual audit that security weaknesses in the agency's updated tax processing systems could enable malicious intruders to gain unauthorized access to taxpayer information and prevent the IRS from recovering applications during an emergency. The Customer Account Data Engine is a tax processing tool being deployed in phases to replace the existing repositories of taxpayer information, while the Account Management Services systems aim to provide employees with faster and better access to taxpayer account data."
Soon Trinity will be hacking the IRS dBase... (Score:5, Funny)
I think this is terribly unfair. It should at least be a *challenge*.
Re: (Score:3, Funny)
She still has to get past IRS Agent Smith.
You hear that Mr. Anderson?...
That is the sound of inevitability...
It is the sound of your audit.
Hey Massachusetts & Nevada.... (Score:3, Funny)
I think this might be a new definition for the word "moded".
naturally... (Score:5, Interesting)
I think the response to this shouold be someone, somewhere, repeatedly breaking in and posting financial info on politicians. Do it enough times, they will get the message.
If you go do this, make sure you remember you didn't hear it from me, and that you do NOT brag about it. Don't be stupid.
Inflammatory Article (Score:2, Interesting)
Just another inflammatory article. What are they supposed to do? Hold off upgrading their systems until the new system is 100% rock-solid? Sorry, but every new software system has SOME bugs in it. TFA states that the project managers felt the vulnerabilites were acceptable at the time. Managing software projects involve iterations of identifying critical (or not so critical) defects (as many as you can before release), and then going back and updating the software to fix any defects that you didn't have tim
Re:Inflammatory Article (Score:4, Insightful)
In addition, these should be purely internal systems. So assuming malicious intruders can be kept out, using a separate layer of systems, the risk is greatly reduced.
Re: (Score:2)
This will just involve some low-level functionary to copy data to an unencrypted flash drive and then lose it in a shopping mall.
Re: (Score:1)
In addition, these should be purely internal systems. So assuming malicious intruders can be kept out, using a separate layer of systems, the risk is greatly reduced.
A wholly unwarranted assumption. The most likely attack against a system like this IS an inside attack.
Or an attack from outside, assisted by a negligent (but unaware) insider, such as one who had accidentally installed a trojan horse on their workstation.
Governments and big corporations frequently put strong firewalls in place.
And ye
Re:Inflammatory Article (Score:5, Insightful)
Hold off upgrading their systems until the new system is 100% rock-solid?
Yes. This is taxes they're dealing with, and given the unreasonable complexity of the tax laws and the guilty-until-proven-innocent way the tax courts work (how the hell is that considered constitutional?), screwups are NOT acceptable.
Re: (Score:3, Interesting)
Well then, you've obviously never managed a software project. If they are to wait until 100% of all the defects/vulnerabilities are fixed before they release, then THE SOFTWARE WOULD NEVER BE RELEASED!! It's like waiting to buy a computer: you could wait a month or two more, so that they drop the prices a little bit more, but when that month comes, you just say the same thing. Lather, rinse, repeat.
It doesn't really matter what the project is about. It can be tax information, HIPAA info, or credit card info
Re: (Score:2)
screwups are NOT acceptable.
And of course the existing system is stable, perfect, has adequate capacity, and supports efficient work flows for the primary revenue function of the largest (for now) economy in the world. Right?
Sometimes, in software, as in life, you don't get to wait for 'perfect'.
Re:Inflammatory Article (Score:5, Insightful)
What are they supposed to do? Hold off upgrading their systems until the new system is 100% rock-solid? Sorry, but every new software system has SOME bugs in it.
Two things (simplified):
A - Yes, they should. And SQL bug at your library might put a book on the wrong shelf; the same bug in a table at the IRS leads to audits, tax fraud investigations, and has serious implications on your life. A program in such a high profile program absolutely needs to be as bug free as possible.
B - This isn't even about bugs in implementation, the issue is a security vulnerability due to the design. You'll secure your email so some packet snooper can't see the pictures from that party last night, but you're comfortable with the IRS rolling out a system that would allow the same snooper to interfere with the recording of billions of dollars in transactions?
Re: (Score:1)
Re: (Score:2)
Two things (simplified):
A - Yes, they should. And SQL bug at your library might put a book on the wrong shelf; the same bug in a table at the IRS leads to audits, tax fraud investigations, and has serious implications on your life. A program in such a high profile program absolutely needs to be as bug free as possible.
From the article:
pecific security weaknesses detected in the CADE system included contractors' ability to change configuration settings without notice or approval, the transfer of taxpayers' personal identifiable information without encryption and a failure to properly remove taxpayer data from system memory devices before they're reused.
The issue as described here (and remember this is an internal application) indicates that the concerns you've raised - while valid in general - don't apply here. The article mamkes a big deal over the fact that they went ahead in spite of known security holes. It doesn't really cover the fact that for it to be a /known/ security hole, several levels of people have signed off on it and deemed it not to be a significant risk.
B - This isn't even about bugs in implementation, the issue is a security vulnerability due to the design. You'll secure your email so some packet snooper can't see the pictures from that party last night, but you're comfortable with the IRS rolling out a system that would allow the same snooper to interfere with the recording of billions of dollars in transactions?
That's a straw man. This isn't what these flaws allow, based o
sweet (Score:5, Funny)
I know how my taxes are getting d';update taxtable set refund = '50000000' where uid = 'jeanbaptiste';--
Re:sweet (Score:5, Funny)
I know how my taxes are getting d';update taxtable set refund = '50000000' where uid = 'jeanbaptiste';--
Close; but to be really effective, I think you have to sneak it into the dependent's name [xkcd.com] field.
(Irony: CAPTCHA = 'stolen'!)
SSSHHHHHH!!!! (Score:5, Funny)
This is the IRS! For crying out loud. Don't TELL them!
Comment removed (Score:5, Insightful)
Re: (Score:2)
If that amount is irrelevant, does that mean you are willing to pay my taxes too?
Regardless of what happens to prices, the amount of money I pay in income taxes is significant to me.
Treat the IRS Like a Bank (Score:5, Insightful)
One of the frustrating things as a tax payer is not knowing how much I owe the government. I don't know if I'm overpaying or underpaying until the end of the year. Then I'm either screwed because I owe them a pile of cash or screwed because I wasted a lot of money that could have been better invested. Last year I gave the government 3000 extra which could have stayed as a cushion in a bank account or have been invested rather than getting it back with no interest.
Tax payers should be able to log into their IRS account and see what they owe throughout the year based on what their earnings are and how much has been taken out of their paychecks already. Throughout the year they can enter in deductions and extra earnings and whatnot so at the end of the year there isn't a surprise. It'd be nice to make extra payments if you want before April so that you don't get a huge tax bill or get no tax bill at all in April.
Re:Treat the IRS Like a Bank (Score:5, Informative)
IRS Withholding Calculator [irs.gov]
Use it at the beginning and middle of the year (for double checking) and for whenever you have a life change, such as getting married, gaining dependents, new job, etc.
You'll need your most current paystub and other basic information regarding your finances (interest earned, rental income, etc).
Re:Treat the IRS Like a Bank (Score:5, Funny)
1. How much to did you make?
2. Give it to us.
Re: (Score:1)
Re:Treat the IRS Like a Bank (Score:4, Funny)
I think your tagline makes a fitting Step 3
1. How much to did you make?
2. Give it to us.
3. Now go away, or I shall taunt you a second time
IRS Motto: (Score:2)
Sole props have no pay stubs... (Score:2)
What if you work for yourself?
Cheers,
Re: (Score:3, Insightful)
Last year I gave the government 3000 extra which could have stayed as a cushion in a bank account or have been invested rather than getting it back with no interest.
Does that mean you should be thanking them?
Re:Treat the IRS Like a Bank (Score:5, Insightful)
Given the state of the markets, overpaying the IRS might be the safest thing to do with your money.
Yes, they should definitely be able to do that. Two problems. First, relatively few people would use that feature enough to justify the cost of building it. Second, the IRS will never put a system like that in place on their own, because they make money from keeping people in the dark. The IRS is given a giant interest-free loan from the American people every year. If I were them, I wouldn't advertise it either...
Re: (Score:2)
nitpick: The IRS is not given a giant, interest-free loan. The US Treasury (read: the US federal government) is given a giant, interest-free loan. The IRS is to the US Government as Accounts Receivable is to the company you probably work at. They coll
Re: (Score:3, Insightful)
No no no, take another step back.
There should be no income tax: The hardest thing in the world to understand is the income tax. -- Albert Einstein
Re: (Score:3, Insightful)
Ron Paul!
Re: (Score:2)
Thanks, but no thanks - the Feds already know enough about me
Re: (Score:1)
AFAIK, the IRS only is informed about the tax amounts once per year. (Companies send the actual money more frequently, but this is just as a lump sum.) Depending on the state, they usually get informed quarterly. Still, this is still probably too infrequent for the grandparent post's poster.
Re: (Score:1, Redundant)
I generally agree with you, but...
Last year I gave the government 3000 extra which could have ... been invested rather than getting it back with no interest.
You should thank Uncle Sam for keeping your money out of the stock market for you! :)
Re: (Score:2)
"Our chief weapon is surprise...surprise and fear...fear and surprise.... Our two weapons are fear and surprise...and ruthless efficiency.... Our *three* weapons are fear, surprise, and ruthless efficiency..."
Transparency like that would really reduce the fear and surprise factors.
MOAIT (Score:3, Insightful)
Re: (Score:2)
You care to translate that into English so that even us people who generally understand the law have some idea what you're talking about?
I've done a little tax law, but what you're talking about doesn't seem even in the slightest bit related to actual tax law.
Re: (Score:2)
Your argument appears to be based on this chain of reasoning:
1) All seizures and wage garnishments are to be handled in a district Court
2) Income tax amounts to a seizure or wage garnishment
3) Because taxes are not collected through the courts, they violate the due process clause (5th Amendment).
4) Therefore, income taxes are unconstitutional.
Such reasoning is not persuasive, and I suggest if you want to find out how unpersuasive it is, you attempt to argue it before a court- any court.
This is especially tr
I hope (Score:2, Informative)
http://www.fairtax.org/site/PageServer [fairtax.org]
Re: (Score:2)
sheesh, is slashdot getting as bad as digg with the moderators just slamming people for differences of opinion (to lazy to reply are you?)
Re: (Score:1)
I've noticed the same thing as you, although I wouldn't think that "how dare you mod me flamebait," has ANY semblance of being in a debate.
I mean, C'mon.
And they don't reply because that would open them up to being modd'ed the same way, not because they are too lazy to reply.
Although, to be fair, it IS easy to just pick and choose, rather than have to think, type and express coherent thought(s).
--Toll_Free
Re: (Score:2)
Emergency? (Score:3, Interesting)
prevent the IRS from recovering applications during an emergency
And what praytell is considered an IRS Emergency? In my world, an emergency is something that requires medical assistance, police or rescue to be involved.
If by emergency, they mean "someone has deleted the files", isn't that what automated backups are for? I don't care what software you are using, a proficient IT department, given the proper resources (tape drive auto system, etc) can recover ANYTHING!
Re: (Score:1)
You're world is boring.
Emergencies pop up all the time, in all walks of life, with all people(s).
To think that any IT department can recover ANYTHING is stupid, honestly. There are transaction based software(z) that sometimes DON'T get a chance to put the transaction into the database.
I KNOW this, I had to work on Timberline, MRI, etc., etc. ,etc. Try using OS/2 WARP in 2001, my friend, JUST because some idiots that owned a building SAID we had to. Backups on that machine where, basically, copying a driv
Re: (Score:2)
Well, among other things, they worry about someone driving a truck bomb up to the building that houses the computers. And I don't mean al qaeda.
Help Wanted (Score:1)
TFA says (Score:1, Interesting)
After the audit, IRS officials reported that 11 of the 22 security vulnerabilities detected by the IG had been corrected.
Yeah, closing 50% of security vulnerabilities will suffice, no one will ever figure out how to exploit the remaining 11.
Furthermore, 22 known vulnerabilities were identified, how many more are making the application ripe for exploitation?
what makes you think there will be money in 2009 (Score:2)
Ok that's silly we'll still have money, but times will in fact suck and if the government can't process their own tax returns and screw it up there will in fact be riots. Well I guess it was good enough for government work and the Federal Contractors who got rich from it will have set up shop in Dubai with about a trillion of your dollars anyway, So yeah - screw those serfs screw them good.
More Republican "efficiency" and "competence" (Score:2)
"You're doin' a hell of a good job, Brownie".
In the mid-eighties, under St. Ronnie, the IRS rolled out a complete disaster. After 15 or so years, they rolled out both new hardware *and* new software. The new software had been written by mostly inexperienced, just out of college (if that) programmers. The *entire* codebase was rewritten from assembly to COBOL.
a) They did *not* run the old code in parallel, and
b) the inexperienced programmers, and their PHB managers, put code in with *no* checkpoints,
icq (Score:1)
The conversation they had before release... (Score:1)