Entry 20816 (Berkeley CSUA MOTD)

Berkeley CSUA MOTD:Entry 20816

WIKI \| FAQ \| Tech FAQ
`http://csua.com/feed/`

2025/05/24 [General] UID:1000 Activity:popular

5/24

2001/3/16-17 [Reference/Tax] UID:20816 Activity:low

3/16    Thinking of e-filing your Taxes? Think again:
        http://news.cnet.com/news/0-1007-200-5151043.html?tag=nbs
        \_ The sky is falling!  The sky is falling!
        \_ Sorry, I already did.
          \_well after reading the article, you see that was stupid.
          no need to apologize, though.

Cache (2650 bytes)

news.cnet.com/news/0-1007-200-5151043.html?tag=nbs -> news.com.com/2100-1017-254204.html?legacy=cnet&tag=nbsLast year, the Internal Revenue Service left its e-filing system all but open to hackers, according to a report released Thursday by the General Accounting Office. Worse yet, the IRS had no way of telling whether its systems actually had been broken into, according to the GAO, the investigative arm of Congress. But in a letter to the GAO, IRS Commissioner Charles Rossotti said the agency had addressed many of the problems. Meanwhile, Congress has set a goal for the IRS that 80 percent of all returns will be filed electronically by 2007. The IRS expects some 42 million taxpayers to file electronically this year. Online tax-preparation sites have already seen a 27 spike in traffic this year, as taxpayers try to beat next month's filing deadline. But those troubles appear to pale in comparison to the problems the GAO found with the IRS e-filing system. Among the security problems the GAO cited: The firewall protection the IRS used on its e-filing system did not effectively restrict outside access to the system, and the IRS turned off some of its network controls to speed the processing of returns. On top of that, the operating system on the e-filing system was insecure. Although the IRS normally encrypts data on its computer systems, the agency left tax returns on its e-filing system unencrypted. The password system used to safeguard data was insufficient. GAO investigators were able to guess many passwords and found some user IDs and passwords posted in public view at one IRS facility. The IRS did not have an adequate system in place to detect hacker intrusions. The e-filing system did not record certain events in its log files, and the agency and had no system for regularly reviewing those files to look for hacker attacks. In addition, the agency has taken steps to improve its ability to detect possible intrusions, Rossotti said in his letter. Rossotti noted that there is no evidence that anyone hacked into the IRS' systems last year. The IRS does not accept online returns filed directly by taxpayers. The IRS is considering allowing its e-file partners to transmit encrypted returns, Rossotti said in his letter. Some of the companies that work with the IRS have also had problems securing data. Last month, for instance, tax site e1040 mistakenly 29 turned off its SSL (Secure Sockets Layer) software that it uses to encrypt transmissions from its customers. Both companies shut down their tax filing sites temporarily to correct the problems. While the IRS did take some steps to screen some of its e-file partners, most partners did not have to go through any kind of criminal background check, the GAO reported.