UK SPY AGENCY GCHQ could do with a taste of its own dogfood if its information systems are anything to go by.
The agency has been sending out user passwords in plain text over email, which is a big blunder in information security circles, and why is it doing this? Because it is using a legacy system, it said. Which means that it has been doing this for years.
"The current applicant tracking system used by GCHQ is a legacy system and we are currently in the process of changing it," a GCHQ spokesman told The INQUIRER. "We are working with our supplier to achieve this."
The current applicant tracking system proved to be more Mr Bean than Mr Bond earlier this year when a student asked it to remind him of his password.
No problem, it probably said, here it is in plain text in an email that also exposes your user name.
This, folks, is a major security vulnerability. It makes the GCHQ look pretty stupid in the area of information systems security. After all, that's supposed to be precisely its area of expertise.
Our student friend, Dan Farrall said that he informed the agency of its gaffe last January, and hasn't heard anything back from the organisation. He said he checked that it's still an issue, and whaddya know, it is.
"For those that don't think this matters, bear in mind the type of information you're submitting to these online applications," he warned. "Names, dates, family members information, passport numbers, housing information. With this type of information identity theft is a major concern." µ