{"id":4725,"date":"2009-07-10T15:30:00","date_gmt":"2009-07-10T21:30:00","guid":{"rendered":"http:\/\/www.nmpolitics.net\/index\/2009\/07\/is-the-secretary-of-states-web-site-secure\/"},"modified":"2009-07-10T15:30:00","modified_gmt":"2009-07-10T21:30:00","slug":"is-the-secretary-of-states-web-site-secure","status":"publish","type":"post","link":"https:\/\/nmpolitics.net\/index\/2009\/07\/is-the-secretary-of-states-web-site-secure\/","title":{"rendered":"Is the secretary of state’s Web site secure?"},"content":{"rendered":"

\"\"<\/a><\/p>\n

Herrera says it is, but an IT employee who\u2019s on leave and under investigation says people\u2019s usernames and passwords are at risk<\/span><\/p>\n

Secretary of State Mary Herrera<\/a> claimed in a guest column<\/a> published today in the Albuquerque Journal that her agency\u2019s computer systems \u201care now secure,\u201d no data was lost and development of a new campaign finance reporting system is \u201cback on track.\u201d<\/p>\n

But Brad Allen, an information technologies employee who has been on leave ever since the secretary of state\u2019s Web site and computer systems went offline two weeks ago, said one key vulnerability remains: There is no encryption on the log-in page for Uniform Commercial Code filings<\/a>.<\/p>\n

That means when people log into the system to file required business reports, their usernames and passwords could be visible to hackers, Allen said.<\/p>\n

\u201cPassword data should always be encrypted, no matter what,\u201d he said. \u201cEverybody does it. It\u2019s not that hard to do.\u201d<\/p>\n

http vs. https<\/span><\/p>\n

Prior to the recent problems, the log-in page used the more secure Hypertext Transfer Protocol Secure<\/a> (https at the start of the Web address), which utilizes something called SSL encryption<\/a>, Allen said. Now it\u2019s using the less secure hypertext transfer protocol<\/a> (http at the start of the Web address).<\/p>\n

While there are other ways to secure information stored in the secretary of state\u2019s databases — methods that wouldn\u2019t be obvious to someone viewing the site — Allen said the use of SSL encryption is the only way to ensure the security of information sent from a person\u2019s Web browser to the secretary of state\u2019s server.<\/p>\n

In an e-mail, Herrera wrote that it would be \u201cunwise and not prudent\u201d to have an unsecure site and said \u201cthe information you are been given regarding SSL encryption with respect to the secretary of state\u2019s Web applications is untrue.\u201d She did not elaborate.<\/p>\n

This is all Herrera said in today\u2019s guest column about the Web site\u2019s security:<\/p>\n

\u201cMy No. 1 priority is to ensure that our network is properly secured in order to protect the integrity of all information submitted to our office. I am pleased to confirm that all of our systems are now secure, no data has been lost, and our goal to implement a new campaign finance reporting system is now back on track.\u201d<\/p>\n

Allen said he is publicly talking about the lack of security on the site because he is concerned about the potential harm hackers could do, not because he wants to point a finger at Herrera or others in her office.<\/p>\n

Allen is under investigation<\/span><\/p>\n

Allen was placed on administrative leave around the same time unspecified problems knocked out<\/a> all systems in the office, including the new campaign finance reporting system he had been developing.<\/p>\n

Officials completed work Thursday on efforts to restore the Web site and other systems but have still not fully explained what caused the problems.<\/p>\n

Without naming Allen, Herrera wrote in today\u2019s guest column that an employee in her office is under investigation because of \u201cactions which occurred and information learned\u201d during a recent security review that coincided with the problems with computer systems. She wrote that those problems \u201crevealed that our network was vulnerable to potential interference.\u201d<\/p>\n

\u201cThis investigation involves potential criminal violations and is a personnel matter,\u201d Herrera wrote. \u201cIn order to preserve the integrity of the investigation and also protect the rights of this employee, I will not at this time discuss the details of this investigation and will allow the proper authorities to proceed according to their protocol.\u201d<\/p>\n

While Herrera did not name the employee, her statement builds on what Deputy Secretary of State Don Francisco Trujillo II<\/a> told the New Mexico Independent earlier this week<\/a>. He said the agency had started an inquiry into Allen based on information gleaned by the security test.<\/p>\n

Trujillo did not mention Allen by name but acknowledged that the inquiry involves the only agency employee who is on paid leave, which is Allen. When asked if the investigation involved law enforcement, Trujillo said, \u201cWe have begun an investigation which involves other agencies. I won\u2019t discuss it any further.\u201d<\/p>\n

Prior to that, the agency had said Allen was not under suspicion despite being on leave.<\/p>\n

Herrera refused to comment on Allen\u2019s employment or answer questions about the criminal investigation today because it\u2019s a personnel issue. Allen also declined to comment on the status of his employment and the investigation.<\/p>\n","protected":false},"excerpt":{"rendered":"

Herrera says it is, but an IT employee who\u2019s on leave and under investigation says people\u2019s usernames and passwords are at risk Secretary of State Mary Herrera claimed in a guest column published today in the Albuquerque Journal that her agency\u2019s computer systems \u201care now secure,\u201d no data was lost and development of a new […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-4725","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/nmpolitics.net\/index\/wp-json\/wp\/v2\/posts\/4725","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nmpolitics.net\/index\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nmpolitics.net\/index\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nmpolitics.net\/index\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nmpolitics.net\/index\/wp-json\/wp\/v2\/comments?post=4725"}],"version-history":[{"count":0,"href":"https:\/\/nmpolitics.net\/index\/wp-json\/wp\/v2\/posts\/4725\/revisions"}],"wp:attachment":[{"href":"https:\/\/nmpolitics.net\/index\/wp-json\/wp\/v2\/media?parent=4725"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nmpolitics.net\/index\/wp-json\/wp\/v2\/categories?post=4725"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nmpolitics.net\/index\/wp-json\/wp\/v2\/tags?post=4725"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}