US national vulnerability database hacked
The US government's online catalog of cyber-vulnerabilities has been taken offline – ironically, due to a software vulnerability. The National Institute of Standards and Technology's National Vulnerability Database's (NVD) public-facing website and other services have been offline since Friday due to a malware infection on two …
This topic is closed for new posts.
"Locking the stable door after the horse ... " gets a malware?
I am wondering what could that malware in question be, and how did it get there?
This is indeed ironic. They found "suspicious activity" March 8, 2013 and as netcraft took a notice of
NIST 129.6.13.45 Linux Apache 9-Mar-2013
NIST 129.6.13.97 WinServer 2008 IIS/7.5 7-Mar-2013
----------
Is it a temporary switch-of-the-door-lock solution or not?
Re: "Locking the stable door after the horse ... " gets a malware?
Looks like they changed over to Apache and soon after were hacked:
http://uptime.netcraft.com/up/graph?site=web.nvd.nist.gov
Re: "Locking the stable door after the horse ... " gets a malware?
AC @ 09:26
Either you are experiencing some difficulties with comprehension here or just like trolling.
7th March IIS
8th March Firewall activity notified site taken down
9th March Apache place-holder installed
Re: "Locking the stable door after the horse ... " gets a malware?
Andyb - looks like you didn't bother to read the link.
2nd March - changed from Sun Glassfish to Apache Coyote
8th March - hacked.
Blather. First off, the *real* database is on JWICS and SIPRnet. Second, a database can be taken offline to patch. That doesn't necessarily mean it's offline due to compromise and anything on NIPRnet, aka filtered internet, isn't really sensitive.
Any more than laundry reports from a military depot would be. That is, as the NIPRnet version of the database, FOUO at most.
I would have thought laundry reports would be very useful... follow the troop numbers as they are moved from base to base.
This story just brings a smile to my face, ironic wouldn't you say.
"I would have thought laundry reports would be very useful"
Indeed, finally it would reveal what the government knows about powdered detergent dosing levels. This is something they have never revealed. Gary Mckinnon got close to the truth so they had to silence him.
It's like rain on your wedding day.
<< add list of other things that are definitely NOT ironic >>
Irony?
Was a software vulnerability one of the records in NIST's vulnerability database?
Re: Irony?
"Was a software vulnerability one of the records in NIST's vulnerability database?" Whilst the idea is amusing, the fun bit is they got a tip-off - very interesting! I can think of three options - white hat found the hole and left a calling card to prove it, informed NIST, went on his geeky way; black hat found it, played with it but made the mistake of bragging to another hacker, who promptly grassed him up; or, an informer/spook in a group of hackers reported the hole and has probably been collecting evidence for a conviction or to turn more of the group into informers.
Re: Irony?
It was el-reg that got the tip-off not NIST, so no one was "grassed up", as far as I can tell from this story NIST found it themselves (clappity) and dealt with it appropriately (gold star for them).
It seems that these days malware happens and generally speaking it just continues to happen until it is exploited, in this case they may have shut the gate on the horse as it was attempting to bolt and for this they should be commended.
It's still funny though :3
Be careful what you wish for, for it can kill you if you don't get it in ICT, ...
... and that is especially easily so in ICT Deliveries/Non Deliveries/Non ICT Deliveries
The Register has requested more information on the problem, but NIST had not responded at the time of filing.
One has to admire your optimism, El Reg, but one trusts you are not holding your breath until an answer is received and the problem revealed.
Re: Be careful what you wish for, for it can kill you if you don't get it in ICT, ...
...it's probably not listed as a required step in the book/guide...;-)
Re: Be careful what you wish for, for it can kill you if you don't get it in ICT, ...
That's The Register being ironic towards a very ironical situation/event.
As opposed to The Register's "waiting for an invite" optimism when discussing Apple media events.
Today is clearly Irony Day
From the FT (£/reg'n) The UK government’s Insolvency Service is all but insolvent.
http://www.ft.com/cms/s/0/4f09429e-8bcf-11e2-8fcf-00144feabdc0.html#axzz2NVGs5dFn
Anyone got a third to make the hat-trick?
More crims...
...headed for the Iron Bar Hotel. Have a nice, long stay.
Changed Days Already ..... Get used to it and a New Breed of Global Controller Head Quarters
The emerging problem is not one of old secrets being exposed and shouted to the rooftops or silently and stealthily shared for enlightening transparency, but new information not being shared with status quo power establishments. And without that novel information, will existing current systems and present elitist players have no knowledge of the runaway freight train hurtling along covert tracks towards them, to crash their systems and smash and grab command and control infrastructures and virtual network centres alike?
"Increasingly, state and non-state actors are gaining and using cyber expertise. They apply cyber techniques and capabilities to achieve strategic objectives by gathering sensitive information from public- and private- sector entities, controlling the content and flow of information, and challenging perceived adversaries in cyberspace". …. Office of the Director of National Intelligence
in for the hatrick
Chess forum against bots uses chess, computers play chess better.
http://www.theregister.co.uk/2013/03/14/chess_based_captcha/
DERP DERP DERP Day
*sigh*
Really? I mean, really? And I'll bet the admin makes more money than I do.
This topic is closed for new posts.
