back to article US national vulnerability database hacked

The US government's online catalog of cyber-vulnerabilities has been taken offline – ironically, due to a software vulnerability. The National Institute of Standards and Technology's National Vulnerability Database's (NVD) public-facing website and other services have been offline since Friday due to a malware infection on two …

COMMENTS

This topic is closed for new posts.
Bronze badge

"Locking the stable door after the horse ... " gets a malware?

I am wondering what could that malware in question be, and how did it get there?

This is indeed ironic. They found "suspicious activity" March 8, 2013 and as netcraft took a notice of

NIST 129.6.13.45 Linux Apache 9-Mar-2013

NIST 129.6.13.97 WinServer 2008 IIS/7.5 7-Mar-2013

----------

Is it a temporary switch-of-the-door-lock solution or not?

0
0
Anonymous Coward

Re: "Locking the stable door after the horse ... " gets a malware?

Looks like they changed over to Apache and soon after were hacked:

http://uptime.netcraft.com/up/graph?site=web.nvd.nist.gov

0
3

Re: "Locking the stable door after the horse ... " gets a malware?

AC @ 09:26

Either you are experiencing some difficulties with comprehension here or just like trolling.

7th March IIS

8th March Firewall activity notified site taken down

9th March Apache place-holder installed

1
0
Anonymous Coward

Re: "Locking the stable door after the horse ... " gets a malware?

Andyb - looks like you didn't bother to read the link.

2nd March - changed from Sun Glassfish to Apache Coyote

8th March - hacked.

0
1
Bronze badge

Blather. First off, the *real* database is on JWICS and SIPRnet. Second, a database can be taken offline to patch. That doesn't necessarily mean it's offline due to compromise and anything on NIPRnet, aka filtered internet, isn't really sensitive.

Any more than laundry reports from a military depot would be. That is, as the NIPRnet version of the database, FOUO at most.

0
1
Silver badge
Coat

I would have thought laundry reports would be very useful... follow the troop numbers as they are moved from base to base.

1
0
Silver badge

This story just brings a smile to my face, ironic wouldn't you say.

1
0
Silver badge

"I would have thought laundry reports would be very useful"

Indeed, finally it would reveal what the government knows about powdered detergent dosing levels. This is something they have never revealed. Gary Mckinnon got close to the truth so they had to silence him.

0
1

Are you claiming there has been some sort of whitewash ?

0
0
Thumb Up

It's like rain on your wedding day.

<< add list of other things that are definitely NOT ironic >>

1
0
FAIL

Irony?

Was a software vulnerability one of the records in NIST's vulnerability database?

0
0
Silver badge
Big Brother

Re: Irony?

"Was a software vulnerability one of the records in NIST's vulnerability database?" Whilst the idea is amusing, the fun bit is they got a tip-off - very interesting! I can think of three options - white hat found the hole and left a calling card to prove it, informed NIST, went on his geeky way; black hat found it, played with it but made the mistake of bragging to another hacker, who promptly grassed him up; or, an informer/spook in a group of hackers reported the hole and has probably been collecting evidence for a conviction or to turn more of the group into informers.

0
0

Re: Irony?

It was el-reg that got the tip-off not NIST, so no one was "grassed up", as far as I can tell from this story NIST found it themselves (clappity) and dealt with it appropriately (gold star for them).

It seems that these days malware happens and generally speaking it just continues to happen until it is exploited, in this case they may have shut the gate on the horse as it was attempting to bolt and for this they should be commended.

It's still funny though :3

1
0
Silver badge

Be careful what you wish for, for it can kill you if you don't get it in ICT, ...

... and that is especially easily so in ICT Deliveries/Non Deliveries/Non ICT Deliveries

The Register has requested more information on the problem, but NIST had not responded at the time of filing.

One has to admire your optimism, El Reg, but one trusts you are not holding your breath until an answer is received and the problem revealed.

0
0
Happy

Re: Be careful what you wish for, for it can kill you if you don't get it in ICT, ...

...it's probably not listed as a required step in the book/guide...;-)

0
0
Happy

Re: Be careful what you wish for, for it can kill you if you don't get it in ICT, ...

That's The Register being ironic towards a very ironical situation/event.

As opposed to The Register's "waiting for an invite" optimism when discussing Apple media events.

0
0
J P
Go

Today is clearly Irony Day

From the FT (£/reg'n) The UK government’s Insolvency Service is all but insolvent.

http://www.ft.com/cms/s/0/4f09429e-8bcf-11e2-8fcf-00144feabdc0.html#axzz2NVGs5dFn

Anyone got a third to make the hat-trick?

1
0
Anonymous Coward

More crims...

...headed for the Iron Bar Hotel. Have a nice, long stay.

0
1
Silver badge

Changed Days Already ..... Get used to it and a New Breed of Global Controller Head Quarters

The emerging problem is not one of old secrets being exposed and shouted to the rooftops or silently and stealthily shared for enlightening transparency, but new information not being shared with status quo power establishments. And without that novel information, will existing current systems and present elitist players have no knowledge of the runaway freight train hurtling along covert tracks towards them, to crash their systems and smash and grab command and control infrastructures and virtual network centres alike?

"Increasingly, state and non-state actors are gaining and using cyber expertise. They apply cyber techniques and capabilities to achieve strategic objectives by gathering sensitive information from public- and private- sector entities, controlling the content and flow of information, and challenging perceived adversaries in cyberspace". …. Office of the Director of National Intelligence

0
0
Anonymous Coward

in for the hatrick

Chess forum against bots uses chess, computers play chess better.

http://www.theregister.co.uk/2013/03/14/chess_based_captcha/

0
0
Silver badge
Trollface

DERP DERP DERP Day

*sigh*

Really? I mean, really? And I'll bet the admin makes more money than I do.

0
0
This topic is closed for new posts.

Forums