back to article US national vulnerability database hacked

The US government's online catalog of cyber-vulnerabilities has been taken offline – ironically, due to a software vulnerability. The National Institute of Standards and Technology's National Vulnerability Database's (NVD) public-facing website and other services have been offline since Friday due to a malware infection on two …

COMMENTS

This topic is closed for new posts.
  1. eulampios

    "Locking the stable door after the horse ... " gets a malware?

    I am wondering what could that malware in question be, and how did it get there?

    This is indeed ironic. They found "suspicious activity" March 8, 2013 and as netcraft took a notice of

    NIST 129.6.13.45 Linux Apache 9-Mar-2013

    NIST 129.6.13.97 WinServer 2008 IIS/7.5 7-Mar-2013

    ----------

    Is it a temporary switch-of-the-door-lock solution or not?

    1. Anonymous Coward
      Anonymous Coward

      Re: "Locking the stable door after the horse ... " gets a malware?

      Looks like they changed over to Apache and soon after were hacked:

      http://uptime.netcraft.com/up/graph?site=web.nvd.nist.gov

      1. Andyb@B5

        Re: "Locking the stable door after the horse ... " gets a malware?

        AC @ 09:26

        Either you are experiencing some difficulties with comprehension here or just like trolling.

        7th March IIS

        8th March Firewall activity notified site taken down

        9th March Apache place-holder installed

        1. Anonymous Coward
          Anonymous Coward

          Re: "Locking the stable door after the horse ... " gets a malware?

          Andyb - looks like you didn't bother to read the link.

          2nd March - changed from Sun Glassfish to Apache Coyote

          8th March - hacked.

  2. Wzrd1 Silver badge

    Blather. First off, the *real* database is on JWICS and SIPRnet. Second, a database can be taken offline to patch. That doesn't necessarily mean it's offline due to compromise and anything on NIPRnet, aka filtered internet, isn't really sensitive.

    Any more than laundry reports from a military depot would be. That is, as the NIPRnet version of the database, FOUO at most.

    1. Allan George Dyer
      Coat

      I would have thought laundry reports would be very useful... follow the troop numbers as they are moved from base to base.

      1. NomNomNom

        "I would have thought laundry reports would be very useful"

        Indeed, finally it would reveal what the government knows about powdered detergent dosing levels. This is something they have never revealed. Gary Mckinnon got close to the truth so they had to silence him.

        1. Great Bu

          Are you claiming there has been some sort of whitewash ?

    2. LarsG

      This story just brings a smile to my face, ironic wouldn't you say.

      1. fixit_f
        Thumb Up

        It's like rain on your wedding day.

        << add list of other things that are definitely NOT ironic >>

  3. Magani
    FAIL

    Irony?

    Was a software vulnerability one of the records in NIST's vulnerability database?

    1. Matt Bryant Silver badge
      Big Brother

      Re: Irony?

      "Was a software vulnerability one of the records in NIST's vulnerability database?" Whilst the idea is amusing, the fun bit is they got a tip-off - very interesting! I can think of three options - white hat found the hole and left a calling card to prove it, informed NIST, went on his geeky way; black hat found it, played with it but made the mistake of bragging to another hacker, who promptly grassed him up; or, an informer/spook in a group of hackers reported the hole and has probably been collecting evidence for a conviction or to turn more of the group into informers.

      1. Dave 62

        Re: Irony?

        It was el-reg that got the tip-off not NIST, so no one was "grassed up", as far as I can tell from this story NIST found it themselves (clappity) and dealt with it appropriately (gold star for them).

        It seems that these days malware happens and generally speaking it just continues to happen until it is exploited, in this case they may have shut the gate on the horse as it was attempting to bolt and for this they should be commended.

        It's still funny though :3

  4. amanfromMars 1 Silver badge

    Be careful what you wish for, for it can kill you if you don't get it in ICT, ...

    ... and that is especially easily so in ICT Deliveries/Non Deliveries/Non ICT Deliveries

    The Register has requested more information on the problem, but NIST had not responded at the time of filing.

    One has to admire your optimism, El Reg, but one trusts you are not holding your breath until an answer is received and the problem revealed.

    1. Silverburn
      Happy

      Re: Be careful what you wish for, for it can kill you if you don't get it in ICT, ...

      ...it's probably not listed as a required step in the book/guide...;-)

    2. Synonymous Howard
      Happy

      Re: Be careful what you wish for, for it can kill you if you don't get it in ICT, ...

      That's The Register being ironic towards a very ironical situation/event.

      As opposed to The Register's "waiting for an invite" optimism when discussing Apple media events.

  5. J P
    Go

    Today is clearly Irony Day

    From the FT (£/reg'n) The UK government’s Insolvency Service is all but insolvent.

    http://www.ft.com/cms/s/0/4f09429e-8bcf-11e2-8fcf-00144feabdc0.html#axzz2NVGs5dFn

    Anyone got a third to make the hat-trick?

  6. Anonymous Coward
    Anonymous Coward

    More crims...

    ...headed for the Iron Bar Hotel. Have a nice, long stay.

  7. amanfromMars 1 Silver badge

    Changed Days Already ..... Get used to it and a New Breed of Global Controller Head Quarters

    The emerging problem is not one of old secrets being exposed and shouted to the rooftops or silently and stealthily shared for enlightening transparency, but new information not being shared with status quo power establishments. And without that novel information, will existing current systems and present elitist players have no knowledge of the runaway freight train hurtling along covert tracks towards them, to crash their systems and smash and grab command and control infrastructures and virtual network centres alike?

    "Increasingly, state and non-state actors are gaining and using cyber expertise. They apply cyber techniques and capabilities to achieve strategic objectives by gathering sensitive information from public- and private- sector entities, controlling the content and flow of information, and challenging perceived adversaries in cyberspace". …. Office of the Director of National Intelligence

  8. Anonymous Coward
    Anonymous Coward

    in for the hatrick

    Chess forum against bots uses chess, computers play chess better.

    http://www.theregister.co.uk/2013/03/14/chess_based_captcha/

  9. ecofeco Silver badge
    Trollface

    DERP DERP DERP Day

    *sigh*

    Really? I mean, really? And I'll bet the admin makes more money than I do.

This topic is closed for new posts.

Other stories you might like