Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

NASA Vulnerable To Crippling Cyber Attacks

CmdrTaco posted more than 3 years ago | from the aren't-we-all dept.

NASA 67

RedEaredSlider writes "The computer network NASA relies upon to carry out its billion dollar missions is just like your Mac or PC at home; vulnerable to cyber attacks. NASA's servers contain vulnerabilities that could enable a cyberattack to cripple the entire agency, according to a recent audit report from The Office of the Inspector General. The report was an unflattering look at NASA's internal computer security operations, as the Inspector General recommended the agency expedite the implementation of a new agency-wide program to oversee the network security problem."

cancel ×

67 comments

Sorry! There are no comments related to the filter you selected.

question (-1, Offtopic)

disopaos (2029158) | more than 3 years ago | (#35657856)

Is it true that if you go to jail in the US you have to pay your stay? wtf?

Re:question (-1)

Anonymous Coward | more than 3 years ago | (#35657928)

Is it true that if you go to jail in the US you have to pay your stay? wtf?

No, that's just in your crappy country. Here in the USA, jail is free of charge for inmates.

Re:question (-1, Offtopic)

disopaos (2029158) | more than 3 years ago | (#35657954)

Since US has like half of its population in jails, wouldn't it be better if they were put to work too? Pay for their stay instead of everyone else paying for it. It's their fault they are in jail to begin with.

Re:question (1)

cobrausn (1915176) | more than 3 years ago | (#35658440)

Yeah, like half, or 3.1% [wikipedia.org] , same thing. I thought we were supposed to be bad at math.

Re:question (0)

Anonymous Coward | more than 3 years ago | (#35659338)

Try 0.75%...

Re:question (-1)

Anonymous Coward | more than 3 years ago | (#35658050)

Actually, depends on state, fed laws, judge's disposition, and offense:

In PA (Where I'm from) you have to pay for a Driving Under the Influence (DUI), or similar types of offenses. What's more, if you do weekends in jail (Usu from DUI, disturbing the peace, etc), you have to pay for your drug testing, if you need more than one (If you check in w/ "hot" blood)

Some fed prisons - min security, or otherwise for "non-violent" offenses usually have to pay some sort of fee as well; often a fee will be assessed for those deemed able to pay.

Making inmates pay for jail is becoming more and more prevalent throughout the states.

good idea (0)

Anonymous Coward | more than 3 years ago | (#35657882)

this worked well for the NHS...

Sure thing (-1, Troll)

slushslash7 (2029298) | more than 3 years ago | (#35657886)

And they send spam [blog.com] to each location in the solar system

Re:Sure thing (1)

wmbetts (1306001) | more than 3 years ago | (#35657922)

yay for a goatse link...

Did they figure this out with McAfee software? (5, Funny)

dstyle5 (702493) | more than 3 years ago | (#35657890)

Given how their website was so full of holes I'm sure they could have told NASA where to look.

No, mysql.com and sun.com are helping... (0)

Anonymous Coward | more than 3 years ago | (#35658856)

No, mysql.com and sun.com are helping this week... :-)

Re:Did they figure this out with McAfee software? (1)

sunderland56 (621843) | more than 3 years ago | (#35659342)

No, McAfee is for people on a budget. Someone with as much money as NASA uses *serious* security protection from HBGary.

Re:Did they figure this out with McAfee software? (0)

Anonymous Coward | more than 3 years ago | (#35674788)

In case you didnt know HBGary got pwned by Anonymous.

What's NASA.GOV running? Linux (nasa.gov)... apk (0)

Anonymous Coward | more than 3 years ago | (#35664340)

http://uptime.netcraft.com/up/graph?site=www.nasa.gov [netcraft.com]

(There's your website 'subdomain' scan first)

http://uptime.netcraft.com/up/graph?site=nasa.gov [netcraft.com]

(There's your MAIN domain scan)

"Read 'em & WEEP", /. *NIX Trolls!

---

Oh - Yes, yes - the "supreme security of Linux", lol (not)!

Funniest part of all, since your post was modded "+5 FUNNY" is this quote from the article summary today:

---

"The computer network NASA relies upon to carry out its billion dollar missions is just like your Mac or PC at home; vulnerable to cyber attacks"

(Hahaha, except this time, as we can ALL see above? NASA uses Linux & a LAMP stack setup... (@ least the "LA" part, for sure) funny they OMIT noting that in that source article used here!)

---

Yea, lol, FUNNY alright & I agree...

Except I don't think the "Pro-*NIX Trolls" around here will! Why?

WELL, because it's SURE NOT SEEMING "so secure" per this article (at least, not like "Pro-*NIX trolls" around here have been snowing folks about for years here now, in their "fantasyland" of 1/2 truth "straight-outta-pravda" tactics the use here daily & FOR YEARS now, & "lord knows" they don't like it when actual FACTS are brought into the picture exposing the FRAUD of "Linux is secure", lol!)

Hell, & each week almost this year? ANDROID (yes, a Linux too) does the rest, showing security issues week in & week out!

(LMAO! Next, in fact? I predict that my usage of facts here anyone can test themselves above in this reply will be met by "The DOWNMOD SQUAD" of wannabe "Adjustment Bureau" Trolls & *NIX 'fanbois'!!!)

APK

P.S.=> Fact is that here today, I showed that Linux has MORE unpatched security vulnerabilities in its KERNEL ALONE (and a Linux distro is a LOT more than just THAT), by 3x in fact, than does Windows 7 alone (in its entirety/more than just kernel), as well as the ENTIRE MS "Stack" for doing business only having 7 total errors in unpatched vulnerabilities, vs. 19 on Linux latest/greatest!

Again - Kernel ONLY though... it's not showing all the ones the GUI shells, Window managers, Browsers etc. that a FULL Linux distro has that COMPOUNDS THAT FURTHER!

http://it.slashdot.org/comments.pl?sid=2059420&cid=35656126 [slashdot.org]

(Now, THAT? That's funny... and, since they used NMap to determine what systems are "internet facing"? You can pretty much bank on it that NASA.GOV is one of them, & it's vulnerable...) apk

Ms = 2/5 unpatched sec. vulns (vs. Linux 19)!!! (0)

Anonymous Coward | more than 3 years ago | (#35803990)

Microsoft's DOWN TO 5 UNPATCHED SEC. VULNS IN THE ENTIRE MS PRODUCT LINE YOU USE TO DO BUSINESS ONLINE: (& 4x less unpatched security vulnerabilities than Linux has, no less, in its "latest/greatest", albeit KERNEL ONLY (makes a difference, read on)):

---

Vulnerability Report: Microsoft Office 2010: (04/12/2011)

http://secunia.com/advisories/product/30529/?task=advisories [secunia.com]

Unpatched 0% (0 of 4 Secunia advisories)

---

Vulnerability Report: Microsoft SQL Server 2008: (04/12/2011)

http://secunia.com/advisories/product/21744/ [secunia.com]

Unpatched 0% (0 of 4 Secunia advisories)

---

Vulnerability Report: Microsoft Internet Information Services (IIS) 7.x: (04/12/2011)

http://secunia.com/advisories/product/17543/ [secunia.com]

Unpatched 0% (0 of 6 Secunia advisories)

---

Vulnerability Report: Microsoft Visual Studio 2010: (04/12/2011)

http://secunia.com/advisories/product/30853/?task=advisories [secunia.com]

Unpatched 17% (0 of 6 Secunia advisories)

---

Vulnerability Report: Microsoft Internet Explorer 9.x: (04/12/2011)

http://secunia.com/advisories/product/34591/ [secunia.com]

Unpatched 0% (0 of 0 Secunia advisories)

---

Vulnerability Report: Microsoft Windows 7: (04/12/2011)

http://secunia.com/advisories/product/27467/?task=advisories [secunia.com]

Unpatched 8% (5 of 59 Secunia advisories)

AND, of those 5 vulnerabilities, yes... 2 are still "remote". HOWEVER, they have EASY work-arounds, OR, are caused/utilized by faulty 3rd party apps you can just avoid, as there's usually an alternate app for most anything!

(E.G.., & of ALL things? Apple stuff triggers one, ITunes another, iirc, etc. but no other apps are KNOWN to - go figure, eh?).

The remaining can be avoided by not just downloading & running "anything" etc. (being utterly stupid in other words, or just ignorant (which in the case of a child, I could excuse (not an adult)).

I.E.-> "NO PROBLEMO!"

&

ALMOST 4x LESS THAN IS PRESENT ON THE LINUX 2.6x KERNEL ALONE (toss on the rest of what goes into a Linux distro? That # goes "up, Up, UP & AWAY...", bigime, "increasing that lead, that Linux has", lol, in more unpatched known security bugs present that is (a dubious honor/win, lol, to say the least!)

---

So, that "all said & aside"?

Microsoft's doing a HELL OF A GOOD JOB on the security front!

APK

P.S.=> Compare a "*NIX/Open SORES" OS in Linux's "latest/greatest"?:

---

Vulnerability Report: Linux Kernel 2.6.x (04/12/2011)

http://secunia.com/advisories/product/2719/?task=advisories [secunia.com]

Unpatched 7% (19 of 259 Secunia advisories)

---

THAT? That's more than 4x as many as Windows 7 has that are unpatched, & has a REMOTE BUG UNPATCHED in the "ROSE" subsystem... PLUS, I'd wager there aren't EASY workarounds for them (or as many as MS has shown above)...

AGAIN - THAT'S ONLY THE LINUX KERNEL MIND YOU, not the entire 'gamut/array' of what actually comes in a Linux distro (such as the attendant GUI, Windows managers, browsers, etc. that ship in distros too that have bugs, and yes, THEY DO), THAT ADDS EVEN MORE BUGS that COMPOUNDS THAT # EVEN MORE!

So, so much for "Windows is less secure than Linux" stuff you see around here on /., eh?

(It gets even WORSE for 'Linuxdom' when you toss on ANDROID (yes, it's a LINUX variant too), because it's being shredded on the security-front lately, unfortunately)

BOTTOM-LINE:

What this all comes down to, is all the "Pro-*NIX propoganda straight outta pravda" practically doesn't stand up very well against concrete, verifiable & visible facts now, does it? Nope... apk

What security? (1)

Anonymous Coward | more than 3 years ago | (#35657966)

NASA has always been lax about security. Every few years there's another story about them getting owned by a bored teen. And let's face it, their shoestring budget isn't going to pay for top dollar infosec support.

Re:What security? (0)

Anonymous Coward | more than 3 years ago | (#35658758)

It's not a budget issue, it's a competency issue.

Re:What security? (1)

flappinbooger (574405) | more than 3 years ago | (#35658802)

maybe they're just all high on teh Crizzak

http://www.huffingtonpost.com/2011/03/15/nasa-finds-cocaine-space-center_n_836109.html

Around $18.7 billion? (0)

Anonymous Coward | more than 3 years ago | (#35658992)

Over 18.7 billion in 2010 is hardly a shoestring budget. In the grand scheme of the Federal Budget it isn't a lot, but hardly shoestring. (It is one program that should get more $ in my book.)

(http://www.washingtonpost.com/wp-dyn/content/article/2010/01/31/AR2010013101058.html?wprss=rss_print/asection)

I thought... (1)

camperdave (969942) | more than 3 years ago | (#35657978)

I thought there was a highly funded government agency that was charged with providing security for the nation's communications and information systems. Dang! Now what was that called... SAN? ANS? SNA?... Something like that. Anyways, why isn't NASA using them?

NIST, and not quite. (2)

Gary W. Longsine (124661) | more than 3 years ago | (#35658284)

Every agency is responsible for securing their own infrastructure. NIST [nist.gov] only provides only guidance.

Re:NIST, and not quite. (1)

peragrin (659227) | more than 3 years ago | (#35658838)

which is both a blessing and a curse. A curse from the fact that so many disparte angencies have such varing standards and security means the total cost of government IT goes up and up. however because there are so many non interconnecting systems it makes it harder for the government to spy on you.

Re:NIST, and not quite. (0)

Anonymous Coward | more than 3 years ago | (#35659106)

I'm fairly sure he was referring to the NSA.

Re:NIST, and not quite. (1)

Truth is life (1184975) | more than 3 years ago | (#35663214)

Actually, considering the three letters present in all of the provided options--I think he was thinking of the NSA.

Title correction.... (0)

Anonymous Coward | more than 3 years ago | (#35657984)

Internet-connected Enterprise Vulnerable To Crippling Cyber Attacks

There, fixed that for you.

Come on guys! (3, Funny)

Locke2005 (849178) | more than 3 years ago | (#35657996)

IT is not rocket science!

Re:Come on guys! (2)

Sinning (1433953) | more than 3 years ago | (#35658128)

I think that's the whole problem.

Re:Come on guys! (1)

Thud457 (234763) | more than 3 years ago | (#35658298)

Is Dr. No going to start stealing our rockets with trojans now?


oh, no that's Congress that's grounding the U.S. nevermind....

Re:Come on guys! (1)

Nyeerrmm (940927) | more than 3 years ago | (#35660376)

As a professional rocket scientist (well navigation engineer) and an amateur IT technician (manage a non-profits web presence), let me tell you: IT is a whole hell of a lot harder.

Of course it may just be that I have a lot more education in one topic than the other.

Re:Come on guys! (1)

Coren22 (1625475) | more than 3 years ago | (#35667050)

The trick to most IT support is knowing how to frame a Google query. If you have the background, it isn't terribly hard to setup networks, servers, desktops, etc. Securing these systems is a whole other bag of worms though; security is a constantly moving target, and you have to keep up with it constantly to do a good job. Even then, there is no truly secure system, there will always be flaws in the underlying OS and any other software that you use that only the attackers have found (Zero-Day Exploits).

It frankly doesn't surprise me that NASA has vulnerabilities, every system does, I just hope that this will put them on the path to correct those problems and implement good security practices from now on.

Repeat After Me: (0)

Anonymous Coward | more than 3 years ago | (#35658032)

Microsoft [www.microsoft] .

Have a day!

Yours In Miami,
K. Trout

Re:Repeat After Me: (1)

kvvbassboy (2010962) | more than 3 years ago | (#35658100)

I highly doubt their servers run on IIS.

Funny this story came up and what happened to me (0)

ticketswapz (1974628) | more than 3 years ago | (#35658034)

My friend noted a weird "hidden" connection on Windows XP that connected her... are you ready for this? NASA. It was a fake A/V thing of malware that was pretty tough. It took me about 3 hours to clean the machine since the 30 minute dump a backup, wipe everything and restore after a fresh XP install was not an option.

Re:Funny this story came up and what happened to m (0)

ticketswapz (1974628) | more than 3 years ago | (#35658136)

Ah nevermind - it was part of the malware fake alert popup

Still ??? (1)

Goose In Orbit (199293) | more than 3 years ago | (#35658098)

You'd think after all the fuss made about Gary McKinnon accessing the system 10 years ago - they'd have done something about it by now

Re:Still ??? (1)

vlm (69642) | more than 3 years ago | (#35658228)

You'd think after all the fuss made about Gary McKinnon accessing the system 10 years ago - they'd have done something about it by now

Maybe Gary was right all along, they're too busy covering up the UFO conspiracy to bother with simple stuff like periodic "apt-get upgrade" or whatever it is that windows people have to suffer thru.

Why... (1)

MachDelta (704883) | more than 3 years ago | (#35658166)

Why are these things connected to the internet? Does mission control watch Youtube while they're waiting for the countdown or what?
TFA is kind of sketchy on details though, so i'm wondering if anyone knows anything more about these "servers... that control spacecraft." Sounds like ignorant reporting to me.

Re:Why... (0)

Anonymous Coward | more than 3 years ago | (#35658402)

TFA said the outside inspector used nmap on the entire network. What if the vulnerable servers were firewalled in a DMZ? Connectivity might be setup one-way only. Exploits are still possible but only if initiated from the inside.

JSC-Mission Control (0)

Anonymous Coward | more than 3 years ago | (#35659798)

I worked on the NASA Flight Control Room upgrade contract in the mid-1990s and as a software introduction specialist for my software development group. Besides programming, I brought all and any software into the mission control network using approved, multi-stage, methods. Our group didn't follow the same development standards as the other teams writing code were forced to follow. We had approvals mainly because the software was built in collaboration with 3 other NASA centers, and not by the MOD prime contractor, Loral SIS.

The mission control centers were on a private network with data flows outbound within the NASA center only, then extended to specific locations around the world over dedicated NASA links. Getting data into the MCC network happened through specific spacecraft data links or through introduction workstations that are air-gapped from the rest of the center networking. There was no way to push data inside over the normal center network without physically going to a highly secured area just outside the data center floor of the building. Most people with access to the flight control rooms did not have access to this floor.

None of the flight control workstations (they were running Digital UNIX at the time) had any way to access the internet or any portable media capabilities. There weren't any floppy discs, USB or CDROMs in those workstations.

Just before I left NASA, they were adding a PC network inside the MCC - completely separate from the control network. It seemed like they planned to use it so flight controllers to be able to access everything they would at their desks, including the internet and email. I thought it was a bad idea, but can appreciate that a flight controller working a 12 hour shift might need access to his desktop email during really slow parts of the mission. There are lots of slow moments and hours.

How the other projects and centers worked is completely unknown to me, unless they were remotely connected to the JSC MCC network. If they were connected, then I remotely installed software on every workstation there and around the world. Most of these remote centers had only a few workstations so they could monitor space station or shuttle activities and flight data.

BTW, that was a pretty cool job.

Re:Why... (1)

Nyeerrmm (940927) | more than 3 years ago | (#35660494)

I'm learning the process of doing operations for unmanned spacecraft right now, and some of them are definitely internet accessible.

The reason, at least for what I do, is that we're not always sitting in the control room for operations. For big events, yes, but when you're getting telemetry, processing it, and updating the onboard ephemeris, a cube or office is a lot more comfortable. Furthermore, you need to stay and work from home sometimes, sick child/repairman coming/car broke/whatever, but you still need to get on the flight ops machine and run a maneuver design or upload a file. SSH in and get what you need done.

Not all operations involve sitting in a room on dedicated hardware looking at a screen, and for the more mundane parts, flexibility is wonderful.

can't afford to secure network (0)

Anonymous Coward | more than 3 years ago | (#35658168)

sue hacker who hacks it
???
Profit!

What would that look like exactly? (1)

vlm (69642) | more than 3 years ago | (#35658172)

enable a cyberattack to cripple the entire agency

What would that look like exactly? To the best of my knowledge NASA is kind of a management consultant group... They contract EVERYTHING out. All capital, all operations, all services. So its not like the space station will fall out of the sky, or space probe data will be lost, because thats all done by contractors, whom presumably do a better job, since its their money on the line not the taxpayers.

Most of their contractors are large, therefore politically well connected, which in a circular way explains why they are NASA contractors, duh. So if accounts payable takes a couple extra days to restore the backups and cut the checks for services rendered, eh, the contractors will be OK.

I'm envisioning a vast array of power points and TPS reports being lost... would that necessarily be all that bad?

Re:What would that look like exactly? (3, Informative)

robot256 (1635039) | more than 3 years ago | (#35659354)

To the best of my knowledge NASA is kind of a management consultant group... They contract EVERYTHING out.

No, you're confusing us with DoD. DoD contracts everything out, but NASA has a mix of contract and in-house services. We generally contract out pieces of satellites and assemble them ourselves (and fix everything the contractor f***ed up). In terms of IT, basic workstations are administered by contract suppliers, but other systems are owned by the government and administered by civil servants (engineering workstations, lab equipment computers, ground support operations, data processing supercomptuers, etc.). Many of these systems are connected to the Internet to get software updates and research problems when troubleshooting. But I do know that the ground support networks for satellites and large tests are definitely not connected to the Internet.

Shuttle (1)

craigminah (1885846) | more than 3 years ago | (#35658264)

A little off topic but didn't the Space Shuttle use QNX as their OS? I know some of their satellites do but I thought their prime mover did as well. Meh, with everything important on Windows (e.g. NASA and SCADA among others) it keeps the haxors away from my Mac

Not suprising (1)

FunkyELF (609131) | more than 3 years ago | (#35658302)

Their crack team of web developers can't even get nasa.com to work without the www. in front of it.

Re:Not suprising (1)

FunkyELF (609131) | more than 3 years ago | (#35658326)

... of course I meant to say nasa.gov
The people cybersquatting nasa.com were about to figure it out.

Re:Not suprising (0)

Anonymous Coward | more than 3 years ago | (#35658864)

I typed "nasa.gov" and got redirected to "www.nasa.gov" just fine.

Re:Not suprising (0)

Anonymous Coward | more than 3 years ago | (#35662008)

I would have thought that it's now "game on", after the US and Israel decided that it was OK to screw with another country's nuclear technology.
As illustrated in Japan, problems at nuclear facilities can escalate badly when things go wrong.
The total lack of concern by the US and Israel for Iranian and others lives puts them in no position to object when the favour is returned.
While mission-critical systems at NASA may not be on the net, a USB or infected disc may just turn up at the wrong time for someone.

This just in... (2)

bjohnso5 (1476817) | more than 3 years ago | (#35658316)

Computer networks can be accessed by computers. Film at eleven.

Not a surprise (0)

Anonymous Coward | more than 3 years ago | (#35658546)

When I worked at NASA LaRC some decade ago, all of their systems were still using public IPs with no firewalls. A compromise of all of their systems via one server, multiplying because they used standard telnet for remote access, led them to enforce stricter patching to their systems. They left themselves open to the same problem: one unpatched system could lead to the same issue all over again. They didn't want to hear anything to do with SSH or more secure networking practices (e.g. putting all user systems on a private network behind a firewall).

So any chump working in NASA LaRC could attach a system to the network and instantly open up the entire center to compromise. It's government politics at its best.

Just wait until it is medical records... (0)

Anonymous Coward | more than 3 years ago | (#35659218)

Just wait until it is medical records that are as exposed by some agency with no encryption of them and no recourse due to sovereign immunity.

Re:Just wait until it is medical records... (1)

MaskedSlacker (911878) | more than 3 years ago | (#35659744)

People can, and do, routinely sue the federal government (and state, and local). Hell, that's how Judicial Review was established in the first place. The FTCA establishes pretty clearly that sovereign immunity would not apply in that case.

Of course, it's more fun to just ignorantly spout bullshit.

No Need (0)

Anonymous Coward | more than 3 years ago | (#35658684)

NASA's servers contain vulnerabilities that could enable a cyberattack to cripple the entire agency

The congress already got there, there's a new amendment stating NASA must place "goatse.cx" placards on every door.

But really... (1)

JohnnySlash (913420) | more than 3 years ago | (#35658700)

this is how the US government takes over and militarizes space...

Computers are vulnerable? (0)

Anonymous Coward | more than 3 years ago | (#35658732)

A computer is vulnerable. This is news?

Aren't all computers vulnerable to attacks? Sure, there are actions you can take to minimize your exposure to the risks, but they can never be eliminated.

People are vulnerable to being shot or stabbed. Sure, I can hire a body guard, or even a whole phalanx of them. Won't stop a sniper shooting from 300 yards. Won't stop someone from releasing saran gas in your vicinity.

Computers are vulnerable. If you think otherwise, you are just ignoring potential attack vectors.

discernment (2)

slick7 (1703596) | more than 3 years ago | (#35658930)

A greater crippling obstacle appears to be (Con)gress, they can't even get their story straight on the budget let alone anything else.
Billions are dumped on our so-called "friends" and yet, everybody hates us. If 1/10th of the war budget went to NASA, we would be somewhere past the asteroid belt, let alone fiber optic networks for everyone.

Hope they don't catch another WANK virus (1)

Eightbitgnosis (1571875) | more than 3 years ago | (#35658932)

You be good now Australian hackers!

As someone who actually maintains these systems, (1)

pecosdave (536896) | more than 3 years ago | (#35659068)

I'm not going to give many details, it's not good business. I don't know much about the non-mission critical systems, but I do maintain mission critical ones and I will venture a mention they're not on the internet. The internet and the mission critical stuff are far separated. That's more specific than I probably should have gotten, things that communicate with the station, the shuttle and TDRS are isolated, often from one another.

Re:As someone who actually maintains these systems (1)

vlm (69642) | more than 3 years ago | (#35659280)

The internet and the mission critical stuff are far separated. That's more specific than I probably should have gotten,

Yeah, whatever you do, don't use the top secret phrase "air gap firewall".. Come on, enough security theater.

Re:As someone who actually maintains these systems (0)

Anonymous Coward | more than 3 years ago | (#35659652)

Yeah, whatever you do, don't use the top secret phrase "air gap firewall".. Come on, enough security theater.

But., those firewalls are really expensive and extremely difficult to configure!!

There are... (0)

Anonymous Coward | more than 3 years ago | (#35660352)

Many more Gary McKinnons out there who have been in their networks for ages and know the truth.

Space Shuttle (1)

asylumx (881307) | more than 3 years ago | (#35661118)

Jeez, with IT like that, by this summer they probably won't even be able to launch a space shuttle!

Yeah, they've got a problem... (1)

Loudog (9867) | more than 3 years ago | (#35662208)

...they've always had a problem with this, though. I was there years ago (at the beginning of the Internet boom) and we were one of the most hacked targets on the planet. Everyone seems to think that all the secret UFO data was in NASAs network -- and the pace of attacks was astounding. You had to have an RSA token to login to anything. It got so bad that we ended up having to put an optical tap (even as contractors, we fought that one) on the FDDI ring what was MAE-WEST so the FBI and other TLAs could try to track some of these idiots down.

Given that funding went down and many of the top IT / networking guys went into the booming private sector, I'm not surprised it's still a problem. All of the mission critical stuff is pretty well walled off -- but the rest of it has major issues. I don't think we'll loose a spaceship to it, but getting your email can be very annoying.

But they passed McAffee's web check! (1)

Nyder (754090) | more than 3 years ago | (#35662650)

I don't understand the problem. McAffee's web check said their site was okay!!

computer server vulnerabilities? (1)

doperative (1958782) | more than 3 years ago | (#35664466)

"We found that computer servers on NASA's agency-wide mission network had high-risk vulnerabilities that were exploitable from the Internet. Specifically, six computer servers associated with IT assets that control spacecraft and contain critical data had vulnerabilities that would allow a remote attacker to take control of or render them unavailable" link [ibtimes.com]

By any chance, would these 'computer servers' be running on Microsoft Windows?

"a recent audit report .. cited a 2009 incident in which cybercriminals .. caused the computer system to make 3,000 unauthorized connections to domestic and international IP addresses"

Wouldn't it be a good idea to put these 'computer systems' behind a firewall and only allow access through authenticated VPN connections?

NASA used to be about undeniable precision (1)

hesaigo999ca (786966) | more than 3 years ago | (#35665444)

They used to be hailed as the corner stone of undeniable precision, where they could lose contact with a shuttle, and plan its course and be able to tell with 100% accuracy where it would show up once it regained contact with them (apollo mission)....here, this makes them look like newbs....i dont know what happened, if some outsourced agency was hired to throw together their network configs, but i am surprised to say the least.

Speak for yourself (0)

Anonymous Coward | more than 3 years ago | (#35672790)

just like your Mac or PC at home; vulnerable to cyber attacks

Not. You don't know jack shit about my PC at home.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>