Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

US Vulnerability Database Yanked Over Malware Infestation

timothy posted about a year and a half ago | from the hate-it-when-that-happens dept.

Government 52

hypnosec writes "The US government's National Vulnerability Database (NVD) maintained by National Institute of Standards and Technology (NIST) has been offline for a few days because of malware infestation. The public-facing site has been taken offline because traces of malware were found on two of the web servers that house it. A post on Google+ containing an email from Gail Porter details the discovery of suspicious activity and subsequent steps taken by NIST. As of this writing the NVD website is still serving a page not found message."

cancel ×

52 comments

Sorry! There are no comments related to the filter you selected.

hypocrites (-1)

Anonymous Coward | about a year and a half ago | (#43169909)

I guess they didn't follow their own guidance on security standards...lmfao

for fucks sake... (0)

Anonymous Coward | about a year and a half ago | (#43169915)

looks like the tight rope instructor just broke his neck. what now?

Yup. (0)

Anonymous Coward | about a year and a half ago | (#43169939)

As I understand it, they switched from IIS/Windows to apache on Linux immediately after finding out they had been hacked...

Re:Yup. (1)

Luthair (847766) | about a year and a half ago | (#43170557)

I would say its more likely that the interim page explaining that NVD is currently unavailable is hosted on a different system. Perhaps we ought to wait until the site comes back online before chortling?

Re:Yup. (2)

cheater512 (783349) | about a year and a half ago | (#43176289)

Nope it is still funny. They couldn't put up a clean IIS install for the website down message in case it got infected as well.
Naturally they went for Apache.

I see the problem (1)

jaygatsby27 (894445) | about a year and a half ago | (#43169945)

If those bastards would hire me , this wouldn't happen.

Re:I see the problem (4, Funny)

Anonymous Coward | about a year and a half ago | (#43170047)

Way to sell yourself you arrogant prick. If you hire me, I'll help you with your image and this will never happen again.

Re:I see the problem (0)

Anonymous Coward | about a year and a half ago | (#43170385)

Citation requested.

Re:I see the problem (1)

gl4ss (559668) | about a year and a half ago | (#43173549)

why? you'd fax the db updates to people manually?

Funny stuff (0)

Anonymous Coward | about a year and a half ago | (#43169947)

Ha-ha!

ironic... (0, Flamebait)

ruir (2709173) | about a year and a half ago | (#43169957)

How about not using Windows for critical-mission servers?

Re:ironic... (0)

Anonymous Coward | about a year and a half ago | (#43171609)

Windows has come a long way in regards to security. There are still plenty of reasons to hate it, but on the security front it's not that bad. Any system can be hardened, and any system can be wide open. It all depends on the person(s) configuring it and what they see as a priority. I've seen windows 95 running process control software (yes this is a bad idea, but that's not the point). You have to wrap protections around it like firewalls, disable everything not required for the operation at hand, place in a secure location, don't connect to internet, etc. But it does work (as well as 95 can) and it's fairly secure.

Baseline and STIG hosting (3, Interesting)

chill (34294) | about a year and a half ago | (#43169975)

For the unenlightened, the NVD is where the official NIST computer configuration baselines and DISA STIGs are hosted. For example, the USGCB (formerly FDCC) is also down.

Re:Baseline and STIG hosting (4, Informative)

bcong (1125705) | about a year and a half ago | (#43169997)

Sorry, but no. The DISA STIGs are hosted here: http://iase.disa.mil/stigs/index.html [disa.mil]

Re:Baseline and STIG hosting (3, Informative)

chill (34294) | about a year and a half ago | (#43170107)

Yes, sorry, I phrased that wrong.

NVD's search will reference the STIGs and then link to the .mil location. For us civilian types the NVD site is the gateway.

Re:Baseline and STIG hosting (0)

Anonymous Coward | about a year and a half ago | (#43170201)

Mod parent up (Informative). [At work and can't post]

Re:Baseline and STIG hosting (1)

zAPPzAPP (1207370) | about a year and a half ago | (#43170503)

I can't post either.

Re:Baseline and STIG hosting (0)

Anonymous Coward | about a year and a half ago | (#43171919)

Me too!

Re:Baseline and STIG hosting (3, Funny)

lxs (131946) | about a year and a half ago | (#43170215)

Damn it. Top Gear will never be the same.

ENGLISH MOTHERFUCKER (-1, Offtopic)

Anonymous Coward | about a year and a half ago | (#43170249)

English motherfucker! Do you speak it?

Re:ENGLISH MOTHERFUCKER (0)

Anonymous Coward | about a year and a half ago | (#43170569)

what?!?

Re:ENGLISH MOTHERFUCKER (0)

Anonymous Coward | about a year and a half ago | (#43171553)

Qué cosa insentisive que decir. Eres un estúpido y su hygine es pobre.

Re:Baseline and STIG hosting (0)

Anonymous Coward | about a year and a half ago | (#43170799)

Oh yeah, that sentence was so enlightening. Maybe if I was playing "Acronym Bingo".

Fadlyboy Palace (-1)

Anonymous Coward | about a year and a half ago | (#43170077)

thx 4 info

http://fadlyboy.heck.in [fadlyboy.heck.in]

Trust me. I'm from the government. (3, Funny)

IT.luddite (1633703) | about a year and a half ago | (#43170079)

I'm here to help.

Re:Trust me. I'm from the government. (2, Insightful)

Anonymous Coward | about a year and a half ago | (#43170371)

I need a +1fear

Re:Trust me. I'm from the government. (0)

Anonymous Coward | about a year and a half ago | (#43174945)

...said the fireman.

Oh sweet... (2)

Anathem (1983388) | about a year and a half ago | (#43170129)

...IRONY

Re:Oh sweet... (0)

Anonymous Coward | about a year and a half ago | (#43170167)

don't blame the hipsters for this!

Re:Oh sweet... (0)

Anonymous Coward | about a year and a half ago | (#43170239)

The ironing is delicious.

It's like rain on your wedding day.

Etc etc.

Lets get all the irony jokes out of the way quickly.

Re:Oh sweet... (1)

ciderbrew (1860166) | about a year and a half ago | (#43170381)

none of the things in the song were ironic.

Re:Oh sweet... (2)

isopropanol (1936936) | about a year and a half ago | (#43170719)

...ironically...

Re:Oh sweet... (0)

Anonymous Coward | about a year and a half ago | (#43170731)

That's why I said "irony jokes".

Can't you read?

Re:Oh sweet... (1)

Anonymous Coward | about a year and a half ago | (#43170763)

But if we get the jokes out then the only way to express thoughts is to say it directly: this is a BS agency created to launder our tax money, while Indirectly subsidizing Microsoft (all gov agencies in US do).... but everyone already knew this. Can we go back to jokes now please?

Pay attention, Alanis... (2)

Chris Mattern (191822) | about a year and a half ago | (#43170375)

...THIS is ironic!

Re:Pay attention, Alanis... (0)

Anonymous Coward | about a year and a half ago | (#43170779)

Oh FFS. The stuff in her song was ironic. Get over yourself.

Re:Pay attention, Alanis... (0)

Anonymous Coward | about a year and a half ago | (#43171899)

Hey, its okay, you can like Alanis song even if she (or her song writer) doesn't understand irony.

But when it comes to language comprehension, the first step is denial. You need to admit that the song does not have a single instance of actual irony in it. Once you get past that hurdle you can start healing.

Re:Pay attention, Alanis... (1)

Stormthirst (66538) | about a year and a half ago | (#43178677)

You need to admit that the song does not have a single instance of actual irony in it.

I always figured that was why it was called Ironic. A song about irony, that didn't have any irony in it.

Re:Pay attention, Alanis... (0)

Anonymous Coward | about a year and a half ago | (#43172759)

...THIS is ironic!

Gave at the office.

Not possible (1)

Kimomaru (2579489) | about a year and a half ago | (#43170377)

Guys, don't you remember the Five 9s Microsoft marketing?! Yeah, that's what I thought. How quickly we forget how the real world works, this stuff just don't happen on Windows servers. Not possible.

I guess when Microsoft was screaming about Five 9s, they were referring to how often their platform would be down, not up.

We Apologise (1)

A10Mechanic (1056868) | about a year and a half ago | (#43170389)

We apologise for the fault in the database. Those responsible have been sacked.

Re:We Apologise (0)

Anonymous Coward | about a year and a half ago | (#43170667)

I suppose I will trust it again when the people responsible for sacking the people who were sacking the people who have been sacked, have been sacked.

(A m00se once bit the database... No, really, daTabaase bites can be very nasti...)

Re:We Apologise (1)

Sparticus789 (2625955) | about a year and a half ago | (#43172347)

Government employees cannot get fired for incompetence, only promoted to reduce the risk of a technical mistake being made.

Re:We Apologise (0)

Anonymous Coward | about a year and a half ago | (#43175265)

Government employees cannot get fired for incompetence, only promoted to reduce the risk of a technical mistake being made.

Not always true. The place where it's dangerous is if someone has a long history of sliding under useless management -- then, if you're a competent manager, and you start writing them up, it's taken as evidence that you're a bad manager (because they were a perfectly good employee before they were under you). But if you don't have that history of being a good employee on paper (however true it may or may not be)? Fireable, very.

in the meantime, use... (0)

Anonymous Coward | about a year and a half ago | (#43170555)

cve.mitre.org [mitre.org] for your CVE searching.

I'm amazed they haven't learned; don't use windows (0)

Anonymous Coward | about a year and a half ago | (#43171307)

Especially for a database and even more so for a database that hosts vulnerability information

New NEWS/NewsFlash/Clue, troll... apk (0)

Anonymous Coward | about a year ago | (#43192075)

1st, get back to us when MySQL can handle *NIX dates past 2038 (known issue), as far as databases go.

Secondly, regarding THIS "trollish stupidity" out of you quoted next below - Here's some contrary data regarding Linux & it's "invulnerability" from current recent history 2011 to present:

"I'm amazed they haven't learned; don't use windows. Especially for a database and even more so for a database that hosts vulnerability information" - by Anonymous Coward on Thursday March 14, @11:15AM (#43171307)

On databases, especially "Open SORES"? See above. On Linux "fine security"?? See next below:

---

2012:

New Linux Rootkit Emerges:

https://threatpost.com/en_us/blogs/new-linux-rootkit-emerges-112012 [threatpost.com]

"A new Linux rootkit has emerged and researchers who have analyzed its code and operation say that the malware appears to be a custom-written tool designed to inject iframes into Web sites and drive traffic to malicious sites for drive-by download attacks. The rootkit is designed specifically for 64-bit Linux systems."

---

'FIRST ever' Linux, Mac OS X-only password sniffing virus spotted:

http://www.theregister.co.uk/2012/08/29/linux_mac_trojan/ [theregister.co.uk]

---

Medicaid hack update: 500,000 records and 280,000 SSNs stolen:

http://www.zdnet.com/blog/security/medicaid-hack-update-500000-records-and-280000-ssns-stolen/11444 [zdnet.com]

So, what's dts.utah.gov running everyone?

LINUX (and yes, it got HACKED) -> http://uptime.netcraft.com/up/graph?site=dts.utah.gov [netcraft.com]

What's health.utah.gov running too??

YOU GUESSED IT: LINUX AGAIN -> http://uptime.netcraft.com/up/graph?site=health.utah.gov [netcraft.com]

* Ah, yes - see the YEARS OF /. "BS" FUD is CRUMBLING AROUND THE PENGUINS EARS HERE & 2012's starting out just like 2011 did below!

===

2011:

KERNEL.ORG COMPROMISED - The Cracking of Kernel.org: (that's VERY bad - do you trust it now?)

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised [slashdot.org]

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/ [theregister.co.uk]

---

Mysql.com Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware [slashdot.org]

What's that site running? You guessed it - Linux -> http://uptime.netcraft.com/up/graph?site=mysql.com [netcraft.com]

---

London Stock Exchange serving malware:

http://slashdot.org/submission/1484548/London-Stock-Exchange-Web-Site-Serving-Malware [slashdot.org]

(I mean hey - NOT ONLY DID LINUX FALL FLAT ON ITS FACE less than a few minutes into the job http://linux.slashdot.org/story/11/02/19/0147232/London-Stock-Exchange-Price-Errors-Emerged-At-Linux-Launch [slashdot.org] , & crash not only ONCE, but TWICE there? You see "Linux 'fine security'" in motion @ the LSE too!)

---

DUQU ROOTKIT/BOTNET BEING SERVED FROM LINUX SERVERS:

http://it.slashdot.org/story/11/11/30/1610228/duqu-attackers-managed-to-wipe-cc-servers [slashdot.org]

---

Linux Foundation, Linux.com Sites Down To Fix Security Breach:

http://linux.slashdot.org/story/11/09/11/1325212/linux-foundation-linuxcom-sites-down-to-fix-security-breach [slashdot.org]

---

Linux's showing in CA's breached recently too? Ok: (very, Very, VERY BAD for ecommerce, online shopping, banking, etc./et al)

http://uptime.netcraft.com/up/graph?site=StartCom.com [netcraft.com]

http://uptime.netcraft.com/up/graph?site=GlobalSign.com [netcraft.com]

http://uptime.netcraft.com/up/graph?site=Comodo.com [netcraft.com]

http://uptime.netcraft.com/up/graph?site=DigiCert.com [netcraft.com]

http://uptime.netcraft.com/up/graph?site=www.gemnet.nl [netcraft.com]

The list of CA Servers BREACHED that RUN LINUX (StartCom, GlobalSign, DigiCert, Comodo, GemNet)... per these articles verifying that:

http://itproafrica.com/technology/security/cas-hacked/ [itproafrica.com]

&

http://threatpost.com/en_us/blogs/site-dutch-ca-gemnet-offline-after-web-server-attack-120811 [threatpost.com]

---

The Stratfor SECURITY hack: (can't blame it on poor setup, this IS a security firm that uses Linux)

http://yro.slashdot.org/story/11/12/28/1743201/data-exposed-in-stratfor-compromise-analyzed [slashdot.org]

What's that domain run? Yes kids - you guessed it: LINUX -> http://uptime.netcraft.com/up/graph?site=www.stratfor.com [netcraft.com]

---

Phishers/Spammers FAVOR attacking LAMP: (Linux, Apache, mySQL, PHP)

http://www.theregister.co.uk/2011/06/10/domains_lamped/ [theregister.co.uk]

PERTINENT QUOTE/EXCERPT:

"Phishers compromise LAMP-based websites for days at a time and hit the same victims over and over again, according to an Anti-Phishing Working Group survey. Sites built on Linux, Apache, MySQL and PHP are the favoured targets of phishing attackers"

---

Toss ANDROID (yes, a Linux since it uses a Linux kernel) in also, since it's being "shredded" on the mobile phone security-front rampantly for years now?

* You get the picture... along with the fact that YES, there ARE BOTNETS, VIRUSES, TROJANS, and more, ON LINUX - as well as it being THE FAVORED TARGET of spammers/phishers, shown just above and here on botnets:

---

Linux webserver botnet pushes malware - Attack of the open source zombies

http://www.theregister.co.uk/2009/09/12/linux_zombies_push_malware/ [theregister.co.uk]

---

Linux STILL needs patching @ kernel level in 2013, thru ALL distros 2.6-3.8 current:

http://www.zdnet.com/linux-kernel-exploit-gets-patched-7000011844/ [zdnet.com]

(Face facts, that THAT line of "b.s." of "Linux = Secure & Windows != Secure" just DOESN'T HOLD ANY WATER - the core of Linux STILL gets patched vs. vulnerabilities, just like Windows NT-based OS, & they ARE RELATIVELY THE SAME AGE too! Thus, proving (especially via ANDROID) that "the most used = most attacked"...)

---

Plenty of the "Fortune 100-500" run Windows Servers 24x7 non-stop in "Fabled '5-9's" uptime too!

(Would you like a listing of some of them? Just ask - & "ye shall receive"...)

APK

P.S.=> Linux Security Blunders DOMINATE in 2011-2012, despite all /. "FUD" for years saying "Linux = SECURE" (what "b.s."/FUD that's turning out to be, especially on ANDROID where it can't hide by "security-by-obscurity" anymore & is in the hands of non-tech users galore - & EXPLOITS ARE EXPLODING ON ANDROID, nearly daily)

... apk

That profile pic is awesome. (1)

cshark (673578) | about a year and a half ago | (#43171329)

Really cool stuff. Wish I would have thought of it. Superimposing code on top of a picture of himself. Great stuff. Screams uber hacker. I don't even need to read the article to know that anyone with mad photoshop skills like that must know what he's doing.

Re:That profile pic is awesome. (0)

Anonymous Coward | about a year and a half ago | (#43173781)

What does the picture have to do with anything? I didn't even notice it, I was too busy reading the contents.

DERP (1)

SpaceManFlip (2720507) | about a year and a half ago | (#43172121)

They should just own up to the failure, and post an interim placeholder webpage with about a 50-point font print of the word "DERP"

we live in interesting times (2)

8086 (705094) | about a year and a half ago | (#43172289)

Apart from the great irony of this incident, it is also a sign of things to come in cyber security and the computer industry in general. It seems we're at a point of time when you don't have to be stupid and/or high-visibility in order to get hacked, most contemporary software is ill-equipped to deal with the rising security threat, and even security service providers cannot be fully trusted. Hopefully this translates to more employment for us geeks and opportunities to build all the security features and plug up all the holes like we always wanted to but couldn't spare the time for.

Suspicious Activity? (0)

Anonymous Coward | about a year and a half ago | (#43172341)

" a NIST firewall detected suspicious activity"

Most likely, that means they only managed to detect the malware when it did something naive, like try to contact a known botnet host or run a port scan on the internal network . That's rather disturbing, because it suggests the attackers were looking for the low hanging fruit and didn't care if they were discovered. A serious attacker targeting them specifically would take care to avoid doing anything like that. What's out there on all of our networks that we haven't found because it's too smart to trigger a simple IPS/IDS alert?

I'd like to know if they had anything like AIDE or Tripwire in place, and if so, why it failed.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>