Hack Targets NASA's Earth Observation System

← Back to Stories (view on slashdot.org)

Hack Targets NASA's Earth Observation System

Posted by CmdrTaco on Wednesday May 18, 2011 @01:39AM from the even-nasa-ain't-safe dept.

Gunkerty Jeb writes "A hacker is claiming that a security hole in a server at NASA's Goddard Space Flight Center has exposed data related to a satellite-based Earth observation system used to aid in disaster relief. The hacker, who uses the handle 'Tinkode,' has published a screen capture from what he claims is an FTP (File Transfer Protocol) server at NASA's Goddard Center. The hack comes exactly a month after the same hacker exposed a similar hole in a server operated by the European Space Agency."

5 of 45 comments (clear)

Min score:

Reason:

Sort:

Dumbing down by Anonymous Coward · 2011-05-18 01:46 · Score: 3, Insightful

When FTP needs to be explained on /. it's time to find another "News for Nerds" site.
1. Re:Dumbing down by DanTheStone · 2011-05-18 01:56 · Score: 3, Insightful
  
  It's because our submitters and editors are too lazy to write a summary, so they just copy-paste a chunk of the article (which may be intended for a less-technical audience).
2. Re:Dumbing down by symes · 2011-05-18 01:57 · Score: 3
  
  I would say defining FTP is just being polite - anyone can come here and browse, some might even want to stay a little while. What's the problem?
3. Re:Dumbing down by migla · 2011-05-18 02:16 · Score: 3, Funny
  
  I, for one, am grateful they explained the acronym, because until I read the next words, I thought NASA had a fuck-the-police server, which didn't make much sense, but that's what the kids writing/spraying FTP around here mean. Unless, of course, this is a neighbourhood of poor geeks...
  
  --
  Some of my favourite people are from th US; Vonnegut, Chomsky, Bill Hicks.
Re:Houston, we have a serious security problem... by AMuse · 2011-05-18 05:40 · Score: 3, Insightful

Hi all; I actually work for NASA as an IT Security guy.
While I can't answer specifics about this incident, you should remember that a great many things done by NASA are "General Science", and the data output from them is specifically and consciously made public.
It's possible that the FTP server is meant to be serving those files "to the public".
Why FTP instead of SFTP? Usually when you choose to make data public to the world, you don't bother implementing crypto on the data. And just because it's available via FTP for distribution, does not mean insecure FTP was used to *place* the data on the server.