Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Vulnerability Database Yanked Over Malware Infestation

Posted by timothy on from the hate-it-when-that-happens dept.

hypnosec writes "The US government's National Vulnerability Database (NVD) maintained by National Institute of Standards and Technology (NIST) has been offline for a few days because of malware infestation. The public-facing site has been taken offline because traces of malware were found on two of the web servers that house it. A post on Google+ containing an email from Gail Porter details the discovery of suspicious activity and subsequent steps taken by NIST. As of this writing the NVD website is still serving a page not found message."

52 comments

  1. for fucks sake... by Anonymous Coward · · Score: 0

    looks like the tight rope instructor just broke his neck. what now?

  2. Yup. by Anonymous Coward · · Score: 0

    As I understand it, they switched from IIS/Windows to apache on Linux immediately after finding out they had been hacked...

    1. Re:Yup. by Luthair · · Score: 1

      I would say its more likely that the interim page explaining that NVD is currently unavailable is hosted on a different system. Perhaps we ought to wait until the site comes back online before chortling?

    2. Re:Yup. by cheater512 · · Score: 2

      Nope it is still funny. They couldn't put up a clean IIS install for the website down message in case it got infected as well.
      Naturally they went for Apache.

  3. I see the problem by jaygatsby27 · · Score: 1

    If those bastards would hire me , this wouldn't happen.

    1. Re:I see the problem by Anonymous Coward · · Score: 4, Funny

      Way to sell yourself you arrogant prick. If you hire me, I'll help you with your image and this will never happen again.

    2. Re:I see the problem by Anonymous Coward · · Score: 0

      Citation requested.

    3. Re:I see the problem by gl4ss · · Score: 1

      why? you'd fax the db updates to people manually?

      --
      world was created 5 seconds before this post as it is.
  4. Funny stuff by Anonymous Coward · · Score: 0

    Ha-ha!

  5. ironic... by ruir · · Score: 0, Flamebait

    How about not using Windows for critical-mission servers?

    1. Re:ironic... by Anonymous Coward · · Score: 0

      Windows has come a long way in regards to security. There are still plenty of reasons to hate it, but on the security front it's not that bad. Any system can be hardened, and any system can be wide open. It all depends on the person(s) configuring it and what they see as a priority. I've seen windows 95 running process control software (yes this is a bad idea, but that's not the point). You have to wrap protections around it like firewalls, disable everything not required for the operation at hand, place in a secure location, don't connect to internet, etc. But it does work (as well as 95 can) and it's fairly secure.

  6. Baseline and STIG hosting by chill · · Score: 3, Interesting

    For the unenlightened, the NVD is where the official NIST computer configuration baselines and DISA STIGs are hosted. For example, the USGCB (formerly FDCC) is also down.

    --
    Learning HOW to think is more important than learning WHAT to think.
    1. Re:Baseline and STIG hosting by bcong · · Score: 4, Informative

      Sorry, but no. The DISA STIGs are hosted here: http://iase.disa.mil/stigs/index.html

    2. Re:Baseline and STIG hosting by chill · · Score: 3, Informative

      Yes, sorry, I phrased that wrong.

      NVD's search will reference the STIGs and then link to the .mil location. For us civilian types the NVD site is the gateway.

      --
      Learning HOW to think is more important than learning WHAT to think.
    3. Re:Baseline and STIG hosting by Anonymous Coward · · Score: 0

      Mod parent up (Informative). [At work and can't post]

    4. Re:Baseline and STIG hosting by lxs · · Score: 3, Funny

      Damn it. Top Gear will never be the same.

    5. Re:Baseline and STIG hosting by zAPPzAPP · · Score: 1

      I can't post either.

    6. Re:Baseline and STIG hosting by Anonymous Coward · · Score: 0

      Oh yeah, that sentence was so enlightening. Maybe if I was playing "Acronym Bingo".

    7. Re:Baseline and STIG hosting by Anonymous Coward · · Score: 0

      Me too!

  7. Trust me. I'm from the government. by IT.luddite · · Score: 3, Funny

    I'm here to help.

  8. Oh sweet... by Anathem · · Score: 2

    ...IRONY

    1. Re:Oh sweet... by Anonymous Coward · · Score: 0

      don't blame the hipsters for this!

    2. Re:Oh sweet... by Anonymous Coward · · Score: 0

      The ironing is delicious.

      It's like rain on your wedding day.

      Etc etc.

      Lets get all the irony jokes out of the way quickly.

    3. Re:Oh sweet... by ciderbrew · · Score: 1

      none of the things in the song were ironic.

    4. Re:Oh sweet... by isopropanol · · Score: 2

      ...ironically...

    5. Re:Oh sweet... by Anonymous Coward · · Score: 0

      That's why I said "irony jokes".

      Can't you read?

    6. Re:Oh sweet... by Anonymous Coward · · Score: 1

      But if we get the jokes out then the only way to express thoughts is to say it directly: this is a BS agency created to launder our tax money, while Indirectly subsidizing Microsoft (all gov agencies in US do).... but everyone already knew this. Can we go back to jokes now please?

  9. Re:Trust me. I'm from the government. by Anonymous Coward · · Score: 2, Insightful

    I need a +1fear

  10. Pay attention, Alanis... by Chris+Mattern · · Score: 2

    ...THIS is ironic!

    1. Re:Pay attention, Alanis... by Anonymous Coward · · Score: 0

      Oh FFS. The stuff in her song was ironic. Get over yourself.

    2. Re:Pay attention, Alanis... by Anonymous Coward · · Score: 0

      Hey, its okay, you can like Alanis song even if she (or her song writer) doesn't understand irony.

      But when it comes to language comprehension, the first step is denial. You need to admit that the song does not have a single instance of actual irony in it. Once you get past that hurdle you can start healing.

    3. Re:Pay attention, Alanis... by Anonymous Coward · · Score: 0

      ...THIS is ironic!

      Gave at the office.

    4. Re:Pay attention, Alanis... by Stormthirst · · Score: 1

      You need to admit that the song does not have a single instance of actual irony in it.

      I always figured that was why it was called Ironic. A song about irony, that didn't have any irony in it.

  11. Not possible by Kimomaru · · Score: 1

    Guys, don't you remember the Five 9s Microsoft marketing?! Yeah, that's what I thought. How quickly we forget how the real world works, this stuff just don't happen on Windows servers. Not possible.

    I guess when Microsoft was screaming about Five 9s, they were referring to how often their platform would be down, not up.

  12. We Apologise by A10Mechanic · · Score: 1

    We apologise for the fault in the database. Those responsible have been sacked.

    1. Re:We Apologise by Anonymous Coward · · Score: 0

      I suppose I will trust it again when the people responsible for sacking the people who were sacking the people who have been sacked, have been sacked.

      (A m00se once bit the database... No, really, daTabaase bites can be very nasti...)

    2. Re:We Apologise by Sparticus789 · · Score: 1

      Government employees cannot get fired for incompetence, only promoted to reduce the risk of a technical mistake being made.

      --
      sudo make me a sandwich
    3. Re:We Apologise by Anonymous Coward · · Score: 0

      Government employees cannot get fired for incompetence, only promoted to reduce the risk of a technical mistake being made.

      Not always true. The place where it's dangerous is if someone has a long history of sliding under useless management -- then, if you're a competent manager, and you start writing them up, it's taken as evidence that you're a bad manager (because they were a perfectly good employee before they were under you). But if you don't have that history of being a good employee on paper (however true it may or may not be)? Fireable, very.

  13. in the meantime, use... by Anonymous Coward · · Score: 0

    cve.mitre.org for your CVE searching.

  14. Re:ENGLISH MOTHERFUCKER by Anonymous Coward · · Score: 0

    what?!?

  15. I'm amazed they haven't learned; don't use windows by Anonymous Coward · · Score: 0

    Especially for a database and even more so for a database that hosts vulnerability information

  16. That profile pic is awesome. by cshark · · Score: 1

    Really cool stuff. Wish I would have thought of it. Superimposing code on top of a picture of himself. Great stuff. Screams uber hacker. I don't even need to read the article to know that anyone with mad photoshop skills like that must know what he's doing.

    --

    This signature has Super Cow Powers

    1. Re:That profile pic is awesome. by Anonymous Coward · · Score: 0

      What does the picture have to do with anything? I didn't even notice it, I was too busy reading the contents.

  17. Re:ENGLISH MOTHERFUCKER by Anonymous Coward · · Score: 0

    Qué cosa insentisive que decir. Eres un estúpido y su hygine es pobre.

  18. DERP by SpaceManFlip · · Score: 1

    They should just own up to the failure, and post an interim placeholder webpage with about a 50-point font print of the word "DERP"

  19. we live in interesting times by 8086 · · Score: 2

    Apart from the great irony of this incident, it is also a sign of things to come in cyber security and the computer industry in general. It seems we're at a point of time when you don't have to be stupid and/or high-visibility in order to get hacked, most contemporary software is ill-equipped to deal with the rising security threat, and even security service providers cannot be fully trusted. Hopefully this translates to more employment for us geeks and opportunities to build all the security features and plug up all the holes like we always wanted to but couldn't spare the time for.

  20. Suspicious Activity? by Anonymous Coward · · Score: 0

    " a NIST firewall detected suspicious activity"

    Most likely, that means they only managed to detect the malware when it did something naive, like try to contact a known botnet host or run a port scan on the internal network . That's rather disturbing, because it suggests the attackers were looking for the low hanging fruit and didn't care if they were discovered. A serious attacker targeting them specifically would take care to avoid doing anything like that. What's out there on all of our networks that we haven't found because it's too smart to trigger a simple IPS/IDS alert?

    I'd like to know if they had anything like AIDE or Tripwire in place, and if so, why it failed.

  21. Re:Trust me. I'm from the government. by Anonymous Coward · · Score: 0

    ...said the fireman.

  22. New NEWS/NewsFlash/Clue, troll... apk by Anonymous Coward · · Score: 0

    1st, get back to us when MySQL can handle *NIX dates past 2038 (known issue), as far as databases go.

    Secondly, regarding THIS "trollish stupidity" out of you quoted next below - Here's some contrary data regarding Linux & it's "invulnerability" from current recent history 2011 to present:

    "I'm amazed they haven't learned; don't use windows. Especially for a database and even more so for a database that hosts vulnerability information" - by Anonymous Coward on Thursday March 14, @11:15AM (#43171307)

    On databases, especially "Open SORES"? See above. On Linux "fine security"?? See next below:

    ---

    2012:

    New Linux Rootkit Emerges:

    https://threatpost.com/en_us/blogs/new-linux-rootkit-emerges-112012

    "A new Linux rootkit has emerged and researchers who have analyzed its code and operation say that the malware appears to be a custom-written tool designed to inject iframes into Web sites and drive traffic to malicious sites for drive-by download attacks. The rootkit is designed specifically for 64-bit Linux systems."

    ---

    'FIRST ever' Linux, Mac OS X-only password sniffing virus spotted:

    http://www.theregister.co.uk/2012/08/29/linux_mac_trojan/

    ---

    Medicaid hack update: 500,000 records and 280,000 SSNs stolen:

    http://www.zdnet.com/blog/security/medicaid-hack-update-500000-records-and-280000-ssns-stolen/11444

    So, what's dts.utah.gov running everyone?

    LINUX (and yes, it got HACKED) -> http://uptime.netcraft.com/up/graph?site=dts.utah.gov

    What's health.utah.gov running too??

    YOU GUESSED IT: LINUX AGAIN -> http://uptime.netcraft.com/up/graph?site=health.utah.gov

    * Ah, yes - see the YEARS OF /. "BS" FUD is CRUMBLING AROUND THE PENGUINS EARS HERE & 2012's starting out just like 2011 did below!

    ===

    2011:

    KERNEL.ORG COMPROMISED - The Cracking of Kernel.org: (that's VERY bad - do you trust it now?)

    http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

    ---

    Linux.com pwned in fresh round of cyber break-ins:

    http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/

    ---

    Mysql.com Hacked, Made To Serve Malware:

    http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

    What's that site running? You guessed it - Linux -> http://uptime.netcraft.com/up/graph?site=mysql.com

    ---

    London Stock Exchange serving malware:

    http://slashdot.org/submission/1484548/London-Stock-Exchange-Web-Site-Serving-Malware

    (I mean hey - NOT ONLY DID LINUX FALL FLAT ON ITS FACE less than a few minutes into the job http://linux.slashdot.org/story/11/02/19/0147232/London-Stock-Exchange-Price-Errors-Emerged-At-Linux-Launch, & crash not only ONCE, but TWICE there? You see "Linux 'fine security'" in motion @ the LSE too!)

    ---

    DUQU ROOTKIT/BOTNET BEING SERVED FROM LINUX SERVERS: