Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Vulnerability Database Yanked Over Malware Infestation

Posted by timothy on from the hate-it-when-that-happens dept.

hypnosec writes "The US government's National Vulnerability Database (NVD) maintained by National Institute of Standards and Technology (NIST) has been offline for a few days because of malware infestation. The public-facing site has been taken offline because traces of malware were found on two of the web servers that house it. A post on Google+ containing an email from Gail Porter details the discovery of suspicious activity and subsequent steps taken by NIST. As of this writing the NVD website is still serving a page not found message."

24 of 52 comments (clear)

  1. I see the problem by jaygatsby27 · · Score: 1

    If those bastards would hire me , this wouldn't happen.

    1. Re:I see the problem by Anonymous Coward · · Score: 4, Funny

      Way to sell yourself you arrogant prick. If you hire me, I'll help you with your image and this will never happen again.

    2. Re:I see the problem by gl4ss · · Score: 1

      why? you'd fax the db updates to people manually?

      --
      world was created 5 seconds before this post as it is.
  2. Baseline and STIG hosting by chill · · Score: 3, Interesting

    For the unenlightened, the NVD is where the official NIST computer configuration baselines and DISA STIGs are hosted. For example, the USGCB (formerly FDCC) is also down.

    --
    Learning HOW to think is more important than learning WHAT to think.
    1. Re:Baseline and STIG hosting by bcong · · Score: 4, Informative

      Sorry, but no. The DISA STIGs are hosted here: http://iase.disa.mil/stigs/index.html

    2. Re:Baseline and STIG hosting by chill · · Score: 3, Informative

      Yes, sorry, I phrased that wrong.

      NVD's search will reference the STIGs and then link to the .mil location. For us civilian types the NVD site is the gateway.

      --
      Learning HOW to think is more important than learning WHAT to think.
    3. Re:Baseline and STIG hosting by lxs · · Score: 3, Funny

      Damn it. Top Gear will never be the same.

    4. Re:Baseline and STIG hosting by zAPPzAPP · · Score: 1

      I can't post either.

  3. Trust me. I'm from the government. by IT.luddite · · Score: 3, Funny

    I'm here to help.

  4. Oh sweet... by Anathem · · Score: 2

    ...IRONY

    1. Re:Oh sweet... by ciderbrew · · Score: 1

      none of the things in the song were ironic.

    2. Re:Oh sweet... by isopropanol · · Score: 2

      ...ironically...

    3. Re:Oh sweet... by Anonymous Coward · · Score: 1

      But if we get the jokes out then the only way to express thoughts is to say it directly: this is a BS agency created to launder our tax money, while Indirectly subsidizing Microsoft (all gov agencies in US do).... but everyone already knew this. Can we go back to jokes now please?

  5. Re:Trust me. I'm from the government. by Anonymous Coward · · Score: 2, Insightful

    I need a +1fear

  6. Pay attention, Alanis... by Chris+Mattern · · Score: 2

    ...THIS is ironic!

    1. Re:Pay attention, Alanis... by Stormthirst · · Score: 1

      You need to admit that the song does not have a single instance of actual irony in it.

      I always figured that was why it was called Ironic. A song about irony, that didn't have any irony in it.

  7. Not possible by Kimomaru · · Score: 1

    Guys, don't you remember the Five 9s Microsoft marketing?! Yeah, that's what I thought. How quickly we forget how the real world works, this stuff just don't happen on Windows servers. Not possible.

    I guess when Microsoft was screaming about Five 9s, they were referring to how often their platform would be down, not up.

  8. We Apologise by A10Mechanic · · Score: 1

    We apologise for the fault in the database. Those responsible have been sacked.

    1. Re:We Apologise by Sparticus789 · · Score: 1

      Government employees cannot get fired for incompetence, only promoted to reduce the risk of a technical mistake being made.

      --
      sudo make me a sandwich
  9. Re:Yup. by Luthair · · Score: 1

    I would say its more likely that the interim page explaining that NVD is currently unavailable is hosted on a different system. Perhaps we ought to wait until the site comes back online before chortling?

  10. That profile pic is awesome. by cshark · · Score: 1

    Really cool stuff. Wish I would have thought of it. Superimposing code on top of a picture of himself. Great stuff. Screams uber hacker. I don't even need to read the article to know that anyone with mad photoshop skills like that must know what he's doing.

    --

    This signature has Super Cow Powers

  11. DERP by SpaceManFlip · · Score: 1

    They should just own up to the failure, and post an interim placeholder webpage with about a 50-point font print of the word "DERP"

  12. we live in interesting times by 8086 · · Score: 2

    Apart from the great irony of this incident, it is also a sign of things to come in cyber security and the computer industry in general. It seems we're at a point of time when you don't have to be stupid and/or high-visibility in order to get hacked, most contemporary software is ill-equipped to deal with the rising security threat, and even security service providers cannot be fully trusted. Hopefully this translates to more employment for us geeks and opportunities to build all the security features and plug up all the holes like we always wanted to but couldn't spare the time for.

  13. Re:Yup. by cheater512 · · Score: 2

    Nope it is still funny. They couldn't put up a clean IIS install for the website down message in case it got infected as well.
    Naturally they went for Apache.