Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Vulnerability Database Yanked Over Malware Infestation

Posted by timothy on from the hate-it-when-that-happens dept.

hypnosec writes "The US government's National Vulnerability Database (NVD) maintained by National Institute of Standards and Technology (NIST) has been offline for a few days because of malware infestation. The public-facing site has been taken offline because traces of malware were found on two of the web servers that house it. A post on Google+ containing an email from Gail Porter details the discovery of suspicious activity and subsequent steps taken by NIST. As of this writing the NVD website is still serving a page not found message."

12 of 52 comments (clear)

  1. Baseline and STIG hosting by chill · · Score: 3, Interesting

    For the unenlightened, the NVD is where the official NIST computer configuration baselines and DISA STIGs are hosted. For example, the USGCB (formerly FDCC) is also down.

    --
    Learning HOW to think is more important than learning WHAT to think.
    1. Re:Baseline and STIG hosting by bcong · · Score: 4, Informative

      Sorry, but no. The DISA STIGs are hosted here: http://iase.disa.mil/stigs/index.html

    2. Re:Baseline and STIG hosting by chill · · Score: 3, Informative

      Yes, sorry, I phrased that wrong.

      NVD's search will reference the STIGs and then link to the .mil location. For us civilian types the NVD site is the gateway.

      --
      Learning HOW to think is more important than learning WHAT to think.
    3. Re:Baseline and STIG hosting by lxs · · Score: 3, Funny

      Damn it. Top Gear will never be the same.

  2. Re:I see the problem by Anonymous Coward · · Score: 4, Funny

    Way to sell yourself you arrogant prick. If you hire me, I'll help you with your image and this will never happen again.

  3. Trust me. I'm from the government. by IT.luddite · · Score: 3, Funny

    I'm here to help.

  4. Oh sweet... by Anathem · · Score: 2

    ...IRONY

    1. Re:Oh sweet... by isopropanol · · Score: 2

      ...ironically...

  5. Re:Trust me. I'm from the government. by Anonymous Coward · · Score: 2, Insightful

    I need a +1fear

  6. Pay attention, Alanis... by Chris+Mattern · · Score: 2

    ...THIS is ironic!

  7. we live in interesting times by 8086 · · Score: 2

    Apart from the great irony of this incident, it is also a sign of things to come in cyber security and the computer industry in general. It seems we're at a point of time when you don't have to be stupid and/or high-visibility in order to get hacked, most contemporary software is ill-equipped to deal with the rising security threat, and even security service providers cannot be fully trusted. Hopefully this translates to more employment for us geeks and opportunities to build all the security features and plug up all the holes like we always wanted to but couldn't spare the time for.

  8. Re:Yup. by cheater512 · · Score: 2

    Nope it is still funny. They couldn't put up a clean IIS install for the website down message in case it got infected as well.
    Naturally they went for Apache.