Ironically, the government site that catalogs vulnerability to malware is brought down by malware
A
government database on computer vulnerability has a vulnerability
problem of its own. According to reports Thursday, the National
Vulnerability Database website — which includes databases of security
checklists and security-related software flaws — was among sites taken
down for two weeks after malware was discovered on their servers.
A
number of other sites also belonging to the National Institute of
Standards and Technology were also affected. The government agency
released the following statement:
NIST began
investigating the cause of the unusual activity and the servers were
taken offline. Malware was discovered on two NIST Web servers and was
then traced to a software vulnerability.
NIST was unsurprisingly pretty good at detecting the issue fast. As
IT World noted,
its National Vulnerability Database “is a comprehensive repository of
information that allows computers to conduct automated searches for the
latest known vulnerabilities in hardware or software computing products
… The goal of the NVD is to help organizations and individuals better
protect their computers against security threats.”
According to IT world, the irony of the hack has not been lost on security professionals:
Security
professional Kim Halavakoski found the database was down when he went
to the website to get some vulnerability information, he said in a Google+ post late Wednesday.
“Hacking
the NVD and planting malware on the very place where we get our
vulnerability information, that is just pure evil!” he wrote.
No comments:
Post a Comment