(Shutterstock/ Kutlayev Dmitry)

U.S. database on cyber-vulnerabilities is hacked

Ironically, the government site that catalogs vulnerability to malware is brought down by malware


Natasha Lennard
March 14, 2013 10:06PM (UTC)

A government database on computer vulnerability has a vulnerability problem of its own. According to reports Thursday, the National Vulnerability Database website -- which includes databases of security checklists and security-related software flaws -- was among sites taken down for two weeks after malware was discovered on their servers.

A number of other sites also belonging to the National Institute of Standards and Technology were also affected. The government agency released the following statement:

Advertisement:

NIST began investigating the cause of the unusual activity and the servers were taken offline. Malware was discovered on two NIST Web servers and was then traced to a software vulnerability.

NIST was unsurprisingly pretty good at detecting the issue fast. As IT World noted, its National Vulnerability Database "is a comprehensive repository of information that allows computers to conduct automated searches for the latest known vulnerabilities in hardware or software computing products ...  The goal of the NVD is to help organizations and individuals better protect their computers against security threats."

According to IT world, the irony of the hack has not been lost on security professionals:

Security professional Kim Halavakoski found the database was down when he went to the website to get some vulnerability information, he said in a Google+ post late Wednesday.

"Hacking the NVD and planting malware on the very place where we get our vulnerability information, that is just pure evil!" he wrote.


Natasha Lennard

Natasha Lennard is an assistant news editor at Salon, covering non-electoral politics, general news and rabble-rousing. Follow her on Twitter @natashalennard, email nlennard@salon.com.

MORE FROM Natasha LennardFOLLOW natashalennardLIKE Natasha Lennard

Related Topics ------------------------------------------

Cyber-attack Hacking Malware National Institute Of Standards And Technology

BROWSE SALON.COM
COMPLETELY AD FREE,
FOR THE NEXT HOUR

Read Now, Pay Later - no upfront
registration for 1-Hour Access

Click Here
7-Day Access and Monthly
Subscriptions also available
No tracking or personal data collection
beyond name and email address

•••






Fearless journalism
in your inbox every day

Sign up for our free newsletter

• • •