A government database on computer vulnerability has a vulnerability problem of its own. According to reports Thursday, the National Vulnerability Database website — which includes databases of security checklists and security-related software flaws — was among sites taken down for two weeks after malware was discovered on their servers.
A number of other sites also belonging to the National Institute of Standards and Technology were also affected. The government agency released the following statement:
NIST began investigating the cause of the unusual activity and the servers were taken offline. Malware was discovered on two NIST Web servers and was then traced to a software vulnerability.
NIST was unsurprisingly pretty good at detecting the issue fast. As IT World noted, its National Vulnerability Database “is a comprehensive repository of information that allows computers to conduct automated searches for the latest known vulnerabilities in hardware or software computing products … The goal of the NVD is to help organizations and individuals better protect their computers against security threats.”
According to IT world, the irony of the hack has not been lost on security professionals:
Security professional Kim Halavakoski found the database was down when he went to the website to get some vulnerability information, he said in a Google+ post late Wednesday.
“Hacking the NVD and planting malware on the very place where we get our vulnerability information, that is just pure evil!” he wrote.