owner

Breaches  - 
 
http://nvd.nist.gov/ hacked. Site down since March 8...

I was trying to get some vulnerability information from nvd.nist.gov and just got a "Page not available" page. So I mailed them and asked what is going on, why can't I access the page...here is the response. Very interesting. 
Hacking the NVD and planting malware on the very place where we get our vulnerability information, that is just pure evil!

I did some quick googling for this and it doesn't seem like this has been widely acknowledged yet...but for you guys in the security space it might be worth knowing!


From: "Porter, Gail" <gail.porter@nist.gov>
Date: 14 mars 2013 00:04:55 EET
To: "Kim.Halavakoski@xxx.xx"<Kim.Halavakoski@xxxx.xx>
Subject: FW: nvd.nist.gov not reachable?

Thanks for your inquiry to the NIST Director's Office webmaster.  Below is a brief statement describing the issues we're experiencing with the National Vulnerability Database.  We do not know yet exactly when the database will be back online but we are working as quickly as we can to get the Web site back in service.    

The National Vulnerability Database public-facing Web site and several other NIST-hosted Web sites are currently unavailable due to discovery of malware on two NIST Web servers.  

On Friday March 8, a NIST firewall detected suspicious activity and took steps to block unusual traffic from reaching the Internet.  NIST began investigating the cause of the unusual activity and the servers were taken offline. Malware was discovered on two NIST Web servers and was then traced to a software vulnerability.  

Currently there is no evidence that NVD or any other NIST public pages contained or were used to deliver malware to users of these NIST Web sites.

NIST continually works to maintain the integrity of its IT infrastructure and acts to limit the impact of malware on its systems. We regret the impact this has had on our services.

NIST is continuing to respond to the incident and will restore these public-facing servers as quickly as possible.  

Sincerely, 

Gail Porter
NIST Public Inquiries Office
National Institute of Standards and Technology
(301) 975-3392
Gail.porter@nist.gov
25
27
Marek Antoži's profile photoMatthew Hannigan's profile photoMarsh Gosnell's profile photoMatthew Saeed's profile photo
23 comments
 
Whoa! This thing kinda exploded all over the web! :) What started as a pretty normal Thursday turned out pretty interesting looking at it now...
Add a comment...