US Vulnerability Database Yanked Over Malware Infestation 52

Posted by timothy on Thursday March 14, 2013 @07:46AM from the hate-it-when-that-happens dept.

hypnosec writes "The US government's National Vulnerability Database (NVD) maintained by National Institute of Standards and Technology (NIST) has been offline for a few days because of malware infestation. The public-facing site has been taken offline because traces of malware were found on two of the web servers that house it. A post on Google+ containing an email from Gail Porter details the discovery of suspicious activity and subsequent steps taken by NIST. As of this writing the NVD website is still serving a page not found message."

US Vulnerability Database Yanked Over Malware Infestation

This discussion has been archived. No new comments can be posted.

Load All Comments

Search 52 Comments Log In/Create an Account

Comments Filter:

- Re: (Score:2)
  
  by Luthair ( 847766 ) writes:
  
  I would say its more likely that the interim page explaining that NVD is currently unavailable is hosted on a different system. Perhaps we ought to wait until the site comes back online before chortling?
  - Re: (Score:3)
    
    by cheater512 ( 783349 ) writes:
    
    Nope it is still funny. They couldn't put up a clean IIS install for the website down message in case it got infected as well.
    Naturally they went for Apache.
I see the problem (Score:1)

by jaygatsby27 ( 894445 ) writes:

If those bastards would hire me , this wouldn't happen.
- Re:I see the problem (Score:4, Funny)
  
  by Anonymous Coward writes: on Thursday March 14, 2013 @08:05AM (#43170047)
  
  Way to sell yourself you arrogant prick. If you hire me, I'll help you with your image and this will never happen again.
  
- Re: (Score:2)
  
  by gl4ss ( 559668 ) writes:
  
  why? you'd fax the db updates to people manually?
Baseline and STIG hosting (Score:4, Interesting)

by chill ( 34294 ) writes: on Thursday March 14, 2013 @07:57AM (#43169975) Journal

For the unenlightened, the NVD is where the official NIST computer configuration baselines and DISA STIGs are hosted. For example, the USGCB (formerly FDCC) is also down.

- Re:Baseline and STIG hosting (Score:5, Informative)
  
  by bcong ( 1125705 ) writes: on Thursday March 14, 2013 @08:00AM (#43169997)
  
  Sorry, but no. The DISA STIGs are hosted here: http://iase.disa.mil/stigs/index.html [disa.mil]
  
  - Re:Baseline and STIG hosting (Score:4, Informative)
    
    by chill ( 34294 ) writes: on Thursday March 14, 2013 @08:10AM (#43170107) Journal
    
    Yes, sorry, I phrased that wrong.
    NVD's search will reference the STIGs and then link to the .mil location. For us civilian types the NVD site is the gateway.
    
  - - Re: (Score:2)
      
      by zAPPzAPP ( 1207370 ) writes:
      
      I can't post either.
- Re:Baseline and STIG hosting (Score:4, Funny)
  
  by lxs ( 131946 ) writes: on Thursday March 14, 2013 @08:23AM (#43170215)
  
  Damn it. Top Gear will never be the same.
  
Trust me. I'm from the government. (Score:3, Funny)

by IT.luddite ( 1633703 ) writes: on Thursday March 14, 2013 @08:07AM (#43170079)

I'm here to help.

- Re: (Score:2, Insightful)
  
  by Anonymous Coward writes:
  
  I need a +1fear
Oh sweet... (Score:2)

by Anathem ( 1983388 ) writes:

...IRONY
- - Re: (Score:2)
    
    by ciderbrew ( 1860166 ) writes:
    
    none of the things in the song were ironic.
    - Re: (Score:3)
      
      by isopropanol ( 1936936 ) writes:
      
      ...ironically...
  - Re: (Score:1)
    
    by Anonymous Coward writes:
    
    But if we get the jokes out then the only way to express thoughts is to say it directly: this is a BS agency created to launder our tax money, while Indirectly subsidizing Microsoft (all gov agencies in US do).... but everyone already knew this. Can we go back to jokes now please?
Pay attention, Alanis... (Score:3)

by Chris Mattern ( 191822 ) writes: on Thursday March 14, 2013 @08:43AM (#43170375)

...THIS is ironic!

- - - Re: (Score:2)
      
      by Stormthirst ( 66538 ) writes:
      
      You need to admit that the song does not have a single instance of actual irony in it.
      I always figured that was why it was called Ironic. A song about irony, that didn't have any irony in it.
Not possible (Score:1)

by Kimomaru ( 2579489 ) writes:

Guys, don't you remember the Five 9s Microsoft marketing?! Yeah, that's what I thought. How quickly we forget how the real world works, this stuff just don't happen on Windows servers. Not possible.

I guess when Microsoft was screaming about Five 9s, they were referring to how often their platform would be down, not up.
We Apologise (Score:2)

by A10Mechanic ( 1056868 ) writes:

We apologise for the fault in the database. Those responsible have been sacked.
- Re: (Score:2)
  
  by Sparticus789 ( 2625955 ) writes:
  
  Government employees cannot get fired for incompetence, only promoted to reduce the risk of a technical mistake being made.
That profile pic is awesome. (Score:2)

by cshark ( 673578 ) writes:

Really cool stuff. Wish I would have thought of it. Superimposing code on top of a picture of himself. Great stuff. Screams uber hacker. I don't even need to read the article to know that anyone with mad photoshop skills like that must know what he's doing.
DERP (Score:1)

by SpaceManFlip ( 2720507 ) writes:

They should just own up to the failure, and post an interim placeholder webpage with about a 50-point font print of the word "DERP"
we live in interesting times (Score:2)

by 8086 ( 705094 ) writes:

Apart from the great irony of this incident, it is also a sign of things to come in cyber security and the computer industry in general. It seems we're at a point of time when you don't have to be stupid and/or high-visibility in order to get hacked, most contemporary software is ill-equipped to deal with the rising security threat, and even security service providers cannot be fully trusted. Hopefully this translates to more employment for us geeks and opportunities to build all the security features and p

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

US Vulnerability Database Yanked Over Malware Infestation 52

US Vulnerability Database Yanked Over Malware Infestation More Login

US Vulnerability Database Yanked Over Malware Infestation

Re: (Score:2)

Re: (Score:3)

I see the problem (Score:1)

Re:I see the problem (Score:4, Funny)

Re: (Score:2)

Baseline and STIG hosting (Score:4, Interesting)

Re:Baseline and STIG hosting (Score:5, Informative)

Re:Baseline and STIG hosting (Score:4, Informative)

Re: (Score:2)

Re:Baseline and STIG hosting (Score:4, Funny)

Trust me. I'm from the government. (Score:3, Funny)

Re: (Score:2, Insightful)

Oh sweet... (Score:2)

Re: (Score:2)

Re: (Score:3)

Re: (Score:1)

Pay attention, Alanis... (Score:3)

Re: (Score:2)

Not possible (Score:1)

We Apologise (Score:2)

Re: (Score:2)

That profile pic is awesome. (Score:2)

DERP (Score:1)

we live in interesting times (Score:2)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot