US national vulnerability database hacked

Up until March 7, the nvd.nist.gov site was running on Windows Server 2008 and IIS 7.5
Click to expand...
I suppose they don't have the budget to hire a real sysadmin and had to make-do with an off-the-shelf ${insert_stereotype_you_want_to_insult] graduate.

Of course, if you spend all your cash on banks, big oil and the ]defense department, it's normal to skimp on decent IT administration. Then, you can just sit back and blame the Chinese hackers - like blaming your neighbors for not watching your house when you went on vacation but left your doors and "windows" open.
 
This story is just so rich in irony ... beyond the minimum adult daily requirement. Saddest thing about it is I spent better than 15 years in antimalware research, threw up my hands, went BSD, and life is good.

Windows 8 ... it's just so GSA. :)

qyoi.png
 
KNOStic said:
This story is just so rich in irony ... beyond the minimum adult daily requirement. Saddest thing about it is I spent better than 15 years in antimalware research, threw up my hands, went BSD, and life is good.

Windows 8 ... it's just so GSA. :)

qyoi.png
Click to expand...

Maybe I'll deposit that on flibble's property, since no one else wants it. :)
 
kpedersen said:
Lol, you might have to throw it pretty hard for it to get through all the Vaxxen you deposited earlier.
Click to expand...

Not. Necessarily.
MFA6FbL.png
 
KNOStic said:
Up until March 7, the nvd.nist.gov site was running on Windows Server 2008 and IIS 7.5, but after the breach, starting on March 9, it has been running on Linux and Apache. Hmmm. :)
Click to expand...
If they keep it up to date the same way they did with their windows machines they're going to have a big surprise one day.

But as far as I know they got hacked using an SQL injection bug. Same thing will happen on a LAMP. Bugs like that have absolutely nothing to do with the OS or the webserver.
 
they got hacked using an SQL injection bug. Same thing will happen on a LAMP.
Click to expand...
And that is why we have and use jails. While jails won't necessarily prevent SQL injection attacks, they will prevent escalation of the privileges gained through the injection.
 
Beeblebrox said:
And that is why we have and use jails. While jails won't necessarily prevent SQL injection attacks, they will prevent escalation of the privileges gained through the injection.
Click to expand...

True. But they'll get local access only anyway, usually on the www or nobody account. They would need a local root exploit to gain more privileges. That said, it's quite an eye opener if you look at what you can do with those "limited" accounts. It's enough to turn the box into a spamming or DDoS zombie :O
 
Block outgoing connections completely on a jail except for few essentials like DNS and even then allow the connections only to the jail host, not to any address.
 
kpa said:
Block outgoing connections completely on a jail except for few essentials like DNS and even then allow the connections only to the jail host, not to any address.
Click to expand...

Security is not about making a totally unusable environment ... it's about adding layers of measures to mitigate the damage that can be done; so a proper countermeasure can be taken in the event of a intrusion.

Regards.
 
vertexSymphony said:
Security is not about making a totally unusable environment ... it's about adding layers of measures to mitigate the damage that can be done; so a proper countermeasure can be taken in the event of a intrusion.

Regards.
Click to expand...

But if the jail is only for hosting services that accept connections from the outside you can disable most of the outgoing traffic without rendering the jail unusable.
 
You must log in or register to reply here.
Back
Top