US NIST's vulnerability database hacked

The agency says it pulled down two Web servers when malware was discovered

A U.S. government computer vulnerability database and several other websites at the National Institute of Standards and Technology have been down for nearly a week after workers there found malware on two Web servers.

NIST's National Vulnerability Database (NVD) website, which includes databases of security checklists, security-related software flaws and misconfigurations, is one of the sites affected, a NIST spokeswoman said in an email.

Last Friday, a NIST firewall "detected suspicious activity and took steps to block unusual traffic from reaching the Internet," said spokeswoman Gail Porter. "NIST began investigating the cause of the unusual activity and the servers were taken offline."

The National Vulnerability Database is a comprehensive repository of information that allows computers to conduct automated searches for the latest known vulnerabilities in hardware or software computing products, Porter said. The goal of the NVD is to help organizations and individuals better protect their computers against security threats.

Many government agencies and private businesses use the database, she said.

NIST traced the malware on two servers to a software vulnerability, she said.

The agency does not see any evidence that the NIST websites "were used to deliver malware to users of these NIST Web sites," Porter added.

NIST will restore the servers as soon as possible, she added.

Security professional Kim Halavakoski found the database was down when he went to the website to get some vulnerability information, he said in a Google+ post late Wednesday.

"Hacking the NVD and planting malware on the very place where we get our vulnerability information, that is just pure evil!" he wrote.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags intrusionGovernment use of ITGail PorterKim HalavakoskisecuritygovernmentExploits / vulnerabilitiesU.S. National Institute of Standards and Technology

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?