News Database Security
U.S. National Vulnerability Database Hacked
The central database of vulnerability and related security information, maintained by NIST, remains down due to malware discovered on the site and traced, ironically, to a software vulnerability
The U.S. National Vulnerability Database (NVD) was taken down by its administrators at the National Institute of Standards and Technology last Friday, March 8.
More Security Insights
- Information Protection: The Impact Of Big Data
- Cloud-based data backup: A buyer's guide - How to choose a third-party provider for development, management of your data backup solution
- Informed CIO: SDN and Server Virtualization on a Collision Course
- InformationWeek 2013 IT Spending Priorities Survey
- The Untapped Potential of Mobile Apps for Commercial Customers
- Using InfoSphere Information Server to Integrate and Manage Big Data
As of this morning, the site shows this message:
Site/Page Not AvailableThe NIST National Vulnerability Database (NVD) has experienced an issue with its Web Services and is currently not available. We are working to restore service as quickly as possible. We will provide updates as soon as new information is available.
Kim Halavakoski, chief security officer at Crosskey Banking Solutions, broke the news on his Google+ page. After trying to retrieve some data from the site and finding it down, Halavakoski contacted the site administrators and received a note explaining the situation. The salient points:
- On Friday, March 8, a NIST firewall detected suspicious activity and took measures to block traffic related to it.
- The servers on which the activity was detected were taken down.
- Malware was discovered on two NIST Web servers.
- The malware was traced to a software vulnerability.
- There is no evidence the NVD itself spread malware.
- NIST has no further information on when the NVD will be back up.
In a subsequent post, Halavakoski noted that Netcraft data shows NIST had been running IIS 7.5 for years, but after the breach, it was listed as running Linux and Apache. Netcraft's "risk rating" for the site is 0/10.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.