Hackers have treated NASA nobly
As a rule, when it becomes known about the fact of exploitation of any vulnerability on the site by the hackers, the publication of “merged” materials almost always follows. Many people remember a series of attacks by anonymous hackers on the sites of a number of serious organizations and, as a result, the publication of private data of employees or clients (as happened with StratFor or with visitors to neo-Nazi sites, although in this case it is possible to argue). As a recent example of this statement, we can point to a serious incident with the security of the United Nations website, when a certain group of hackers, calling themselves Casi, posted on the PasteBin a record with the Blind SQL-injection logs on www.un.org and carefully packed the stolen data into the archive which all curious people could download in a few days.
Nevertheless, there are hackers who justify the name in its original, non-computer crime sense.
Members of TeamHav0k r00tw0rm and inj3ct0r group, having performed a SQL injection on one of the NASA domains, were able to receive more than 6 GB of various private information (logins, passwords, email addresses), and the public was informed about this by publishing a PasteBin post with some part of the stolen data. At the same time, the motive described by hacktivists in the accompanying text is curious: they claim that the completely compromised data will not be published by them, and the NASA management should be more attentive to the security of their servers, and as evidence of the deplorable state of their safe state and their serving team (the hacker’s advice what should be done with it, frankly, is not printed), the partially “merged” base should serve.
It is noteworthy that such a high-tech organization like NASA is not the first time exposed to incidents with the security of its data. More recently , XSS vulnerabilities have been discovered on a number of domains lance.nasa.gov, gaia.esa.int, earth.eo.esa.int, xmm.vilspa.esa.es and earthdata.nasa.gov , but, nevertheless, NASA management, judging by the speed of reaction, is not too concerned about potential security breaches of their web resources.
Nevertheless, there are hackers who justify the name in its original, non-computer crime sense.
Members of TeamHav0k r00tw0rm and inj3ct0r group, having performed a SQL injection on one of the NASA domains, were able to receive more than 6 GB of various private information (logins, passwords, email addresses), and the public was informed about this by publishing a PasteBin post with some part of the stolen data. At the same time, the motive described by hacktivists in the accompanying text is curious: they claim that the completely compromised data will not be published by them, and the NASA management should be more attentive to the security of their servers, and as evidence of the deplorable state of their safe state and their serving team (the hacker’s advice what should be done with it, frankly, is not printed), the partially “merged” base should serve.
It is noteworthy that such a high-tech organization like NASA is not the first time exposed to incidents with the security of its data. More recently , XSS vulnerabilities have been discovered on a number of domains lance.nasa.gov, gaia.esa.int, earth.eo.esa.int, xmm.vilspa.esa.es and earthdata.nasa.gov , but, nevertheless, NASA management, judging by the speed of reaction, is not too concerned about potential security breaches of their web resources.
')
Source: https://habr.com/ru/post/138175/
All Articles