tag:blogger.com,1999:blog-9222823941653971224.post5925540345860874473..comments2024-03-28T04:24:14.785-07:00Comments on Technicalinfo.net Blog: Couple of NASA.Gov Sites HackedGunter Ollmannhttp://www.blogger.com/profile/00872922499284887206noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-9222823941653971224.post-40487097932794708972010-04-20T22:27:14.080-07:002010-04-20T22:27:14.080-07:00Gunter,
Thanks for sharing such a nice information...Gunter,<br />Thanks for sharing such a nice information, yes even i too agree that NASA needs to get these sites secure as soon as possible.insecurity is growing briskly whilst advanced technology and networks. Hackers are more comprehensive, so there is a need of CEH(Certified Ethical Hacker) for more information on CEH check this link http://www.eccouncil.org/certification/certified_ethical_hacker.aspxSmithhttps://www.blogger.com/profile/04178379802038260500noreply@blogger.comtag:blogger.com,1999:blog-9222823941653971224.post-30613927987764738372009-12-13T04:54:06.075-08:002009-12-13T04:54:06.075-08:00It looks that Romanian hacker hasn`t stop there.
...It looks that Romanian hacker hasn`t stop there.<br /><br /> http://tinkode.baywords.com/index.php/2009/12/nasa-vulnerable-to-mssql-injection/ - > Nasa vulnerable to MSSQL Injection<br /><br />http://tinkode.baywords.com/index.php/2009/12/kaspersky-thailand-full-access/ -> Kaspersky hacked againAnDrEwBoY[]https://www.blogger.com/profile/02782130032321566280noreply@blogger.comtag:blogger.com,1999:blog-9222823941653971224.post-37722264526337920702009-12-08T17:33:27.803-08:002009-12-08T17:33:27.803-08:00While it is dificult to establish the precise date...While it is dificult to establish the precise date of the pics, I believe it is reasonable to at least rule out that they are related to any "hack over the weekend" that the Register article refers to.<br /><br />I do now concur that it is likely to be more recent than I stated originally in the DSLR thread. <br /><br />MGDUnknownhttps://www.blogger.com/profile/05861294582929311152noreply@blogger.comtag:blogger.com,1999:blog-9222823941653971224.post-78549635465463540152009-12-08T17:13:55.573-08:002009-12-08T17:13:55.573-08:00I think that time frame maybe closer. Subsequent t...I think that time frame maybe closer. Subsequent translations of the IRC logs show another person asked:<br /><br />quote:<br />[12:38] (Flb09b) muieflooderu you're somehow friends ala c0de.breaker hacker who cracked TinKode aka NASA and posted here? http://www.hackersblog.org/2009/10/11/live-demonstration-of-an-sql-injection-attack-nasa-gov-subdomain/<br />end quote<br /><br />That link was to a Posting on October 11th, 2009 and was credited to c0de.breaker. That post included a video of the exploit, and also had the same links to the images. That would date the images to at least prior to 10/11/2009. <br /><br />MGDUnknownhttps://www.blogger.com/profile/05861294582929311152noreply@blogger.comtag:blogger.com,1999:blog-9222823941653971224.post-19191785139246204302009-12-08T16:04:05.681-08:002009-12-08T16:04:05.681-08:00Interesting. I was informed by someone working wit...Interesting. I was informed by someone working with NASA that these particular sites (and the others hosted on the same system) were fixed more recently than whats been discussed in the dslreports thread.<br /><br />At a stab, perhaps the original hacks were more around the time of c0de.breaker's other NASA hacks - which he's now reporting on his site - <a href="http://tinkode.baywords.com/index.php/2009/12/nasa-full-dislocure-again/" rel="nofollow">http://tinkode.baywords.com/index.php/2009/12/nasa-full-dislocure-again/ </a>which are timestamped 2009-10-26.Gunter Ollmannhttps://www.blogger.com/profile/00872922499284887206noreply@blogger.comtag:blogger.com,1999:blog-9222823941653971224.post-11787573273235758172009-12-08T10:48:31.822-08:002009-12-08T10:48:31.822-08:00Gunter,
I believe that the posted pics may be fro...Gunter,<br /><br />I believe that the posted pics may be from several years ago are not indicative of an NASA SQL exploit that accorred this past weekend. See this thread http://www.dslreports.com/forum/r23453712-Hacker-Scalps-NASARun-Websites which shows that the identical pics were posted by a Romanian cyber criminal back around November 19th. I believe that media reports of an exploit event this past weekend citing those pics are incorrect.<br /><br />MGDUnknownhttps://www.blogger.com/profile/05861294582929311152noreply@blogger.comtag:blogger.com,1999:blog-9222823941653971224.post-1096501654849320092009-12-08T03:38:05.661-08:002009-12-08T03:38:05.661-08:00I think there should be a well publicised way of r...I think there should be a well publicised way of reporting vulnerabilities which still credit the white hat hackers IF they do it with the intention to show the vulnerability with no intention to harm the system/data.<br /><br />Pointing out that someone did a bad job with a security (esp. if we talking about companies founded by tax payers) is a good thing. <br /><br />Also by crediting those white hats for doing so with no harm done to the system would draw them away from the path which leads to criminal actions.<br /><br />I know that there is such thing as etical hacking and security companies do it for money but I still value this guy/gal as he/she may prevented NASA from something much worse. I love the work NASA does and I don't want anyone destroying there anything e.g. by not doing a proper job setting up the security.<br /><br />(of course I didn't do it, thats why I'm leaving the comment under my google account instead of anonymous) :)ScoutKnifezhttps://www.blogger.com/profile/12346595513572246692noreply@blogger.com