BreachExchange mailing list archives
They've only gone and HACKED the WEATHER
From: security curmudgeon <jericho () attrition org>
Date: Mon, 22 Oct 2012 01:43:00 -0500 (CDT)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://www.theregister.co.uk/2012/10/19/us_weather_service_hack/ By John Leyden The Register 19th October 2012 Hackers have lifted potentially sensitive data from the US National Weather Service after exploiting a vulnerability in the weather.gov website. A previously-unknown group called Kosova Hacker's Security claimed credit for the hack in a lengthy post on pastebin, containing a stream of data lifted as a result of the hack. Leaked data includes a list of partial login credentials, something that might give other hacking crews a head start in attacking the website, as well as numerous system and network configuration files. The leaked information appears to consist only of system files and the like rather than scientific data, something that strongly distinguishes the breach from the so-called ClimateGate hack against the Climatic Research Unit (CRU) at the University of East Anglia back in November 2009. The hacking crew said it took advantage of "local file inclusion vulnerability" that allowed it to ransack the weather.gov servers. Kosova Hacker's Security said the hack was carried out in retaliation for American aggression against Muslim nations, including the Flame and Stuxnet malware attacks against the Iran nuclear program. [...] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- They've only gone and HACKED the WEATHER security curmudgeon (Oct 22)