NASA Computer Systems Vulnerable to Web-Based Assaults
In a freshly-released paper, the Inspector General of NASA cautions that the computer systems' network that NASA operates for regulating the Hubble Telescope and International Space Station has security flaws, which are un-patched, while having the potential for causing phishing attacks. InformationWeek published this on March 30, 2011.
Elucidates the paper that the web-servers responsible for a total of 6 projects, which were examined, weren't properly configured; consequently, sensitive information, including encrypted passwords, encryption keys as well as user-account details got leaked for the benefit of would-be attackers.
Worryingly, the attackers could utilize the data to execute phishing alternatively dispatch electronic mails carrying malware to the Agency officers' e-mail accounts. If those receiving the e-mails opened them, it meant a compromise of their PCs along with all sensitive information stored on them.
Albeit by encrypting passwords, the actual passwords don't get revealed, yet through the "bruteforce" technique, attackers can decipher them all. This way, once certain attacker manages to uncover the password, he'll know how to evade the login procedure and actually access the associated secured website to get his hands on the widely-placed mission network of NASA.
States the paper, in this assault, the danger is real. During 2009 alone, computer invaders seized 22GB of data that was restricted from export from the systems of NASA Jet Propulsion Laboratory enabling them to establish innumerable illegitimate links with the network while maneuvering maliciously from distant Estonia, Saudi Arabia and China.
Moreover, during the audit, an evaluation was done to determine if NASA sufficiently secured its IT systems against Web-oriented assaults through the routine evaluation of risks as well as detection and countering of security flaws.
Stated the paper, until NASA dealt with the above critical shortfalls as also enhanced its Information Technology safety exercises there could be security breaches on its computers resulting in serious to disastrous impact on Agency personnel, operations and assets. EWeek reported this on March 30, 2011.
In the meantime, for keeping NASA's systems secured from phishing assaults, the paper suggests the Agency to locate Internet-accessible PCs that are part of its mission 'network of PCs' while act to lessen detected dangers.
Related article: NZ Researcher Uncovers Hacking Techniques Against Vista
» SPAMfighter News - 09-04-2011