Secure Root Vulnerability Assesment Report
Date: Wednesday, October 29 @ 08:52:45 CST
Topic:


There is a news confirming the public availability of the announced
vulnerability assesment report by the No
Secure Root Group Security Research .
The report tells the form that a member of the group ( Lorenzo Hernandez
Garcia-Hierro ) used for
compromise the NASA websites using discovered vulnerabilities by
Lorenzo,Lorenzo could accesss
the administration system of NASA websites and then he made a complete
report about it , he was
communicating with NASA staff for solve the security problems that could be
used to compromise
the enterity of the system by sql injections , xss attacks and access to
administrative sections that were
not protected against remote access.
John R. Ray Mgr. of the NASA Competency Center ( Information Technology
Security ) contacted
Lorenzo and hi provided inmediately an access code to a secured part of
NSRG-Security servers netowork
for read the report and patch the systems.
Now the systems are patched and the NSRG-Security made public the report
about the important security holes
found.
Under a restrictive disclaimer it is available at:

Report / Advisory :
http://advisories.nsrg-security.com/Nasa.gov-MV/
Log with NASA communications made between Lorenzo and NASA staff:
http://advisories.nsrg-security.com/Nasa.gov-MV/mail-log.txt
Screen Shots related:
http://advisories.nsrg-security.com/Nasa.gov-MV/screenshots/

The question is , are the websites secured against the next generation of
attacks ?
A new way to compromise systems have been opened, is it the future of the
next generation of hackers ?








This article comes from Network Security and ISO 27001 / 17799 News
http://www.packetdefense.com

The URL for this story is:
http://www.packetdefense.com/modules.php?name=News&file=article&sid=7