Secure Root Vulnerability Assesment Report
Date: Wednesday, October 29 @ 08:52:45 CST
There is a news confirming the public availability of the announced
vulnerability assesment report by the No
Secure Root Group Security Research .
The report tells the form that a member of the group ( Lorenzo Hernandez
Garcia-Hierro ) used for
compromise the NASA websites using discovered vulnerabilities by
Lorenzo,Lorenzo could accesss
the administration system of NASA websites and then he made a complete
report about it , he was
communicating with NASA staff for solve the security problems that could be
used to compromise
the enterity of the system by sql injections , xss attacks and access to
administrative sections that were
not protected against remote access.
John R. Ray Mgr. of the NASA Competency Center ( Information Technology
Security ) contacted
Lorenzo and hi provided inmediately an access code to a secured part of
NSRG-Security servers netowork
for read the report and patch the systems.
Now the systems are patched and the NSRG-Security made public the report
about the important security holes
Under a restrictive disclaimer it is available at:
Report / Advisory :
Log with NASA communications made between Lorenzo and NASA staff:
Screen Shots related:
The question is , are the websites secured against the next generation of
A new way to compromise systems have been opened, is it the future of the
next generation of hackers ?