NASA: Not Amazingly Secure Afterall

NASA neglected to secure some key systems:

The audit uncovered other servers that exposed encryption keys, encrypted passwords and user-account information, all of which would allow attackers to gain unauthorized network access. The information could have been used to target personnel with phishing attacks and or emails containing malware.

The audit was focused on only mission-critical systems and did not assess the broader agency-wide network or systems that weren’t connect to the Internet.

One server was found to be vulnerable to FTP-bounce attacks, according to the report. Attackers exploit the FTP protocol in a man-in-the-middle-style attack to request access to a network port. This technique can be used to port scan hosts or access specific ports not directly accessible.

via: NASA Failure to Secure Computer Systems Endangers Space Missions: Audit

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s