Establishing Digital Trust: Don't Sacrifice Security for Convenience
Hackers recently stole data from the U.S. National Weather Service by exploiting a security flaw in the weather.gov Web site.
"A previously-unknown group called Kosova Hacker's Security claimed credit for the hack in a lengthy post on Pastebin, containing a stream of data lifted as a result of the hack," writes The Register's John Leyden.
"Data released by the Kosovo Hackers Security group includes directory structures, sensitive files of the Web server and other data that could enable later access, according to Chrysostomos Daniel of the security firm Acunetix," AFP reports. "'The hacker group stated that the attack is a protest against the US policies that target Muslim countries,' Daniel said. 'Moreover, the attack was a payback for hacker attacks against nuclear plants in Muslim countries, according to a member of the hacking group who said, 'They hack our nuclear plants using STUXNET and FLAME-like malwares, they are bombing us 27*7, we can’t sit silent -- hack to payback them.'"
"The group exploited a local file inclusion vulnerability on the weather.gov servers, according to information in the Pastebin document, which said the attack was in retaliation for American aggression against Muslim nations, including cyber attacks. ... The local file inclusion vulnerability was patched and the weather.gov site remained up Thursday," writes Sophos' Paul Roberts. "However, at least one other vulnerability, a cross site scripting hole, was subsequently identified on the site."