NIST Site Search
Search NIST.GOV
Custom Search
[Official NIST.GOV TIME]
Product Research

Advertise on this site
Extreme Islamic Group Takes Government Website Off-Line for Past 2 Weeks
Score one for the extremists. FEB.GOV was hacked and defaced by an Islamic hacker group on August 2nd and has been off-line ever since.No Longer Supported
It is hard to know what to say about this. Lets start with the facts. On August 2nd FEB.GOV was hacked and defaced. FEB.GOV lists at least 20 sites under it for various offices and regions of the Federal Executive Board.

You can view a screen shot of the hacked page at Sunbelt Software's blog. The real FEB.GOV site, and all sites hosted under it, have been down since August 2nd.

This U.S. Government office lists the following mission:
The Federal Executive Boards (FEB’s) were established in 1961 by a Presidential Directive to improve coordination among Federal activities and programs outside Washington. The need for effective coordination among the field activities of Federal departments and agencies was then, and is still, very clear.

They do such things as coordinate the avian flu response, coordinate government agency evacuation and continuity of operation plans, coordinate cross-agency employee training, announce snow and weather related office closures, coordinate emergency crisis and terrorist response, etc. You can find cached copies of their website at Alexa.com and some at Google. Their website may not be critical to national security but it is important never the less. It is also embarrassing to have a Federal government website(s) down for two weeks because because of a hacker attack. Wipe, reload, mitigate for whatever vulnerability was exploited, and get on with it. This was a public facing web server so there should have been no sensitive information there to compromise. Being down for this long leads people to think there is a cover-up and/or great incompetence. Right now we're showing the extremists / hackers that they're winning.

FEB.GOV is hosted by the Office of Personnel Management (OPM). As the old adage goes "the most secure computer is one that isn't connected to any network, is unplugged, and stored in a vault deep under ground". OPM must be taking this literally as the FEB has been off-line for two weeks now!



UPDATE 25 August 2006: The FEB.GOV site is back in operation.

Share or Boookmark this Article Using:
No Longer Supported




Google
WebNIST.org
NIST.govSecurityFocus.com





Posted by NIST.org on Tuesday 15 August 2006 - 20:51:15 | |printer friendly
Translate to: {GOOGLETRANS}
Google Ads




Headlines

»CVE-2015-7360 (fortisandbox_firmware)
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface (WebUI) in Fortinet Fo ...
»CVE-2016-0718 (debian_linux, expat, ubuntu_linux)
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute ar ...
»CVE-2016-0875
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and l ...
»CVE-2016-0876
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext passw ...
»CVE-2016-0877
Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a ...
»CVE-2016-0878
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to cause a denial of servic ...
»CVE-2016-0879
Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log file ...
»CVE-2016-0907
EMC Isilon OneFS 7.1.x anxd 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0.1, and IsilonSD Edge OneFS 8 ...
»CVE-2016-1379
Cisco Adaptive Security Appliance (ASA) Software 9.0 through 9.5.1 mishandles IPsec error processing ...
»CVE-2016-1385 (adaptive_security_appliance_firmware)
The XML parser in Cisco Adaptive Security Appliance (ASA) Software through 9.5.2 allows remote authe ...
»CVE-2016-1404
Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same ...
»CVE-2016-1409
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3. ...
»CVE-2016-1410
Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive informa ...
»CVE-2016-1413
The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authentic ...
»CVE-2016-1999
The server in HP Release Control 9.13, 9.20, and 9.21 allows remote attackers to execute arbitrary c ...


Date published: 2016-05-31T04:50:00Z
Details

»Google Releases Security Update for Chrome
Original release date: May 26, 2016 Google has released Chrome version 51.0.2704.63 to addres ...
»Adobe Releases Security Update for Adobe Connect
Original release date: May 23, 2016 Adobe has released a security update to address a vulnera ...
»VMware Releases Security Updates
Original release date: May 18, 2016 VMware has released security updates to address vulnerabi ...
»Cisco Releases Security Updates
Original release date: May 18, 2016 Cisco has released security updates to address vulnerabil ...
»Symantec Releases Security Update
Original release date: May 16, 2016 Symantec has released Anti-Virus Engine 20151.1.1.4 to ad ...
»Apple Releases Multiple Security Updates
Original release date: May 16, 2016 Apple has released security updates for tvOS, iOS, watchO ...
»Adobe Releases Security Updates for Flash Player
Original release date: May 12, 2016 Adobe has released security updates to address vulnerabil ...
»Google Releases Security Update for Chrome
Original release date: May 11, 2016 Google has released Chrome version 50.0.2661.102 to addre ...
»Adobe Releases Security Updates
Original release date: May 10, 2016 | Last revised: May 11, 2016 Adobe has released security ...
»Microsoft Releases May 2016 Security Bulletin
Original release date: May 10, 2016 Microsoft has released 16 updates to address vulnerabilit ...


Date published: not known
Details

»Virus Bulletin's job site for recruiters and job seekers
Virus Bulletin has relaunched its security job vacancy service and ...
»Throwback Thursday: One_Half: The Lieutenant Commander?
In October 1994, a new multi-partite virus appeared, using some of ...
»Advertisements on Blogspot sites lead to support scam
Support scam pop-ups presented through malicious advertisements sho ...
»To make Tor work better on the web, we need to be honest about it
Many websites put barriers in front of visitors who use the Tor net ...
»Paper: How It Works: Steganography Hides Malware in Image Files
A new paper by CYREN researcher Lordian Mosuela takes a close look ...
»Paying a malware ransom is bad, but telling people to never do it is unhelpful advice
The current ransomware plague is one of the worst threats the Inter ...
»VB2015 paper: VolatilityBot: Malicious Code Extraction Made by and for Security Researchers
In his VB2015 paper, Martin Korman presented his 'VolatilyBot' tool ...
»VB2016 programme announced, registration opened
We have announced 37 papers (and four reserve papers) that will be ...
»New tool helps ransomware victims indentify the malware family
The people behind the MalwareHunterTeam have released a tool that h ...


Date published: not known
Details
Main Menu
· Home
Current Security News
 
US-CERT Current Activity

» Google Releases Security Update for Chrome
[26 May 2016 11:15am]

» Adobe Releases Security Update for Adobe Connect
[23 May 2016 01:44pm]

» VMware Releases Security Updates
[18 May 2016 03:20pm]

» Cisco Releases Security Updates
[18 May 2016 12:30pm]

» Symantec Releases Security Update
[16 May 2016 09:37pm]

» Apple Releases Multiple Security Updates
[16 May 2016 04:32pm]

» Adobe Releases Security Updates for Flash Player
[12 May 2016 11:39am]

» Google Releases Security Update for Chrome
[11 May 2016 03:59pm]

» Adobe Releases Security Updates
[10 May 2016 01:10pm]

» Microsoft Releases May 2016 Security Bulletin
[10 May 2016 01:07pm]

***
US-CERT Alerts

» TA16-144A: WPAD Name Collision Vulnerability
[23 May 2016 05:38am]

» TA16-132A: Exploitation of SAP Business Applications
[11 May 2016 05:31am]

» TA16-105A: Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced
[14 Apr 2016 01:48pm]

» TA16-091A: Ransomware and Recent Variants
[31 Mar 2016 04:00pm]

» TA15-337A: Dorkbot
[03 Dec 2015 04:40pm]

» TA15-314A: Compromised Web Servers and Web Shells - Threat Awareness and Guidance
[10 Nov 2015 06:12pm]

» TA15-286A: Dridex P2P Malware
[13 Oct 2015 05:23am]

» TA15-240A: Controlling Outbound DNS Access
[28 Aug 2015 11:31am]

» TA15-213A: Recent Email Phishing Campaigns – Mitigation and Response Recommendations
[01 Aug 2015 04:01pm]

» TA15-195A: Adobe Flash and Microsoft Windows Vulnerabilities
[14 Jul 2015 05:13pm]

***
Computerworld Security

» Privacy Shield needs improvement, says EU privacy watchdog
[31 May 2016 02:00pm]

» 65M Tumblr account records are up for sale on the underground market
[31 May 2016 07:55am]

» Review: New tools to fight insider threats
[31 May 2016 05:38am]

» Crying ‘Wolf!’ seems to work for security
[31 May 2016 05:00am]

» Pwned: 65 million Tumblr accounts, 40 million from Fling, 360 million from MySpace
[30 May 2016 07:17am]

» WordPress plug-in flaw puts over 1M websites at risk
[30 May 2016 07:00am]

» Iran orders messaging apps to store data of in-country users
[30 May 2016 06:40am]

» Malware links SWIFT breaches at banks to N. Korean hackers
[27 May 2016 11:01am]

» Senate proposal to require encryption workarounds may be dead
[27 May 2016 10:25am]

» New JavaScript spam wave distributes Locky ransomware
[27 May 2016 08:19am]

» What is MAREA? Oh, just an epic shift that changes everything
[27 May 2016 05:18am]

» Up to a dozen banks are reportedly investigating potential SWIFT breaches
[26 May 2016 02:14pm]

» Senators want warrant protections for U.S. email stored overseas
[26 May 2016 11:57am]

» Celebrity hacker Guccifer's confession gives us all a lesson in security
[26 May 2016 11:14am]

» IoT security is getting its own crash tests
[26 May 2016 05:09am]

***
Microsoft Security Advisories

» 2880823 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0
[18 May 2016 11:00am]

» 3155527 - Update to Cipher Suites for FalseStart - Version: 1.0
[10 May 2016 11:00am]

» 3152550 - Update to Improve Wireless Mouse Input Filtering - Version: 1.1
[22 Apr 2016 11:00am]

» 3137909 - Vulnerabilities in ASP.NET Templates Could Allow Tampering - Version: 1.1
[10 Feb 2016 11:00am]

» 2871997 - Update to Improve Credentials Protection and Management - Version: 5.0
[09 Feb 2016 11:00am]

» 3123479 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 1.0
[12 Jan 2016 11:00am]

» 3109853 - Update to Improve TLS Session Resumption Interoperability - Version: 1.0
[12 Jan 2016 11:00am]

» 3118753 - Updates for ActiveX Kill Bits 3118753 - Version: 1.0
[12 Jan 2016 11:00am]

» 2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge - Version: 53.0
[05 Jan 2016 11:00am]

» 3123040 - Inadvertently Disclosed Digital Certificate Could Allow Spoofing - Version: 1.0
[08 Dec 2015 11:00am]

» 3057154 - Update to Harden Use of DES Encryption - Version: 1.1
[08 Dec 2015 11:00am]

» 3119884 - Inadvertently Disclosed Digital Certificates Could Allow Spoofing - Version: 1.0
[30 Nov 2015 11:00am]

» 3108638 - Update for Windows Hyper-V to Address CPU Weakness - Version: 1.0
[10 Nov 2015 11:00am]

» 3097966 - Inadvertently Disclosed Digital Certificates Could Allow Spoofing - Version: 2.0
[13 Oct 2015 11:00am]

» 2960358 - Update for Disabling RC4 in .NET TLS - Version: 2.0
[13 Oct 2015 11:00am]

***
WIRED

» Hack Brief: Your Old Myspace Account Just Came Back to Haunt You
[31 May 2016 02:58pm]

» How the Top 5 PC Makers Open Your Laptop to Hackers
[31 May 2016 07:00am]

» The Romanian Teen Hacker Who Hunts Bugs to Resist the Dark Side
[31 May 2016 05:00am]

» Security News This Week: Apple Hires a Crypto Guru for Future Battles With the Feds
[28 May 2016 05:00am]

» This Map Tracks Where Governments Hack Activists and Reporters
[26 May 2016 05:00am]

» A Car’s Computer Can ‘Fingerprint’ You in Minutes Based on How You Drive
[25 May 2016 10:24am]

» Security News This Week: Russia’s FindFace Face-Recognition App Is a Privacy Nightmare
[21 May 2016 05:00am]

» Gay Dating Apps Promise Privacy, But Leak Your Exact Location
[20 May 2016 05:00am]

» Chelsea Manning’s Appeal Took Three Years to File. Here’s Why
[19 May 2016 05:49pm]

» New Surveillance System May Let Cops Use All of the Cameras
[19 May 2016 05:00am]

***
Network World Security

» How to craft a security awareness program that works
[31 May 2016 02:09pm]

» OEM software update tools preloaded on PCs are a security mess
[31 May 2016 12:59pm]

» Shadow IT 101: Beyond convenience vs. security
[31 May 2016 11:15am]

» Tor Browser 6.0: Ditches SHA-1 support, uses DuckDuckGo for default search results
[31 May 2016 09:18am]

» Review: Hot new tools to fight insider threats
[31 May 2016 04:00am]

» 3 top tools to fight insider threats
[31 May 2016 04:00am]

» SIEM review: Splunk, ArcSight, LogRhythm and QRadar
[09 May 2016 02:00pm]

» What users love (and hate) about 4 leading firewall solutions
[25 Apr 2016 01:48pm]

» 10 no-cost home security mobile apps worth a download
[01 Apr 2016 06:39am]

» 7 VPN services for hotspot protection
[14 Mar 2016 04:00am]

» Review: Consider VPN services for hotspot protection
[14 Mar 2016 04:00am]

» Review: 5 application security testing tools compared
[01 Mar 2016 01:29pm]

» Skyport eases the pain of deploying and securing remote servers
[29 Feb 2016 04:00am]

» OEM software update tools preloaded on PCs are a security mess
[31 May 2016 12:59pm]

» Tor Browser 6.0: Ditches SHA-1 support, uses DuckDuckGo for default search results
[31 May 2016 09:18am]

***


More IT Security
News Feeds
More Sponsors

Advertise on this site
RSS Feeds
Our news can be syndicated by using these rss feeds.
rss1.0
rss2.0
rdf

NIST.org is in no way connected to the U.S. government site NIST.gov

This site is © John Herron, CISSP. All Rights Reserved.

Please visit daily to stay up to date on all your IT Security compliance issues.

http://www.nist.org -
Hosted by BlueHost. We've never had a better hosting company.
{THEMEDISCLAIMER}