NIST Site Search
Search NIST.GOV
Custom Search
[Official NIST.GOV TIME]
Product Research

Advertise on this site
Extreme Islamic Group Takes Government Website Off-Line for Past 2 Weeks
Score one for the extremists. FEB.GOV was hacked and defaced by an Islamic hacker group on August 2nd and has been off-line ever since.No Longer Supported
It is hard to know what to say about this. Lets start with the facts. On August 2nd FEB.GOV was hacked and defaced. FEB.GOV lists at least 20 sites under it for various offices and regions of the Federal Executive Board.

You can view a screen shot of the hacked page at Sunbelt Software's blog. The real FEB.GOV site, and all sites hosted under it, have been down since August 2nd.

This U.S. Government office lists the following mission:
The Federal Executive Boards (FEB’s) were established in 1961 by a Presidential Directive to improve coordination among Federal activities and programs outside Washington. The need for effective coordination among the field activities of Federal departments and agencies was then, and is still, very clear.

They do such things as coordinate the avian flu response, coordinate government agency evacuation and continuity of operation plans, coordinate cross-agency employee training, announce snow and weather related office closures, coordinate emergency crisis and terrorist response, etc. You can find cached copies of their website at Alexa.com and some at Google. Their website may not be critical to national security but it is important never the less. It is also embarrassing to have a Federal government website(s) down for two weeks because because of a hacker attack. Wipe, reload, mitigate for whatever vulnerability was exploited, and get on with it. This was a public facing web server so there should have been no sensitive information there to compromise. Being down for this long leads people to think there is a cover-up and/or great incompetence. Right now we're showing the extremists / hackers that they're winning.

FEB.GOV is hosted by the Office of Personnel Management (OPM). As the old adage goes "the most secure computer is one that isn't connected to any network, is unplugged, and stored in a vault deep under ground". OPM must be taking this literally as the FEB has been off-line for two weeks now!



UPDATE 25 August 2006: The FEB.GOV site is back in operation.

Share or Boookmark this Article Using:
No Longer Supported




Google
WebNIST.org
NIST.govSecurityFocus.com





Posted by NIST.org on Tuesday 15 August 2006 - 20:51:15 | |printer friendly
Translate to: {GOOGLETRANS}
Google Ads




Headlines

»CVE-2015-6289 (ios)
Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attac ...
»CVE-2015-7462 (websphere_mq)
IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-key ...
»CVE-2015-7775 (garoon)
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to ...
»CVE-2015-7776 (garoon)
Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which mak ...
»CVE-2015-8288 (d3600_firmware, d6000_firmware)
NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier us ...
»CVE-2015-8289 (d3600_firmware, d6000_firmware)
The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with ...
»CVE-2016-0392 (elastic_storage_server, general_parallel_file_system_storage_server)
IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 through 2.0.7 and Elastic Stora ...
»CVE-2016-0911 (data_domain)
EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 has a default no_root_squash option for NFS export ...
»CVE-2016-0912 (data_domain)
EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 allows remote authenticated users to bypass intend ...
»CVE-2016-0914 (documentum_administrator, documentum_capital_projects, documentum_taskspace, documentum_webtop)
EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x be ...
»CVE-2016-1191 (garoon)
Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 al ...
»CVE-2016-1192 (garoon)
Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 all ...
»CVE-2016-1195 (garoon)
Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to red ...
»CVE-2016-1196 (garoon)
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access r ...
»CVE-2016-1197 (garoon)
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers t ...


Date published: 2016-06-24T04:50:00Z
Details

»WordPress Releases Security Update
Original release date: June 22, 2016 WordPress 4.5.2 and prior versions are affected by sever ...
»Apple Releases Security Update
Original release date: June 21, 2016 Apple has released a security update to address a vulner ...
»Google Releases Security Update for Chrome
Original release date: June 17, 2016 Google has released Chrome version 51.0.2704.103 to addr ...
»Adobe Releases Security Updates
Original release date: June 16, 2016 Adobe has released security updates to address vulnerabi ...
»Cisco Releases Security Updates
Original release date: June 15, 2016 Cisco has released security updates to address vulnerabi ...
»VMware Releases Security Updates
Original release date: June 15, 2016 VMware has released security updates to address a vulner ...
»Microsoft Releases June 2016 Security Bulletin
Original release date: June 14, 2016 Microsoft has released 16 updates to address vulnerabili ...
»Adobe Releases Security Updates
Original release date: June 14, 2016 Adobe has released security updates to address vulnerabi ...
»VMware Releases Security Updates
Original release date: June 10, 2016 VMware has released security updates to address vulnerab ...
»Increased Risks from Macro-Based Malware
Original release date: June 09, 2016 Microsoft Office applications use macros to automate rou ...


Date published: not known
Details

»VB2015 paper: DDoS Trojan: A Malicious Concept that Conquered the ELF Format
In their VB2015 paper, Peter Kálnai and Jaromír Hořejší look at the ...
»Throwback Thursday: Hyppönen, that Data Fellow / Finnish Sprayer
This week, well known and universally respected industry guru Mikko ...
»VB2015 paper: Economic Sanctions on Malware
Financial pressure can be a proactive and potentially very effectiv ...
»Virus Bulletin's job site for recruiters and job seekers
Virus Bulletin has relaunched its security job vacancy service and ...
»Throwback Thursday: One_Half: The Lieutenant Commander?
In October 1994, a new multi-partite virus appeared, using some of ...
»Advertisements on Blogspot sites lead to support scam
Support scam pop-ups presented through malicious advertisements sho ...
»To make Tor work better on the web, we need to be honest about it
Many websites put barriers in front of visitors who use the Tor net ...
»Paper: How It Works: Steganography Hides Malware in Image Files
A new paper by CYREN researcher Lordian Mosuela takes a close look ...
»Paying a malware ransom is bad, but telling people to never do it is unhelpful advice
The current ransomware plague is one of the worst threats the Inter ...


Date published: not known
Details
Main Menu
· Home
Current Security News
 
US-CERT Current Activity

» WordPress Releases Security Update
[22 Jun 2016 06:42am]

» Apple Releases Security Update
[21 Jun 2016 06:56am]

» Google Releases Security Update for Chrome
[16 Jun 2016 11:32pm]

» Adobe Releases Security Updates
[16 Jun 2016 07:55pm]

» Cisco Releases Security Updates
[15 Jun 2016 06:32pm]

» VMware Releases Security Updates
[15 Jun 2016 10:40am]

» Microsoft Releases June 2016 Security Bulletin
[14 Jun 2016 11:38am]

» Adobe Releases Security Updates
[14 Jun 2016 11:08am]

» VMware Releases Security Updates
[10 Jun 2016 11:37am]

» Increased Risks from Macro-Based Malware
[09 Jun 2016 07:50am]

***
US-CERT Alerts

» TA16-144A: WPAD Name Collision Vulnerability
[23 May 2016 05:38am]

» TA16-132A: Exploitation of SAP Business Applications
[11 May 2016 05:31am]

» TA16-105A: Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced
[14 Apr 2016 01:48pm]

» TA16-091A: Ransomware and Recent Variants
[31 Mar 2016 04:00pm]

» TA15-337A: Dorkbot
[03 Dec 2015 04:40pm]

» TA15-314A: Compromised Web Servers and Web Shells - Threat Awareness and Guidance
[10 Nov 2015 06:12pm]

» TA15-286A: Dridex P2P Malware
[13 Oct 2015 05:23am]

» TA15-240A: Controlling Outbound DNS Access
[28 Aug 2015 11:31am]

» TA15-213A: Recent Email Phishing Campaigns – Mitigation and Response Recommendations
[01 Aug 2015 04:01pm]

» TA15-195A: Adobe Flash and Microsoft Windows Vulnerabilities
[14 Jul 2015 05:13pm]

***
Computerworld Security

» The EU and U.S. reach data-transfer deal, report says
[24 Jun 2016 09:45am]

» Lenovo patches two high-severity flaws in PC support tool
[24 Jun 2016 08:18am]

» U.S. court rules that FBI can hack into a computer without a warrant
[24 Jun 2016 04:36am]

» Lessons and observations from the GoToMyPC incident
[23 Jun 2016 10:06pm]

» Why Russian hackers were likely behind the DNC breach
[23 Jun 2016 02:31pm]

» GozNym Trojan targets business accounts at major U.S. banks
[23 Jun 2016 12:58pm]

» AWS and Azure clouds gain security OK from feds
[23 Jun 2016 09:38am]

» BlackBerry goes into the red as revenue drops by a third
[23 Jun 2016 09:24am]

» The number of corporate users hit by crypto ransomware is skyrocketing
[23 Jun 2016 09:18am]

» A look inside the Microsoft Local Administrator Password Solution
[23 Jun 2016 04:00am]

» Mobile advertiser tracked users' locations without their consent, FTC alleges
[22 Jun 2016 12:49pm]

» Think tanks mull Geneva Convention for cybercrime
[22 Jun 2016 11:12am]

» Severe flaws in widely used archive library put many projects at risk
[22 Jun 2016 08:02am]

» Google concerned about curious but destructive cleaning robots that hack reward systems
[22 Jun 2016 07:53am]

» Microsoft invokes Supreme Court opinion in Ireland email case
[22 Jun 2016 03:41am]

***
Microsoft Security Advisories

» 2880823 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0
[18 May 2016 11:00am]

» 3155527 - Update to Cipher Suites for FalseStart - Version: 1.0
[10 May 2016 11:00am]

» 3152550 - Update to Improve Wireless Mouse Input Filtering - Version: 1.1
[22 Apr 2016 11:00am]

» 3137909 - Vulnerabilities in ASP.NET Templates Could Allow Tampering - Version: 1.1
[10 Feb 2016 11:00am]

» 2871997 - Update to Improve Credentials Protection and Management - Version: 5.0
[09 Feb 2016 11:00am]

» 3123479 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 1.0
[12 Jan 2016 11:00am]

» 3109853 - Update to Improve TLS Session Resumption Interoperability - Version: 1.0
[12 Jan 2016 11:00am]

» 3118753 - Updates for ActiveX Kill Bits 3118753 - Version: 1.0
[12 Jan 2016 11:00am]

» 2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge - Version: 53.0
[05 Jan 2016 11:00am]

» 3057154 - Update to Harden Use of DES Encryption - Version: 1.1
[08 Dec 2015 11:00am]

» 3123040 - Inadvertently Disclosed Digital Certificate Could Allow Spoofing - Version: 1.0
[08 Dec 2015 11:00am]

» 3119884 - Inadvertently Disclosed Digital Certificates Could Allow Spoofing - Version: 1.0
[30 Nov 2015 11:00am]

» 3108638 - Update for Windows Hyper-V to Address CPU Weakness - Version: 1.0
[10 Nov 2015 11:00am]

» 3097966 - Inadvertently Disclosed Digital Certificates Could Allow Spoofing - Version: 2.0
[13 Oct 2015 11:00am]

» 2960358 - Update for Disabling RC4 in .NET TLS - Version: 2.0
[13 Oct 2015 11:00am]

***
WIRED

» A Bug in Chrome Makes It Easy to Pirate Movies
[24 Jun 2016 05:00am]

» Hey, Congress, Here’s How You Use Periscope
[22 Jun 2016 02:52pm]

» House Dems Take to Twitter to Let You See Their Gun-Control Sit-In
[22 Jun 2016 11:08am]

» After Orlando, the Homemade AR-15 Industry Surges
[22 Jun 2016 05:00am]

» Security News This Week: Anonymous Hacks ISIS Twitter With Gay Pride
[19 Jun 2016 05:00am]

» Silk Road Prosecutors Argue Ross Ulbricht Doesn’t Deserve a New Trial
[18 Jun 2016 03:53pm]

» Orlando Shows the Limits of Facebook’s Terror Policing
[17 Jun 2016 06:38am]

» How Does the FBI Watch List Work? And Could It Have Prevented Orlando?
[17 Jun 2016 05:00am]

» Apple’s Big Security Upgrades Will Save You From Yourself
[16 Jun 2016 12:10pm]

» A Chaotic Whodunnit Follows the DNC’s Trump Research Hack
[15 Jun 2016 08:33pm]

***
Network World Security

» Researchers steal data from a PC by controllng the noise from the fans
[24 Jun 2016 12:58pm]

» The EU and US reportedly reach data-transfer deal
[24 Jun 2016 09:15am]

» Demisto accelerates security investigations through automation and collaboration  
[24 Jun 2016 08:29am]

» Lenovo patches two high severity flaws in PC support tool
[24 Jun 2016 07:40am]

» Buyer’s Guide to 9 multi-factor authentication products
[06 Jun 2016 04:00am]

» 5 trends shaking up multi-factor authentication
[06 Jun 2016 04:00am]

» 9-vendor authentication roundup: The good, the bad and the ugly
[06 Jun 2016 04:00am]

» Review: Hot new tools to fight insider threats
[31 May 2016 04:00am]

» 3 top tools to fight insider threats
[31 May 2016 04:00am]

» SIEM review: Splunk, ArcSight, LogRhythm and QRadar
[09 May 2016 02:00pm]

» What users love (and hate) about 4 leading firewall solutions
[25 Apr 2016 01:48pm]

» 10 no-cost home security mobile apps worth a download
[01 Apr 2016 06:39am]

» 7 VPN services for hotspot protection
[14 Mar 2016 04:00am]

» The EU and US reportedly reach data-transfer deal
[24 Jun 2016 09:15am]

» Lenovo patches two high severity flaws in PC support tool
[24 Jun 2016 07:40am]

***


More IT Security
News Feeds
More Sponsors

Advertise on this site
RSS Feeds
Our news can be syndicated by using these rss feeds.
rss1.0
rss2.0
rdf

NIST.org is in no way connected to the U.S. government site NIST.gov

This site is © John Herron, CISSP. All Rights Reserved.

Please visit daily to stay up to date on all your IT Security compliance issues.

http://www.nist.org -
Hosted by BlueHost. We've never had a better hosting company.
{THEMEDISCLAIMER}