NEWS CATEGORIES:

NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>

Find us on Google+

Home > News > Security > Incidents

January 25th, 2010, 15:51 GMT · By Lucian Constantin

NASA Research Center Website Compromised

Adjust text size:

NASA's Center for Aerosol Research website vulnerable to SQL injection

The website of the Center for Aerosol Research at NASA's Goddard Space Flight Center has been taken offline after a grey hat hacker demoed an attack on its database. The SQL injection exploitation had to be performed manually and was unusually hard to pull off, according to the attacker.

"I want to say that it was very hard to make this injection… The webserver had good protection but wasn’t fully secured," TinKode, a Romanian self-confessed grey hat hacker, writes on his blog. "This kind only works manually , you can’t do it with apps," he stresses.

The aerocenter.gsfc.nasa.gov is actually the third website associated with NASA's Goddard Space Flight Center (GSFC) that TinKode has hacked in recent months, suggesting a more serious Web development issue on this domain. At the beginning of December we reported that websites belonging to GSFC's Instrument Systems and Technology Division, istd.gsfc.nasa.gov, as well as the Software Engineering Division, sed.gsfc.nasa.gov were compromised in a similar fashion.

According to an official description available on the compromised website, before it was taken down, the "AeroCenter is an interdisciplinary union of researchers at NASA Goddard and other organizations in the Washington DC metropolitan area (including NOAA, University of Maryland, and other insititutions) who are interested in many facets of atmospheric aerosols." From the partially obfuscated screenshots published by the security enthusiast, it appears the database contains private information about site members, such as full name, e-mail, phone, affiliation or focus group.

TinKode has also revealed details about seven administrative accounts, including those of Lorraine A. Remer, NASA official responsible for the AeroCenter program, Richard Kleidman, curator and Paul D. Przyborski, the Webmaster. As the grey hat hacker indicates, only password "hashes" are stored in the database, which is much better than storing them in plain text. Unfortunately, these hashes can be easily cracked, because they were generated with MD5, an insecure algorithm.

FILED UNDER:

Center for Aerosol Research

Goddard Space Flight Center

SQL injection

website hack

NASA

TELL US WHAT YOU THINK:

3,383 hits · 2 comments · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:

U.S. Military Equipment Website Hacked

Army Website Compromised Through SQL Injection

Intel Website Compromised through SQL Injection

Two Official Kaspersky Websites Hacked

Kaspersky Lab's Portuguese Website Compromised

READER COMMENTS:

Comment #1 by: ali on 05 Oct 2010, 20:59 UTC

reply to this comment

Hello
my name is Ali and I graduated from iran university of science and technology in railway structures field. me and my master are working on new technology about magnetic connections in structures. an idea has shined in my mind that it can be used in space equipments. as it has a high assembely speed i think it can reduce the costs of space trips for repairing the equipments for instance in space stations. if some one is interested in my project please contact me by Email : ali_pouryousef@yahoo.com

Comment #2 by: mahesh on 06 Oct 2010, 09:21 UTC	reply to this comment
i am the big fan of NASA research ceneter i would like to work there at least for one day as a seintist with the other sintists i proud to be a employee of NASA research center

SUBMIT PROGRAM \| ADVERTISE \| GET HELP \| SEND US FEEDBACK \| RSS FEEDS \| UPDATE YOUR SOFTWARE \| ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved. Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.	Copyright Information \| Privacy Policy \| Terms of Use