[ISN] They've only gone and HACKED the WEATHER

From: InfoSec News <alerts_at_private>
Date: Mon, 22 Oct 2012 01:49:26 -0500 (CDT)
http://www.theregister.co.uk/2012/10/19/us_weather_service_hack/

By John Leyden
The Register
19th October 2012

Hackers have lifted potentially sensitive data from the US National 
Weather Service after exploiting a vulnerability in the weather.gov 
website.

A previously-unknown group called Kosova Hacker's Security claimed 
credit for the hack in a lengthy post on pastebin, containing a stream 
of data lifted as a result of the hack. Leaked data includes a list of 
partial login credentials, something that might give other hacking crews 
a head start in attacking the website, as well as numerous system and 
network configuration files.

The leaked information appears to consist only of system files and the 
like rather than scientific data, something that strongly distinguishes 
the breach from the so-called ClimateGate hack against the Climatic 
Research Unit (CRU) at the University of East Anglia back in November 
2009.

The hacking crew said it took advantage of "local file inclusion 
vulnerability" that allowed it to ransack the weather.gov servers. 
Kosova Hacker's Security said the hack was carried out in retaliation 
for American aggression against Muslim nations, including the Flame and 
Stuxnet malware attacks against the Iran nuclear program.

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org 
Received on Sun Oct 21 2012 - 23:49:26 PDT

This archive was generated by hypermail 2.2.0 : Sun Oct 21 2012 - 23:41:57 PDT