Nasa Faces Security Breach

By Author: eccuni
Total Articles: 211
Comment this article

An attacker has exposed the security flaws on the website of National Aeronautics and Space Administration (NASA). The intruder, who identifies himself as TinKode, successfully gained access to the File Transfer Protocol (FTP) server associated with the space agency's Goddard Space Flight Center. The intruder has also placed screenshot of the affected server as evidence of the security breach on his website. The Romanian intruder has been in the news several times before for breaching the security of major websites such as the website of the Royal British Navy, and European Space Agency, The intruder was also behind the SQL injection attack on the website of MySQL, earlier this year. Fortunately, the motive behind the intrusion attempt by TinKode is to expose security flaws, rather than for any malicious purpose. However, making the security breach public, may make the sites susceptible to further attacks from cybercriminals. Cybercriminals constantly explore the cyber space to exploit security flaws on websites. Successful attack may allow attackers to gain access to confidential databases associated with the webpages. Leakage ...
... of privileged information from the sites of major scientific and research institutions may lead to strategic challenges and also threaten national security. Attackers also target websites to extract login credentials, personal and financial information, malicious scripts, and injecting malware.

Websites are susceptible to threats such as SQL injection and cross-site scripting attacks. SQL injection attacks aim at compromising the SQL-based database systems associated with the website. Attackers may alter the input by appending or terminating text strings, and inserting special characters. In case of cross-site scripting attack, cybercriminals insert malicious scripts on a legitimate website and infect the web browser of a user. Through cross-site scripting attackers may hijack user sessions, redirect users to a malicious website, and transfer cookies from a user's web application to that of a remote attacker.

Organizations must place high emphasis on website security. They must undertake regular evaluation of the sites through professionals qualified in IT degree programs, penetration testing and security audit. Regular review is crucial for identifying and weeding out security vulnerabilities. Appropriate input filtering and validation, output encoding, use of parameterized queries, allowing only those SQL statements that are required by the application and use of stored procedures may help in defending websites from SQL injection and cross-site scripting attacks.

Hiring experienced professionals qualified in online IT degree programs and secured programming may help in strengthening the defenses against sophisticated security threats. Information security professionals at research and critical installations must be encouraged to update their technical skills and know-how by undertaking online IT courses and participating in security conferences.