Government agencies have a reputation for computer security laziness, but it may be undeserved. NASA in particular seems to be really on the ball because they just helped catch an attack on one of our systems. Way back in 1999 the GAO gave NASA a bad report card on computer security and made various recommendations for improvements. Within a few years NASA had developed massive improvements in the security of their wide-ranging systems.
For the OPeNDAP group this helped us immeasurably yesterday when one of our key development servers was taken over by Russia-based hackers. On Sunday a critical security advisory was issued revealing that a relatively easy exploit could completely compromise a machine running CVS, a widely-used software versioning package for UNIX/Linux. By Thursday we had been located by the hackers' automated scanners and targeted for infestation. Fortunately for us that machine is on an academic network that runs through a backbone operated by NASA. Specialists there spotted the hacker activity, tracked it and reported the problem to us thus saving us a lot of time and preventing further losses.
|