NASA Incident Report: SQL Injection Attack on Multiple Websites

Miscreants took advantage of weak security to hack into two NASA-run websites over the weekend. The websites of NASA's Instrument Systems and Technology unit and Software Engineering division were broken into and screenshots illustrating the hack posted online. Hackers appear to have taken advantage of SQL Injection flaws and poor access controls in mounting the attack, reports Gunter Ollmann, an ex-IBM security expert who is now VP of Research at security firm Damballa.

Obfuscated screenshots from the hack were subsequently posted onto a full disclosure mailing list (here).

The link for this article located at The Register is no longer available.