German finance agency suspends site over serious security bug
There goes the national debt
Posted in Security, 14th March 2011 13:14 GMT
Watch Now : Virtual Machine Movement with Hyper-V
Germany's federal finance ministry has pulled its website offline after receiving notification of a serious security problem from white hat hackers affiliated to the Chaos Computer Club (CCC).
Flaws on the the Federal Finance Agency website reportedly created a means to spy on customers of the government agency, steal login credentials or run phishing attacks. The bug reportedly existed for months before CCC stumbled upon the flaw. It is unclear whether or not the vulnerability was ever exploited or used as part of any scam.
The agency – Deutsche Finanzagentur – is involved in the placement of federal borrowing as well as the managing of federal debt. It also provides an entry point for internet banking services provided by bundeswertpapiere.de.
Flaws in the configuration of the web server used by the agency created a means to mount hard-to-detect phishing attacks, according to an advisory (in German) on the breach published by CCC over the weekend.
A notice on the Deutsche Finanzagentur said that the site was temporarily unavailable without providing any indication on when services might be restored. ®
Send corrections
Data control in the cloud
The new Office Garage series:
IT infrastructure monitoring strategies
