Feeds

German finance agency suspends site over serious security bug

There goes the national debt

Internet Security Threat Report 2014

Germany's federal finance ministry has pulled its website offline after receiving notification of a serious security problem from white hat hackers affiliated to the Chaos Computer Club (CCC).

Flaws on the the Federal Finance Agency website reportedly created a means to spy on customers of the government agency, steal login credentials or run phishing attacks. The bug reportedly existed for months before CCC stumbled upon the flaw. It is unclear whether or not the vulnerability was ever exploited or used as part of any scam.

The agency – Deutsche Finanzagentur – is involved in the placement of federal borrowing as well as the managing of federal debt. It also provides an entry point for internet banking services provided by bundeswertpapiere.de.

Flaws in the configuration of the web server used by the agency created a means to mount hard-to-detect phishing attacks, according to an advisory (in German) on the breach published by CCC over the weekend.

A notice on the Deutsche Finanzagentur said that the site was temporarily unavailable without providing any indication on when services might be restored. ®

Internet Security Threat Report 2014

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
The total economic impact of Druva inSync
Examining the ROI enterprises may realize by implementing inSync, as they look to improve backup and recovery of endpoint data in a cost-effective manner.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Simplify SSL certificate management across the enterprise
Simple steps to take control of SSL across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these Certificates.