The gate Arab News Technical The Gate Arab News Technical
Facing the American space agency NASA NASA leak data are the names of real employees to user names, email addresses, names and data projects, according to a published security researcher Avinash Jain Avinash Jain, where the back of this registry because one of the systems Jira Jira NASA, a web application used by most companies to track projects, or errors and internal problems, said Jane, if the cause of poisoning was the settings of Jira, which seems to be responsible in the management of NASA had set it wrong.
According to security researcher the problem associated with the use of Jira to the phrase “everyone” and “all users” to determine the access rights of the user, which is a problem you know not a lot of managers who are responsible for the preparation of the application Jira Jira within the companies and institutions who have services between the two terms by selecting “all” by mistake when you specify the visibility of different sections of the neighborhood.
And so “everyone” access to anyone on the internet to the tracking data of the project, not “everyone” in the enterprise, as some managers of Jira, and Jane the different sections of this application has been displayed on the internet and anyone can access them.
Although the data exposed does not include information definitions detailed PII, it could an attacker use the data that was leaked to improve the experience of targeting employees who work in sensitive projects via emails through phishing attacks.
The researcher explained to security that he had been sent on 3 September an alert about the delivery to the NASA team and the emergency preparedness computer in the United States, US-CERT, however, the agency did not attempt to fix the problem of leaking data to Jira only on 25 September, after more than three weeks, said: “it seems that the agency does not possess the team dedicated for such cases”, where it is never respond to email messages sent by US.
As the agency has not tell him when they stop the recording, and they didn’t thank him for his report, at which time the team US-CERT by thanking him for his report, this was the first time in which a Jain on the issue of security to NASA, but the silence of the agency has not come as a surprise to other researchers who have reported similar experiences of a photo upon detection of security issues for NASA.
Although NASA has its page on HackerOne, a program for reporting security vulnerabilities, which allows researchers to send a letter to the agency on security problems, but they don’t have a dedicated program of rewards on the security vulnerabilities, the people had less than a month ago to alert the employees about the violation of major security enables through his intruders to obtain personal data of former employees and current and, where they revealed that out of Social Security numbers.
The gate Arab News Technical the US space agency NASA was continuing to leak data
If you are watching what you read now, be aware that this content a user is illegally in this location, and the original position of the gate Arab News Technical