The Ethical Hacker Network - Kaspersky Web Site Hacked With SQL Injection

Latest Additions

Who's Online

EH-Net > Resources > News from the Outside World (Moderator: don) > Kaspersky Web Site Hacked With SQL Injection

Pages: [1] Go Down

« previous next »

	Author	Topic: Kaspersky Web Site Hacked With SQL Injection (Read 5757 times)
0 Members and 1 Guest are viewing this topic.

Manu Zacharia (-M-)

Sr. Member

Offline

Posts: 393

c0c0n Hacking Conference - where hackers unite

Kaspersky Web Site Hacked With SQL Injection

« on: February 10, 2009, 03:15:21 AM »

Quote

A security vulnerability in Moscow-based Kaspersky Lab's U.S. Web site was made public after a hacker launched a SQL attack and posted listings of tables contained on the security company's site.

The hacker, known as Unu, posted screen shots as well as a list of tables Feb. 7 to a blog after hacking into the security company's Web site via a simple SQL injection attack that allowed information to be exposed by entering secret username and password information.

Read more about it here


	Logged

Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n

xXxKrisxXx

Hero Member

Offline

Posts: 512

Re: Kaspersky Web Site Hacked With SQL Injection

« Reply #1 on: February 10, 2009, 10:55:08 AM »

Sql Injections are still today quite the attack vector. I'm just suprised to see an Anti-Virus company who you'd think would be up there on their security would fall victim to this attack, then again with tools out there like Sql Ninja / w3af out there it's sort of not too surprising. Thanks for the good read!


	Logged

eCPPT, GCIH, OSCP, OSWP

jason

Hero Member

Offline

Posts: 1012

Re: Kaspersky Web Site Hacked With SQL Injection

« Reply #2 on: February 10, 2009, 11:37:27 AM »

Still, you would think that they would have done a bit of pen testing of their own. Makes me wonder what other interesting weaknesses they have, and I imagine that I'm not the only one wondering.


	Logged

jason

Hero Member

Offline

Posts: 1012

Re: Kaspersky Web Site Hacked With SQL Injection

« Reply #3 on: February 10, 2009, 04:42:46 PM »

Apparently the same attacker claims to have breached BitDefender as well:

http://www.darkreading.com/security/attacks/showArticle.jhtml;jsessionid=BE4VOR3YATACEQSNDLPSKH0CJUNN2JVN?articleID=213401799


	Logged

Fathercat

Newbie

Offline

Posts: 24

Re: Kaspersky Web Site Hacked With SQL Injection

« Reply #4 on: February 10, 2009, 06:46:17 PM »

Well as my old commander said, the defenders have to be right 100% and the adversary only has to be right once to get in.


	Logged

CISSP

jason

Hero Member

Offline

Posts: 1012

Re: Kaspersky Web Site Hacked With SQL Injection

« Reply #5 on: February 11, 2009, 03:33:30 PM »

True, but when it's your job to get it right and you sell getting it right to other people, things like this can be reputationally damaging.


	Logged

jason

Hero Member

Offline

Posts: 1012

Re: Kaspersky Web Site Hacked With SQL Injection

« Reply #6 on: February 12, 2009, 10:14:40 PM »

Looks like the same folks have added F-Secure to the list now:

http://tech.yahoo.com/news/zd/20090212/tc_zd/237038


	Logged

Pages: [1] Go Up

« previous next »

Jump to:

Exclusive Deal

SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters

5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013

Recent Forum Topics

EH-Net News Feeds

Latest Additions