.

Kaspersky Web Site Hacked With SQL Injection

<<

morpheus063

User avatar

Sr. Member
Sr. Member

Posts: 393

Joined: Sun Jun 25, 2006 10:08 am

Location: Cochin - India

Post Tue Feb 10, 2009 4:15 am

Kaspersky Web Site Hacked With SQL Injection

A security vulnerability in Moscow-based Kaspersky Lab's U.S. Web site was made public after a hacker launched a SQL attack and posted listings of tables contained on the security company's site.

The hacker, known as Unu, posted screen shots as well as a list of tables Feb. 7 to a blog after hacking into the security company's Web site via a simple SQL injection attack that allowed information to be exposed by entering secret username and password information.


Read more about it here
Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

[b]There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Tue Feb 10, 2009 11:55 am

Re: Kaspersky Web Site Hacked With SQL Injection

Sql Injections are still today quite the attack vector. I'm just suprised to see an Anti-Virus company who you'd think would be up there on their security would fall victim to this attack, then again with tools out there like Sql Ninja / w3af out there it's sort of not too surprising. Thanks for the good read!
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Tue Feb 10, 2009 12:37 pm

Re: Kaspersky Web Site Hacked With SQL Injection

Still, you would think that they would have done a bit of pen testing of their own. Makes me wonder what other interesting weaknesses they have, and I imagine that I'm not the only one wondering.
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Tue Feb 10, 2009 5:42 pm

Re: Kaspersky Web Site Hacked With SQL Injection

Apparently the same attacker claims to have breached BitDefender as well:

http://www.darkreading.com/security/att ... =213401799
<<

Fathercat

Newbie
Newbie

Posts: 24

Joined: Wed May 07, 2008 9:23 am

Location: St Louis

Post Tue Feb 10, 2009 7:46 pm

Re: Kaspersky Web Site Hacked With SQL Injection

Well as my old commander said, the defenders have to be right 100% and the adversary only has to be right once to get in. 


CISSP
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Wed Feb 11, 2009 4:33 pm

Re: Kaspersky Web Site Hacked With SQL Injection

True, but when it's your job to get it right and you sell getting it right to other people, things like this can be reputationally damaging.
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Thu Feb 12, 2009 11:14 pm

Re: Kaspersky Web Site Hacked With SQL Injection

Looks like the same folks have added F-Secure to the list now:

http://tech.yahoo.com/news/zd/20090212/tc_zd/237038

Return to News from the Outside World

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software