Romanian Hackers Expose Kaspersky USA Site Open to SQL Injection
Article by George Norman
On 09 Feb 2009
The United States web page of one of the best known security software providers, Kaspersky USA, has been exposed as incapable of securing their own databases (which are made up of such things like user names, activation codes, bug lists, admins, and so on). Romanian hacker going by the name of “Unu” said in a blog post over at that all it took was changing characters in the URL. On the upside, Unu says that Kaspersky’s private info will not be exposed by him or blog staff.

”Kaspersky is one of the leading companies in the security and antivirus market. It seems as though they are not able to secure their own data bases. Seems incredible but unfortunately, it’s true. Alter one of the parameters and you have access to everything,” says Unu.


The SQL injection vulnerability was discovered this weekend, and at the time Kaspersky did not provide any comment. As a matter of fact, they were even slow to react to Unu’s warnings, who apparently tried to contact the aforementioned company but got no response; he then continued to post the findings online. Soon after, other researchers from the security industry acknowledged the fact that Kaspersky’s US of A web page is vulnerable to SQL injection.

Kaspersky has since looked into the issue and has now released this statement: “On Saturday, February 7, 2009, a vulnerability was detected on a subsection of the domain when a hacker attempted an attack on the site. The site was only vulnerable for a very brief period, and upon detection of the vulnerability we immediately took action to roll back the subsection of the site and the vulnerability was eliminated within 30 minutes of detection. The vulnerability wasn't critical and no data was compromised from the site.”

It just goes to show you that poor programming is a serious issue that can affect even the industry’s heavyweights. SecuriTeam saw the lighter side of things and posted this amusing comic strip.

UPDATE: Unu has also hacked BitDefender. Read all about it here.

Tags: Kaspersky, SQL
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Romanian Hackers Expose Kaspersky USA Site Open to SQL Injection
HTML Linking Code