Romanian Hackers Expose Kaspersky USA Site Open to SQL Injection
The United States web page of one of the best known security software providers, Kaspersky USA, has been exposed as incapable of securing their own databases (which are made up of such things like user names, activation codes, bug lists, admins, and so on). Romanian hacker going by the name of “Unu” said in a blog post over at hackersblog.org that all it took was changing characters in the URL. On the upside, Unu says that Kaspersky’s private info will not be exposed by him or blog staff.
”Kaspersky is one of the leading companies in the security and antivirus market. It seems as though they are not able to secure their own data bases. Seems incredible but unfortunately, it’s true. Alter one of the parameters and you have access to everything,” says Unu.
The SQL injection vulnerability was discovered this weekend, and at the time Kaspersky did not provide any comment. As a matter of fact, they were even slow to react to Unu’s warnings, who apparently tried to contact the aforementioned company but got no response; he then continued to post the findings online. Soon after, other researchers from the security industry acknowledged the fact that Kaspersky’s US of A web page is vulnerable to SQL injection.
Kaspersky has since looked into the issue and has now released this statement: “On Saturday, February 7, 2009, a vulnerability was detected on a subsection of the usa.kaspersky.com domain when a hacker attempted an attack on the site. The site was only vulnerable for a very brief period, and upon detection of the vulnerability we immediately took action to roll back the subsection of the site and the vulnerability was eliminated within 30 minutes of detection. The vulnerability wasn't critical and no data was compromised from the site.”
It just goes to show you that poor programming is a serious issue that can affect even the industry’s heavyweights. SecuriTeam saw the lighter side of things and posted this amusing comic strip.
UPDATE: Unu has also hacked BitDefender. Read all about it here.
Tags: Kaspersky, SQL
”Kaspersky is one of the leading companies in the security and antivirus market. It seems as though they are not able to secure their own data bases. Seems incredible but unfortunately, it’s true. Alter one of the parameters and you have access to everything,” says Unu.
Advertising
The SQL injection vulnerability was discovered this weekend, and at the time Kaspersky did not provide any comment. As a matter of fact, they were even slow to react to Unu’s warnings, who apparently tried to contact the aforementioned company but got no response; he then continued to post the findings online. Soon after, other researchers from the security industry acknowledged the fact that Kaspersky’s US of A web page is vulnerable to SQL injection.
Kaspersky has since looked into the issue and has now released this statement: “On Saturday, February 7, 2009, a vulnerability was detected on a subsection of the usa.kaspersky.com domain when a hacker attempted an attack on the site. The site was only vulnerable for a very brief period, and upon detection of the vulnerability we immediately took action to roll back the subsection of the site and the vulnerability was eliminated within 30 minutes of detection. The vulnerability wasn't critical and no data was compromised from the site.”
It just goes to show you that poor programming is a serious issue that can affect even the industry’s heavyweights. SecuriTeam saw the lighter side of things and posted this amusing comic strip.
UPDATE: Unu has also hacked BitDefender. Read all about it here.
Tags: Kaspersky, SQL
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 10 Feb 2012
With the release of Wolfram|Alpha Pro, the team behind the popular computational knowledge engine took a very big step forward
By George Norman on 10 Feb 2012
Microsoft has just announced that this February, as part of the Patch Tuesday program, it will roll out a grand total of 9 security bulletins to all customers all over the world.Related News
By George Norman on 03 Jan 2012
This holiday season a lot of people spent their money on iOS and Android-powered devices – daily activations on Christmas Day 2011 went up to 6.8 million, according to figures provided by
By George Norman on 06 Sep 2011
Kaspersky Lab, developer of security software that protects against malware, hackers and spam and one of the largest antivirus companies in Europe, announced yesterday, the 5th of September, that it entered a partnership with
By George Norman on 07 Sep 2011
If you want to keep your system and your data safe and protected, you can put your faith in Kaspersky Lab. The security products Kaspersky Lab has to offer provide a properly good level of protection and 
By George Norman on 18 Nov 2011
Here are some bad news for the many, many people out there who have an Android-powered device. Some 550,000 Android devices are activated on a daily basis, in case you were wondering. According toAdvertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
Romanian Hackers Expose Kaspersky USA Site Open to SQL Injection
HTML Linking Code
HTML Linking Code