SQL Injection Attack on F-Secure, Site of Germany Ministry of Interior Successfully Hacked

Article by George Norman (Cybersecurity Editor)

on 12 Feb 2009

The Romanian hacker that made the news this week by blowing the whistle on an SQL injection affecting two of the best known security software developers, Kaspersky and BitDefender, is not resting on his laurels and is now putting the Finish experts from F-Secure to the test. According to Unu, the alias used by the hacker in question, the web page of F-secure is vulnerable to SQL injection and XSS (cross site scripting); the good thing is that no confidential or sensitive data has been leaked. The only info that Unu managed to access is related to past virus activity and some statistics.

“During the last few days a Romanian group has been doing SQL injection attacks on several security vendor's websites and early this morning they hit us,” replied F-Secure. “One of our servers used in gathering malware statistics had a page that didn't properly sanitize input and was therefore vulnerable to attack. Fortunately we utilize defense-in-depth strategies so the attack was only partly successful. Although the attackers were able to read information from the database they couldn't write or manipulate it. And they couldn't access any other data on that server because the SQL user only had access to its own database, which only contains public information that is shown on our statistics pages. So while the attack is something we must learn from and points at things we need to improve, it's not the end of the world.”

It may not be “the end of the world” but it is properly embarrassing when a company that specializes in security solutions is vulnerable to some sort of exploit or attack.

While Unu’s success may have been a limited, some other hacker has been successful in compromising the official web page of Germany’s Interior Minister, Wolfgang Schäuble. The attacker exploited a security vulnerability in the Typo3 content management system and placed the “Visit: Vorratsdatenspeicherung” message on the site. The attack seems to have been spurred by the minister’s support for biometric passports and logging all email, internet, landline and mobile phone communications.


Latest News


Sony's 'Attack of the Blockbusters Sale' Slashes Prices in Half for a Ton of PS4 Games

17 Aug 2017

How Samsung's New T5 Compares to the Old T3 Portable SSD (Infographic)

17 Aug 2017

See all