SQL Injection Attack on F-Secure, Site of Germany Ministry of Interior Successfully Hacked
The Romanian hacker that made the news this week by blowing the whistle on an SQL injection affecting two of the best known security software developers, Kaspersky and BitDefender, is not resting on his laurels and is now putting the Finish experts from F-Secure to the test. According to Unu, the alias used by the hacker in question, the web page of F-secure is vulnerable to SQL injection and XSS (cross site scripting); the good thing is that no confidential or sensitive data has been leaked. The only info that Unu managed to access is related to past virus activity and some statistics.
“During the last few days a Romanian group has been doing SQL injection attacks on several security vendor's websites and early this morning they hit us,” replied F-Secure. “One of our servers used in gathering malware statistics had a page that didn't properly sanitize input and was therefore vulnerable to attack. Fortunately we utilize defense-in-depth strategies so the attack was only partly successful. Although the attackers were able to read information from the database they couldn't write or manipulate it. And they couldn't access any other data on that server because the SQL user only had access to its own database, which only contains public information that is shown on our statistics pages. So while the attack is something we must learn from and points at things we need to improve, it's not the end of the world.”
It may not be “the end of the world” but it is properly embarrassing when a company that specializes in security solutions is vulnerable to some sort of exploit or attack.
While Unu’s success may have been a limited, some other hacker has been successful in compromising the official web page of Germany’s Interior Minister, Wolfgang Schäuble. The attacker exploited a security vulnerability in the Typo3 content management system and placed the “Visit: Vorratsdatenspeicherung” message on the site. The attack seems to have been spurred by the minister’s support for biometric passports and logging all email, internet, landline and mobile phone communications.
Tags: F-Secure, Unu, Kaspersky, BitDefender, Germany, Interior Minister
“During the last few days a Romanian group has been doing SQL injection attacks on several security vendor's websites and early this morning they hit us,” replied F-Secure. “One of our servers used in gathering malware statistics had a page that didn't properly sanitize input and was therefore vulnerable to attack. Fortunately we utilize defense-in-depth strategies so the attack was only partly successful. Although the attackers were able to read information from the database they couldn't write or manipulate it. And they couldn't access any other data on that server because the SQL user only had access to its own database, which only contains public information that is shown on our statistics pages. So while the attack is something we must learn from and points at things we need to improve, it's not the end of the world.”
Advertising
It may not be “the end of the world” but it is properly embarrassing when a company that specializes in security solutions is vulnerable to some sort of exploit or attack.
While Unu’s success may have been a limited, some other hacker has been successful in compromising the official web page of Germany’s Interior Minister, Wolfgang Schäuble. The attacker exploited a security vulnerability in the Typo3 content management system and placed the “Visit: Vorratsdatenspeicherung” message on the site. The attack seems to have been spurred by the minister’s support for biometric passports and logging all email, internet, landline and mobile phone communications.
Tags: F-Secure, Unu, Kaspersky, BitDefender, Germany, Interior Minister
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 09 Feb 2012
Redmond-based software giant Microsoft is giving all US residents the chance to win a Pink Sony VAIO Y laptop (ARV $6,000) as part of a Valentine’s Day Sweepstakes
By George Norman on 09 Feb 2012
The latest stable version of Google Chrome web browser is v. 17.0 which was rolled out to the public on Wednesday, the 8th of February, one day after the release of Chrome for Android Beta 1Related News
By George Norman on 23 Sep 2011
F-Secure, Finland-based company that specializes in providing antivirus and security software solutions, has recently announced that it released a new app that’s meant to keep you safe on
By George Norman on 01 Nov 2011
Great news comes from F-Secure, Finland-based company that specializes in providing antivirus and security software solutions. The company is running a sweepstakes and it’s giving you the chance to win a 
By George Norman on 03 Jan 2012
This holiday season a lot of people spent their money on iOS and Android-powered devices – daily activations on Christmas Day 2011 went up to 6.8 million, according to figures provided by
By George Norman on 23 Dec 2011
Here’s a bunch of holiday season news from around the web, news I thought you may want to know about. Advertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
SQL Injection Attack on F-Secure, Site of Germany Ministry of Interior Successfully Hacked
HTML Linking Code
HTML Linking Code