SQL Injection Attack on F-Secure, Site of Germany Ministry of Interior Successfully Hacked
Article by George Norman
On 12 Feb 2009
The Romanian hacker that made the news this week by blowing the whistle on an SQL injection affecting two of the best known security software developers, Kaspersky and BitDefender, is not resting on his laurels and is now putting the Finish experts from F-Secure to the test. According to Unu, the alias used by the hacker in question, the web page of F-secure is vulnerable to SQL injection and XSS (cross site scripting); the good thing is that no confidential or sensitive data has been leaked. The only info that Unu managed to access is related to past virus activity and some statistics.

“During the last few days a Romanian group has been doing SQL injection attacks on several security vendor's websites and early this morning they hit us,” replied F-Secure. “One of our servers used in gathering malware statistics had a page that didn't properly sanitize input and was therefore vulnerable to attack. Fortunately we utilize defense-in-depth strategies so the attack was only partly successful. Although the attackers were able to read information from the database they couldn't write or manipulate it. And they couldn't access any other data on that server because the SQL user only had access to its own database, which only contains public information that is shown on our statistics pages. So while the attack is something we must learn from and points at things we need to improve, it's not the end of the world.”


It may not be “the end of the world” but it is properly embarrassing when a company that specializes in security solutions is vulnerable to some sort of exploit or attack.

While Unu’s success may have been a limited, some other hacker has been successful in compromising the official web page of Germany’s Interior Minister, Wolfgang Schäuble. The attacker exploited a security vulnerability in the Typo3 content management system and placed the “Visit: Vorratsdatenspeicherung” message on the site. The attack seems to have been spurred by the minister’s support for biometric passports and logging all email, internet, landline and mobile phone communications.

Tags: F-Secure, Unu, Kaspersky, BitDefender, Germany, Interior Minister
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
SQL Injection Attack on F-Secure, Site of Germany Ministry of Interior Successfully Hacked
HTML Linking Code