Unu Strikes Again, Hacks BitDefender
Unu, the Romanian hacker that blew the whistle on the SQL injection vulnerability affecting the Kaspersky USA web page has done it again: this time he has discovered a vulnerability affecting the BitDefender Portugal site. By means of SQL injection he managed to gain access to loads of confidential data such as admin usernames, passwords, sales tables, customer details and email addresses, and so on.
Just as in the case of the Kaspersky SQL injection, Unu has posted several pictures depicting his accomplishments: “It seems Kaspersky aren’t the only ones who need to secure their database. BitDefender has the same problems. The images speak for themselves. First we see the version, user and name of the Data Base. Now let’s see the Admin userName, userPass, sessionID and lastlog. Here’s an injection that returns thousands of lines where we see personal details of the customers, tabel vendas (sales table),” he says.
The list of customer email addresses alone makes is worth it for spammers to take advantage of the poorly programmed database – with a simple SQL injection they have access to a whole list of verified and authentic addresses which can be later on exploited. The least worrisome situation would be bombarding the inboxes of these people with “Genuric Viagr@” messages; but what is stopping someone with malicious intent to launch a phishing attempt? We can only take comfort on the fact that Unu will not disclose details about the vulnerability, just as he did in the Kaspersky situation. The other consolation is that since BitDefender is based in Romania, the communication process between Unu and the aforementioned security software developer will go smoothly.
In related security news, it must be said that Microsoft will release a patch tomorrow, the 10th of February 2009. With this month’s Patch Tuesday the Redmond software developer will address two critical vulnerabilities in Internet Explorer and Microsoft Exchange Software and two important vulnerabilities in Microsoft Office and Microsoft SQL.
Tags: BitDefender, SQL
Just as in the case of the Kaspersky SQL injection, Unu has posted several pictures depicting his accomplishments: “It seems Kaspersky aren’t the only ones who need to secure their database. BitDefender has the same problems. The images speak for themselves. First we see the version, user and name of the Data Base. Now let’s see the Admin userName, userPass, sessionID and lastlog. Here’s an injection that returns thousands of lines where we see personal details of the customers, tabel vendas (sales table),” he says.
Advertising
The list of customer email addresses alone makes is worth it for spammers to take advantage of the poorly programmed database – with a simple SQL injection they have access to a whole list of verified and authentic addresses which can be later on exploited. The least worrisome situation would be bombarding the inboxes of these people with “Genuric Viagr@” messages; but what is stopping someone with malicious intent to launch a phishing attempt? We can only take comfort on the fact that Unu will not disclose details about the vulnerability, just as he did in the Kaspersky situation. The other consolation is that since BitDefender is based in Romania, the communication process between Unu and the aforementioned security software developer will go smoothly.
In related security news, it must be said that Microsoft will release a patch tomorrow, the 10th of February 2009. With this month’s Patch Tuesday the Redmond software developer will address two critical vulnerabilities in Internet Explorer and Microsoft Exchange Software and two important vulnerabilities in Microsoft Office and Microsoft SQL.
Tags: BitDefender, SQL
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 10 Feb 2012
With the release of Wolfram|Alpha Pro, the team behind the popular computational knowledge engine took a very big step forward
By George Norman on 10 Feb 2012
Microsoft has just announced that this February, as part of the Patch Tuesday program, it will roll out a grand total of 9 security bulletins to all customers all over the world.Related News
Advertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
Unu Strikes Again, Hacks BitDefender
HTML Linking Code
HTML Linking Code