Unu Strikes Again, Hacks BitDefender
Article by George Norman
On 09 Feb 2009
Unu, the Romanian hacker that blew the whistle on the SQL injection vulnerability affecting the Kaspersky USA web page has done it again: this time he has discovered a vulnerability affecting the BitDefender Portugal site. By means of SQL injection he managed to gain access to loads of confidential data such as admin usernames, passwords, sales tables, customer details and email addresses, and so on.

Just as in the case of the Kaspersky SQL injection, Unu has posted several pictures depicting his accomplishments: “It seems Kaspersky aren’t the only ones who need to secure their database. BitDefender has the same problems. The images speak for themselves. First we see the version, user and name of the Data Base. Now let’s see the Admin userName, userPass, sessionID and lastlog. Here’s an injection that returns thousands of lines where we see personal details of the customers, tabel vendas (sales table),” he says.

Advertising

The list of customer email addresses alone makes is worth it for spammers to take advantage of the poorly programmed database – with a simple SQL injection they have access to a whole list of verified and authentic addresses which can be later on exploited. The least worrisome situation would be bombarding the inboxes of these people with “Genuric Viagr@” messages; but what is stopping someone with malicious intent to launch a phishing attempt? We can only take comfort on the fact that Unu will not disclose details about the vulnerability, just as he did in the Kaspersky situation. The other consolation is that since BitDefender is based in Romania, the communication process between Unu and the aforementioned security software developer will go smoothly.

In related security news, it must be said that Microsoft will release a patch tomorrow, the 10th of February 2009. With this month’s Patch Tuesday the Redmond software developer will address two critical vulnerabilities in Internet Explorer and Microsoft Exchange Software and two important vulnerabilities in Microsoft Office and Microsoft SQL.



Tags: BitDefender, SQL
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
By George Norman on 31 May 2017
Having lots of devices connected to your network and the internet isn't a problem, as long as you keep the bad guys out of the picture. That’s crucial, because they'll exploit any vulnerability that they can find.
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Unu Strikes Again, Hacks BitDefender
HTML Linking Code