backtop


Print 25 comment(s) - last by teohhanhui.. on Feb 11 at 1:29 PM


SQL injection  (Source: HackersBlog)
Although there are a lot of high-profile hacker intrusions these days, it normally doesn't happen to security companies... but it recently did to Kaspersky

Security firm Kaspersky Security has been left embarrassed after a hacker informed them that a customer information database was left exposed for 11 days before the security firm was able to secure it.

"Honestly, this is not good for any company and especially not good for a company dealing with security," Kaspersky senior antivirus researcher Roel Schouwenberg said during a media phone conference.  "This should not have happened.  We are now doing everything within our power to do the forensics on the case, and to prevent this from happening again."

Although no customer information was reportedly accessed by the intruder, the millions of customers who have used Kaspersky may think twice before doing so again.  In total, 2,500 users' e-mail addresses and around 25,000 product activation codes were at risk over the 11-day period.

A posting on the Hackersblog.org web site includes screenshots of the hacker who used an SQL injection to access the company's database.  It looks like a part of Kaspersky's U.S. support site was breached using the SQL injection attack -- the site was created an unnamed third party and was not reviewed properly by the security company prior to being used on the site.

"Alter one of the parameters and you have access to EVERYTHING: users, activation codes, lists of bugs, admins, shop, etc.," the blog entry on Hackersblog.org indicates.

The U.S. support site officially went live on January 28 and was first marketed to the public on January 29, according to Kaspersky.  It doesn't look like the site was infiltrated by any other hackers since the site has been published.

Kaspersky has called upon Next Generation Security Software's David Litchfield, a security expert specializing in SQL injection attacks, to conduct an independent audit and security risk analysis of the company's web site.  Once finished, the report will be published on Kaspersky's web site for all visitors to see.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Irony
By tastyratz on 2/10/2009 8:01:30 AM , Rating: 2
Of all the companies for this to happen to, this is just ironic. I feel bad for Kaspersky because I like the products they offer, this isn't the bad PR they need.

Why couldn't this have happened to Norton? If I didn't know it was Kaspersky I would have guessed them. Would have been nice to see them knocked down to the level of AV companies that make a worthwhile product.




RE: Irony
By Iger on 2/10/2009 8:36:54 AM , Rating: 2
I don't know how Kaspersky position themselves in US, but in Russia/Ex-USSR their PR was extremely agressive bordering arrogant (We're the only AV company, Kaspersky considers This and thinks That).
I think the incident looks pathetic and serves them right.


RE: Irony
By Dreifort on 2/10/2009 9:18:31 AM , Rating: 3
Didn't happen to Norton because they are the best. ;)

The reason ppl hate Norton on their PC (myself incl) is because they are sooooo good, they lock almost everything down on correct settings. Too bad it takes 10 mins just to open your web browser though...

When databases get exposed like this, I tend to wonder how much of the "Hacking" was done internally?


RE: Irony
By dj LiTh on 2/10/2009 9:24:48 AM , Rating: 5
Um personally, having fixed countless computers infected with virus's with Norton installed and running, i'd say the reason why people hate norton is because it doesnt work, and when it does it cripples your computer to the point that you might as well of had an antivirus on your computer.


RE: Irony
By chick0n on 2/10/09, Rating: -1
RE: Irony
By Dreifort on 2/10/2009 10:40:17 AM , Rating: 2
I don't know of any AV program that gives 100% protection. That's why I personally use several different programs at once. Something about eggs in one basket...

Relying on one program/company to protect you from Viruses, Root kits, Spyware, etc...doesn't make sense. I like Trend personally, but I can't expect them to run my firewall, monitor 24/7 for viruses and prevent spyware. I don't know of a program that can efficiently do all 3. But I know several programs that can do each proficiently.


RE: Irony
By excrucio on 2/10/2009 12:08:55 PM , Rating: 1
You're partially correct.

Norton 2008 and prior completely cripples the computer. Any Norton Internet Security is crap and 360 is even worse.

As far as Norton 2009 Antivirus with Anti-Spyware is probably their best version to date.

Norton Corporate version is even better.
yes you heard me. Norton Corporate is so light, and very reliable.

Kaspersky is a OK program, i used to think they were good until i really started to experience the program.

Here's something to think about though.

The avarage computer user tends to think that by having a antivirus product, they will be automatically immune to infections. No, this is not true. Some antivirus wil do the favor of doing LIVE monitoring, such as Avira and AVG, but some won't such as Norton.

Bottom line is: People you have to press the SCAN button to catch the infection most of the time! You HAVE to scan a file that you've downloaded and is unsure of.


Don't rate me down. I've been doing work for the public here in NJ and I am safe to say the store I work for does a great job. I am good at what I do. Take my tip and stick with norton simplest products they are pioneers.

AVG-free is another great option go for it.

Want more?

www.youtube.com/rkasnake I will soon be talking about computers for those who need help deciding which products or what to do with things involving PC.

Cheers!


RE: Irony
By threepac3 on 2/10/2009 1:16:54 PM , Rating: 1
Norton Internet Security 2009 is just as fast. It includes Norton Ativir 2009 and Norton firewall. It runs clean and fast, as fast as Avast! which is what I used to use. You can use this product on 3 machines out of the box, which is awesome.

Norton still has work to do in there PR department. Most techs still thinks Norton is a resource hog that cripples machines by the dozen.


RE: Irony
By teohhanhui on 2/11/2009 1:29:08 PM , Rating: 2
With Norton off the list now AVG is easily one of the worst anti-virus programs you could be using. If you want it free, Avira AntiVir or avast! would be much better.


RE: Irony
By m4elstrom on 2/10/2009 12:07:21 PM , Rating: 2
If it was a sql injection attack then the hacking most likely happened on the web and was not an "inside job". Being a web developer myself I can say, its true that sometimes we don't secure backends and company domains that much, we focus more on what is published on the web, but nevertheless preventing a sql injection is quite easy these days. They were either careless or "n00bs".


RE: Irony
By Etsp on 2/10/2009 12:11:19 PM , Rating: 2
I think this comic sums it up quite nicely....

http://xkcd.com/327/


RE: Irony
By m4elstrom on 2/10/2009 2:24:03 PM , Rating: 2
LOL that was pure gold, the sad thing is that stuff can be pulled off by a brain damaged monkey. BTW nice comic.


Dodged a bullet
By dj LiTh on 2/10/2009 8:03:40 AM , Rating: 1
Recently when i became fed up with my AVG antivirus free edition (resource hog, false positives, sometimes updates wouldnt work needing to find a file to delete or simply reinstall it). I was on the fence to sign up for kaspersky antivirus as i've heard and read good things about them. I'm sure glad i didnt after reading this article. I'm currently not using any antivirus, and i am very careful at what i download (no 50kb exe's etc, obvious stuff). I've never been happier with my computer since i ditched the anti virus programs. I wouldnt recommend this strategy for everybody (i'm a MCSE + a few others certs, so if i do get infected i know what to do). But for those who know what their doing on a personal computer this is definitely the way i'm going. As far as companies are concerned i definitely DONT recommend uninstalling anti virus software as most of your users are ...how can i put it.... bottom feeders (brain capacity wise).

P.S. although i do admit i'm extra paranoid now monitoring my outbound/inbound traffic like a hawk and cpu utilization like a soup nazi (no cpu for you! back of line, end task). In the end though i'm happy.




RE: Dodged a bullet
By tastyratz on 2/10/2009 8:21:34 AM , Rating: 2
Easy to say when you don't have a virus... yet. I wouldn't recommend ditching the AV because even though most viruses are spread through stupid user trickery (here I sent you valentinescard.exe open the email!) there are still very realistic issues of trojans.
If a security firm who does this for a living can be compromised, then what your doing is simply Russian roulette. Sure you can dodge the obvious bullets, but you cant see them all coming.

Why don't you instead research a more unobtrusive lower footprint AV solution such as nod32?

fwiw I am certified mcdst, etc (whole bunch of letters after my name)
so I know when something seems fishy... but my training has also taught me to be properly protected.


RE: Dodged a bullet
By seilerbird on 2/10/2009 10:26:32 AM , Rating: 1
Oh please, I have never run anti-virus in the 30 years that I have been a geek and I have never gotten a virus. I don't run anti-malware or any of those other stupid programs. The cure is worse than the cold. If you have a clue and know what you are doing it is impossible to get infected. It is possible to get a virus or malware even though you are running anti-virus software. It is a false sense of security. Knowledge of safe computing rules is the only way to stay virus free.


RE: Dodged a bullet
By Dreifort on 2/10/2009 10:45:23 AM , Rating: 2
Is this Alan Seiler in Socorro, NM? IP address 192.35.210.87?


RE: Dodged a bullet
By SilthDraeth on 2/10/2009 11:54:36 AM , Rating: 2
That about sums up all the statements people make about not needing AV solutions etc.

Good post. I would rate you up, but I believe a lot of people won't catch the meaning behind your post.


RE: Dodged a bullet
By serulin on 2/10/2009 1:21:44 PM , Rating: 1
True that man. Iv messed with computers since I was a kid (21 now). And viruses are something "computer users" can learn to deal with in time, experience and lots of mistakes. Although some may never learn, or even know whats wrong if they dont try to find that knowledge. I remember back then I used to get so many viruses, I would download anything, never scan them, check them, look for comment reviews or anything. And that is YOUR AVERAGE DAY COMPUTER USER in this present day and age. There are so many internet n00bs out there that just learned about how to torrent or download mp3s off sites and all this technical stuff and they complain about viruses. And this is not your MOM or DAD it can even be your friend who just plays mmorpgs but knows jack shit about anything else online. As technology veterans we know, what file to be suspicious about, what sites look like scams, and what programs seem to be malware. We know how to remove malware off our computers manually and with software. But the average computer user doesnt, And luckly, some learn, but others never do.

THIS "knowledge", people, is more valuable than any tool (AV software) that you can find. Take some time and learn people. Unfortunately, easier said than done. If you dont mess with computers often, know your way around torrent sites, your probably the average comp user and dont want to spend the time on this. But theres never, no time. Its just how you choose to spend your time.


RE: Dodged a bullet
By Etsp on 2/10/2009 12:15:39 PM , Rating: 2
I also put in my vote for Nod32... It uses the latest and greatest of programming languages.... ASSEMBLY! (No, this really is an advantage, it's hard as hell to work with, but it's EXTREMELY efficient once compiled.)


Maybe not?
By ElementZero on 2/10/2009 8:54:08 AM , Rating: 5
Just went to Kaspersky's website and they have the following statement in the news section:

"Kaspersky Lab, a leading developer of secure content management systems, has detected a hacker attack on usa.kaspersky.com – the official website of the company’s US office. The attack was unsuccessful and, despite their attempts, the hackers were unable to gain access to restricted information stored on the website. Claims by the hackers responsible for the attack that they had managed to gain access to user data are untrue."

http://www.kaspersky.com/news?id=207575747

Soooo - either they are lying, or the hackers pictures are fake?




Kaspersky vs eset
By CupCak3 on 2/10/2009 9:07:11 AM , Rating: 2
I was on the fence with kaspersky vs eset.... I guess this makes my choice a lot easier!

(Joking aside eset's better mutliyear licensing made the choice for me, but it'll be interesting if the hackers were really successful)




recent problems with my version
By fugdabug on 2/10/2009 10:22:58 AM , Rating: 2
During the attacks that just loosed that 'canned worm of worms' My PCSheild Deluxe got kitty-wumpus AND I did notice over the past year an increase in failures of update segments, that got rather interesting of late! However I do have a firewall that is reliable and has helped protect me.
However with a re-install of my entire system I had trouble being licensed again... and with persistence it too is back to working properly... p.s. if you lose an up-date just copy and paste the specific address - minus date time etc. into the search bar you will be asked to save or open with an app (choose your kaspersky based app) and it will auto run the download directly (works 99.9999% of the time!) YOU DON'T have to send your ENTIRE DISK CONTENT to them as they will request you do... interesting that... Well upward and onward Adam Ant!




Kaspersky site...Hack
By Jayw on 2/10/2009 3:22:17 PM , Rating: 2
Igor Kurzin
View Member Profile Yesterday, 13:59 Post #8

Security Expert

Group: Admin
Posts: 763
Joined: 4.04.2005
From: KL HQ

On Saturday, February 7, 2009, a vulnerability was detected on
usa.kaspersky.com website when a hacker made an attempt to attack. After
disclosing the vulnerability the site was vulnerable for a brief period,
and upon detection of the vulnerability, we immediately took action to
roll back the subsection of the site. The problem was eliminated within
30 minutes of detection. Fortunatly, no sensitive data was stolen from the site.

We expect a press-release today concerning this issue.

This is right from Kaspersky forums...

All you guys are both right...concerning running AV or not to run AV...If you really want to be safe IMO...just unplug that Ethernet cable :)




Call to all Programmers
By Schmide on 2/10/2009 4:05:47 PM , Rating: 2
Declare your variables!!!!!!!!!!!!!




BitDefender Rulez!!!
By skycrapper on 2/11/2009 4:42:50 AM , Rating: 2
I experienced many cases where BitDefender detected virus signatures that slipped pass through Kapersky's gates . . .




"There is a single light of science, and to brighten it anywhere is to brighten it everywhere." -- Isaac Asimov











botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki