backtop


Print


SQL injection  (Source: HackersBlog)
Although there are a lot of high-profile hacker intrusions these days, it normally doesn't happen to security companies... but it recently did to Kaspersky

Security firm Kaspersky Security has been left embarrassed after a hacker informed them that a customer information database was left exposed for 11 days before the security firm was able to secure it.

"Honestly, this is not good for any company and especially not good for a company dealing with security," Kaspersky senior antivirus researcher Roel Schouwenberg said during a media phone conference.  "This should not have happened.  We are now doing everything within our power to do the forensics on the case, and to prevent this from happening again."

Although no customer information was reportedly accessed by the intruder, the millions of customers who have used Kaspersky may think twice before doing so again.  In total, 2,500 users' e-mail addresses and around 25,000 product activation codes were at risk over the 11-day period.

A posting on the Hackersblog.org web site includes screenshots of the hacker who used an SQL injection to access the company's database.  It looks like a part of Kaspersky's U.S. support site was breached using the SQL injection attack -- the site was created an unnamed third party and was not reviewed properly by the security company prior to being used on the site.

"Alter one of the parameters and you have access to EVERYTHING: users, activation codes, lists of bugs, admins, shop, etc.," the blog entry on Hackersblog.org indicates.

The U.S. support site officially went live on January 28 and was first marketed to the public on January 29, according to Kaspersky.  It doesn't look like the site was infiltrated by any other hackers since the site has been published.

Kaspersky has called upon Next Generation Security Software's David Litchfield, a security expert specializing in SQL injection attacks, to conduct an independent audit and security risk analysis of the company's web site.  Once finished, the report will be published on Kaspersky's web site for all visitors to see.





"There is a single light of science, and to brighten it anywhere is to brighten it everywhere." -- Isaac Asimov




Latest Blog Posts
Around the World
Saimin Nidarson - Feb 18, 2017, 5:48 AM
News of Future
Saimin Nidarson - Feb 17, 2017, 6:30 AM
Some News
Saimin Nidarson - Feb 14, 2017, 5:36 AM
What's New?
Saimin Nidarson - Feb 10, 2017, 6:15 AM
Unleashed News
Saimin Nidarson - Feb 9, 2017, 6:00 AM
Eye catching news
Saimin Nidarson - Feb 8, 2017, 6:16 AM
Some World News
Saimin Nidarson - Feb 7, 2017, 6:15 AM
Today’s news
Saimin Nidarson - Feb 6, 2017, 10:11 AM
Some News
Saimin Nidarson - Feb 5, 2017, 7:27 AM
Notes and News
Saimin Nidarson - Feb 4, 2017, 5:53 AM
World News
Saimin Nidarson - Feb 3, 2017, 5:30 AM
Gadget News
Saimin Nidarson - Feb 2, 2017, 7:00 AM
News Around The World.
Saimin Nidarson - Feb 1, 2017, 7:20 AM
Some News
Saimin Nidarson - Jan 31, 2017, 7:57 AM
Tips of Today
Saimin Nidarson - Jan 30, 2017, 6:53 AM
What is new?
Saimin Nidarson - Jan 29, 2017, 6:26 AM






botimage
Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki