|
Report: Top Software
Security Company's Websites Are Constantly Hacked. Then It
Gets Embarrassing
Same SQL injection attack
technique is used more than once
|
Do you trust your computer
protection to Kaspersky? Well, maybe
you should hope they don't.
A hacker on Hackersblog.org
has presented evidence that he hacked into the US Kaspersky website using a simple SQL injection technique,
previously used some months earlier to hack into a different Kaspersky website,
to gain access to "EVERYTHING:
users, activation codes, lists of bugs, admins, shop,
etc". The hack is simply done by adding a small
bit of information to the URL used to access the site.
Kaspersky has admitted to the hacking.
According to Gunter Ollmann, chief security strategist at IBM Internet
Security Systems, "This
type of critical flaw can probably be used to usurp
legitimate purchases and renewals of their products - which could
include the linking to malicious and backdoored versions of their
software - thereby infecting those very same customers that were
seeking protection from malware in the first place."
The hacker said the exercise was done to show the vulnerability and no
information was stolen. However hackers preceding him, may
not have been so kind.
"Furthermore, a Google search for
"Kaspersky" on the security
news website Zone-H.org reveals a string of other successful
attacks on Kaspersky websites around the world.."
So, what does Kaspersky do to
protect your website? They act as a decoy so hackers will
leave your site alone.
The Age (Australia)
09-Feb-09
Click here for original story
|
|
 Stumble It!
|
|
|
|
|
Bonehead Of The Day
Award
Add The Bonehead Of The Day Google Gadget To Your Webpage
Click here to
see what it looks like ando find out how to get it
|
|
