TweakTown
Tech content trusted by users in North America and around the world
5,683 Reviews & Articles | 36,170 News Posts
Weekly Giveaway: Fractal Design Arc Cases Contest (Global Entry!)

Kaspersky US site hacked with full DB access

Security Firm insecure

| Posted: Feb 9, 2009 4:13 pm

Security firm Kaspersky had its US website subjected to a SQL injection attack recently. The attack, which used SELECT statements to force the SQL backend to cough up a listing of tables, was announced on the 6th by the person claiming responsibility for the attack. Kaspersky did not respond until 24 hours later with a small statement claiming that the attack was halted in 30 minutes and no data was affected.

 

The story would end here if it were not for the fact that the attack actually took place several days earlier according to an Admin at Hackerblog.com. The hacker who discovered the vulnerability only went public after receiving no response from Kaspersky.

 

As for the claim that no data was exposed that is also not true as a full list of the tables in the data base are listed over at hackerblog.com. The hackers responsible for finding the vulnerability stated they did not download any user data as this was not the intention of the exercise and only wanted to point out the issue to Kaspersky.

 

Read more

Related Tags

Further Reading: Read and find more news at our news index page.

Do you get our news RSS feed? Get It!

Post a Comment about this news

Latest Tech News Posts

View More News Posts

Latest Downloads

View More Latest Downloads

TweakTown Web Poll

Question: Did EA kill the Battlefield franchise with the terrible BF4 issues?

Yes, Battlefield is doomed

No, Battlefield will live on strong

I'm not sure, but I know EA needs to improve its game

or View the Results

View More Polls

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases
Get TweakTown updates via Facebook!
Just click the "Like" button below