funsec mailing list archives
Re: Kaspersky denies data leak following SQL hack
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Tue, 10 Feb 2009 13:28:36 +0200 (EET)
Kaspersky's response is located at http://www.viruslist.com/en/weblog?weblogid=208187633 (What really happened to usa.kaspersky.com/support) "We confirm that the vulnerability existed in the new version of usa.kaspersky.com/support. We analyzed the log files and found requests with SQL injection. There were several attackers with IP addresses from Romanian ISPs. The requests were initially made with an automated tool - the screenshots showed that the hackers used a free edition of an Acunetix tool." Related: Kaspersky hires expert to analyze Web site hack: http://news.cnet.com/8301-1009_3-10159640-83.html Juha-Matti Juha-Matti Laurio [juha-matti.laurio () netti fi] kirjoitti:
New information to weekend's SQL injection case: "Russian antivirus vendor Kaspersky Labs's US website was hacked over the weekend, exposing the company's customer database, but Kaspersky has denied data was compromised and says the vulnerability wasn't critical. An unidentified hacker reported over the weekend that he was able to access a complete profile of the company's databases, revealing its clients' names, activation codes, list of bugs the company tracks and client email addresses." --clip-- More at http://news.zdnet.co.uk/security/0,1000000189,39613858,00.htm Juha-Matti _______________________________________________
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Kaspersky denies data leak following SQL hack Juha-Matti Laurio (Feb 09)
- <Possible follow-ups>
- Re: Kaspersky denies data leak following SQL hack Juha-Matti Laurio (Feb 10)