Re: Kaspersky denies data leak following SQL hack

[Juha-Matti Laurio <juha-matti.laurio () netti fi>]

Kaspersky's response is located at
http://www.viruslist.com/en/weblog?weblogid=208187633
(What really happened to usa.kaspersky.com/support)

"We confirm that the vulnerability existed in the new version of usa.kaspersky.com/support. We analyzed the log files 
and found requests with SQL injection.
There were several attackers with IP addresses from Romanian ISPs. The requests were initially made with an automated 
tool - the screenshots showed that the hackers used a free edition of an Acunetix tool."

Related:
Kaspersky hires expert to analyze Web site hack:
http://news.cnet.com/8301-1009_3-10159640-83.html

Juha-Matti

Juha-Matti Laurio [juha-matti.laurio () netti fi] kirjoitti: 
> New information to weekend's SQL injection case:
>
> "Russian antivirus vendor Kaspersky Labs's US website was hacked over the weekend, exposing the company's customer 
> database,
> but Kaspersky has denied data was compromised and says the vulnerability wasn't critical.
>
> An unidentified hacker reported over the weekend that he was able to access a complete profile of the company's 
> databases,
> revealing its clients' names, activation codes, list of bugs the company tracks and client email addresses."
> --clip--
>
> More at
> http://news.zdnet.co.uk/security/0,1000000189,39613858,00.htm
>
> Juha-Matti
> _______________________________________________

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.