Hacker Claims SQL Bug on Symantec Site

[InfoSec News <alerts () infosecnews org>]

http://www.pcworld.com/businesscenter/article/159861/hacker_claims_sql_bug_on_symantec_site.html

By Robert McMillan
IDG News Service
February 19, 2009

A Romanian hacker who has spent the past few weeks exposing a common, 
but dangerous, Web programming error on security vendors Web sites says 
he's found a SQL injection flaw on Symantec's Web site. But Symantec 
says it's not a security issue.

Still, Symantec was forced to pull down a section of the company's Web 
site Thursday after a Romanian hacker, going by the name Unu, claimed 
that he'd found the bug in Symantec's Document Download Center, a 
password-protected part of the company's site where channel partners can 
download sales materials for the company's products.

The site hosts marketing materials and Symantec said that no company or 
customer information was exposed.

"Symantec immediately took the site down, conducted comprehensive 
testing and determined that the issue is not a security vulnerability," 
the company said in a statement Thursday. "It appears that the 
individual who reported it based the report on an error message."

[...]


_______________________________________________      
Best Selling Security Books and More!
http://www.shopinfosecnews.org/