Information Security News mailing list archives
Hacker Claims SQL Bug on Symantec Site
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 20 Feb 2009 03:46:02 -0600 (CST)
http://www.pcworld.com/businesscenter/article/159861/hacker_claims_sql_bug_on_symantec_site.html By Robert McMillan IDG News Service February 19, 2009 A Romanian hacker who has spent the past few weeks exposing a common, but dangerous, Web programming error on security vendors Web sites says he's found a SQL injection flaw on Symantec's Web site. But Symantec says it's not a security issue. Still, Symantec was forced to pull down a section of the company's Web site Thursday after a Romanian hacker, going by the name Unu, claimed that he'd found the bug in Symantec's Document Download Center, a password-protected part of the company's site where channel partners can download sales materials for the company's products. The site hosts marketing materials and Symantec said that no company or customer information was exposed. "Symantec immediately took the site down, conducted comprehensive testing and determined that the issue is not a security vulnerability," the company said in a statement Thursday. "It appears that the individual who reported it based the report on an error message." [...] _______________________________________________ Best Selling Security Books and More! http://www.shopinfosecnews.org/
Current thread:
- Hacker Claims SQL Bug on Symantec Site InfoSec News (Feb 20)