Friday, May 1, 2009
Antivirus Vendors Are Not Immune Hacker
Enter in the company's website hacker, even exacerbate, it is often heard. However, what if a web site that the hacker is a computer security company
That overrides the Kaspersky Labs, a security company in Russia ber office on 7 February. Company's web site for the United States (http://usa.kapersky.com) enter in the successful hacker, via SQL injection techniques (SQL injection attack).
It seems that the institutions that already piawai in the field of computer security can still vulnerable to it. In this case Kaspersky, the problem probably is not half-hearted.
In blogs, Hackersblog.org, hacker team that came from Romania with Kaspersky has been proud to mention loss of face due to attack.
"Kaspersky is one of the leading companies in antivirus and security market. However, it seems they are not able to secure their own data base," tulisnya.
Blog post also contains data showing a screenshot of their successful capture of the web server usa.kapersky.com.
Vulnerability is a consequence of the update on January 28, made by the administrators usa.kaspersky.com on the support of their web sites. Some of the program code that was not diunggah through the security review process should. As a result, during the 10 days the site is vulnerable to outside parties.
Hacker by the name of fictitious Unu said he can obtain access to the client's name, the activation code, bug lists, admin, and others. The Register even if the security hole was there, according to log (record) the web server, which does not have access to personal data from the client site usa.kaspersky.com.
Data is not important
According Schouwenberg, although hackers have successfully penetrate, he can only get the SQL table, but not the information in the table itself. Information such as your e-mail address and activation code never accessed.
Nevertheless the security hole does not mean that there is not worrying. When hackers are more sophisticated, he may already have access to the data, as he claims.
Kaspersky is not the only security company that enter in the SQL injection attacks. On the same blog that made the BitDefender Portugal penetrated the database. However, different from the U.S. Kaspersky, BitDefender Portugal is just a reseller.