RSS Alerts

Related Stories

  • Weekly brief, January 18 2010
    Infosecurity rounds up the security news from the past week.
  • Using Information Security to Protect Critical National Infrastructure: Energy Sector is Hackers’ Biggest Target
    The oil and gas industries are natural targets for cyber-criminals due to sensitive data and very deep pockets. With the introduction of newer IT technologies, such as wireless and even social networking, the jobs of the information security teams are not getting any easier. John Sterlicchi reports
  • Interview: Charles Palmer
    No shortage of attention has been paid to the topic of cybersecurity as of late, especially with respect to the role of government. All talk aside, what is being done to address the threats, and how real are they? Drew Amorosi sits down with Charles Palmer, the director of IBM’s Institute for Advanced Security, and learned that although the US may have cybersecurity challenges, the first step toward recovery is admitting that we have a problem
    Members' Content
  • Securing the Friendly Skies
    Aviation security and information security are inextricably linked. So much of what makes up aviation security depends on sound information security; encompassing the protection of intelligence, procedural, systems, and network data. For all-too-obvious reasons, much of what goes on behind the scenes at airports with respect to information security is a closely guarded secret, whether it is the alphabet soup of governmental agencies in play or the airlines themselves. Drew Amorosi reports
    Members' Content
  • Comment: Automated security analysis – learning to love change
    Change is the only constant in security – new users, new apps, growing networks and new threats mean recurring headaches for security teams. So how can IT stay ahead of change when everything is in flux? Gidi Cohen of Skybox Security shows how
    Members' Content

News

Kaspersky site hacked over weekend

04 February 2009

Anti-malware vendor Kaspersky's site was hacked over the weekend, using an SQL injection attack. While admitting that the site was vulnerable, Kaspersky is denying that the vulnerabiity was critical. The hacker nevertheless listed what he said was the full set of tables from the firm's MySQL database.

A post on a hacking blog claimed to show images of the site being hacked by changing parameters in the URL.

"Kaspersky is one of the leading companies in the security and antivirus market. It seems as though they are not able to secure their own data bases," said the poster. "Alter one of the parameters and you have access to EVERYTHING: users, activation codes, lists of bugs, admins, shop, etc."

"A vulnerability was detected on a subsection of the usa.kaspersky.com domain when a hacker attempted an attack on the site," the company responded in a statement over the weekend. "The site was only vulnerable for a very brief period, and upon detection of the vulnerability we immediately took action to roll back the subsection of the site and the vulnerability was eliminated within 30 minutes of detection. The vulnerability wasn’t critical and no data was compromised from the site."

 

This article is featured in:
Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water