Feeds

back to article Kaspersky breach exposes sensitive database, says hacker

A security lapse at Kaspersky has exposed a wealth of proprietary information about the anti-virus provider's products and customers, according to a blogger, who posted screen shots and other details that appeared to substantiate the claims. In a posting made Saturday, the hacker claimed a simple SQL injection gave access to a …

COMMENTS

This topic is closed for new posts.
Silver badge

Physician...

...heal thyself!

0
0
Flame

not so great

Finally a way to complain about kaspersky !

I tried the evaluation version on a PC that had many trojans,

it found them then put them in quarantine.

There was NO way to delete from, NONE at all.

Then 24h later it thought "well, it seems there is no problem on this PC,

why not take the quarantine thingies out ?" and actually put them back !!!

I zapped the stupid antivirus and installed another one.

Such stupid way of dealing with problems sure had to surface someplace else !

0
0
Happy

oh dear...

(in gayest possible voice): embarrassing!!!

Although equally embarrassing is the AVG guy using IRC shortcuts in e-mail. Next it'll be 1337!!

0
0
Thumb Down

So much for Russian security

And for some reason I trusted the Ruskies to be better at computer security than the Yanks. How wrong I was...or at least they as bad as each other. Who to turn to now? Probably the Germans with Avira?

0
0
Happy

@oh dear... and @So much for Russian security

re: oh dear...

>Although equally embarrassing is the AVG guy using IRC shortcuts in e-mail.

You infer, solely from the word "wrote", that he was using e-mail? I infer from the IRC speak that he was writing in an IRC conversation, just like the Ptacek bloke mentioned immediately prior.

re: So much for Russian security

LOLWUT? "Russian security" ROFLMFAO *wipes tears from eyes* I'm pretty sure that's an oxymoron on the same order as "military intelligence"...

0
0
Paris Hilton

Great detection rates

Kaspersky have great detection rates and the software is magnificent on a low resource laptop. Can't believe they made such a lapse, and I wonder if they don't use their own software on their servers??!!

They'd better fill them holes quickly.

Paris, because she enjoys....!!

0
0
Boffin

SQL injection, not anti-virus

Just to correct an assumption by a few commenters:

This looks like an SQL injection attack, which has nothing to do with how effective (or not) their anti-virus product is.

If I'm right, I'd fire the guy that still hasn't learned about basic precautions in website design/coding.

0
0
Thumb Down

hackers or wannabe ?

this bug was found with dorks query on google and exploited with schemafuzz.py ! that's all.

90% websites/forums are vulnerable to sql injection so I don't see where is the problem.

0
0
Silver badge
Paris Hilton

@Fugitif

"90% websites/forums are vulnerable to sql injection..." [citation needed]

"...so I don't see where is the problem."

ODFO

0
0
Bronze badge
Thumb Down

@oh dear... and @So much for Russian security

@Anonymous Coward 18:16 GMT 'You infer, solely from the word "wrote", that he was using e-mail? I infer from the IRC speak that he was writing in an IRC conversation, just like the Ptacek bloke mentioned immediately prior.'

No, I assume that he inferred it, as I did, based on the use of the moniker "/me" instead of the perpendicular pronoun "I".

0
0

Has *EVERYTHING* To Do With Their "Security" Products

Hey donkey,

Refusing to come clean = corporate rot.

Corporate rot = swiss cheese all the way down the corporate food chain.

If they can't secure their customers, then how the F can they secure their customers?

DUUUUUUUUUUUH Too simple for blender minds.

0
0
Flame

Just goes to show..

No matter how clever you think you are Web Programmers no SH@t about security!

0
0

isn't that against the law?

isn't hacking a protected computer against the law?

then to post screen shots of what you done, well assine?

0
0

@webdude

Illegal or not, it makes an interesting point that a computer security company could overlook a glaring hole like this.

Besides, the guy putting it out in the open was probably primarily to light a fire under the arse of Kapersky's designers to fix it. Security? Lead by example and all that.

0
0
Linux

SQL Injections *Pehhh*

SQL Injections are nothing new. I find hundreds every day. Some are on large websites. I have written scripts that can dump databases from browser sql injections all the time. Just sucj large sites are not uncommon to find SQL or XSS

0
0
This topic is closed for new posts.