Back to the articlePhysician... #
Posted Sunday 8th February 2009 17:51 GMT
...heal thyself!
Kaspersky breach exposes sensitive database, says hacker
not so great #
Posted Sunday 8th February 2009 17:51 GMT
Finally a way to complain about kaspersky !
I tried the evaluation version on a PC that had many trojans,
it found them then put them in quarantine.
There was NO way to delete from, NONE at all.
Then 24h later it thought "well, it seems there is no problem on this PC,
why not take the quarantine thingies out ?" and actually put them back !!!
I zapped the stupid antivirus and installed another one.
Such stupid way of dealing with problems sure had to surface someplace else !
oh dear... #
Posted Sunday 8th February 2009 17:51 GMT
(in gayest possible voice): embarrassing!!!
Although equally embarrassing is the AVG guy using IRC shortcuts in e-mail. Next it'll be 1337!!
So much for Russian security #
Posted Sunday 8th February 2009 17:51 GMT
And for some reason I trusted the Ruskies to be better at computer security than the Yanks. How wrong I was...or at least they as bad as each other. Who to turn to now? Probably the Germans with Avira?
@oh dear... and @So much for Russian security #
Posted Sunday 8th February 2009 18:39 GMT
re: oh dear...
>Although equally embarrassing is the AVG guy using IRC shortcuts in e-mail.
You infer, solely from the word "wrote", that he was using e-mail? I infer from the IRC speak that he was writing in an IRC conversation, just like the Ptacek bloke mentioned immediately prior.
re: So much for Russian security
LOLWUT? "Russian security" ROFLMFAO *wipes tears from eyes* I'm pretty sure that's an oxymoron on the same order as "military intelligence"...
Great detection rates #
Posted Sunday 8th February 2009 18:39 GMT
Kaspersky have great detection rates and the software is magnificent on a low resource laptop. Can't believe they made such a lapse, and I wonder if they don't use their own software on their servers??!!
They'd better fill them holes quickly.
Paris, because she enjoys....!!
SQL injection, not anti-virus #
Posted Sunday 8th February 2009 20:57 GMT
Just to correct an assumption by a few commenters:
This looks like an SQL injection attack, which has nothing to do with how effective (or not) their anti-virus product is.
If I'm right, I'd fire the guy that still hasn't learned about basic precautions in website design/coding.
hackers or wannabe ? #
Posted Monday 9th February 2009 01:37 GMT
this bug was found with dorks query on google and exploited with schemafuzz.py ! that's all.
90% websites/forums are vulnerable to sql injection so I don't see where is the problem.
@Fugitif #
Posted Monday 9th February 2009 05:54 GMT
"90% websites/forums are vulnerable to sql injection..." [citation needed]
"...so I don't see where is the problem."
ODFO
@oh dear... and @So much for Russian security #
Posted Monday 9th February 2009 06:32 GMT
@Anonymous Coward 18:16 GMT 'You infer, solely from the word "wrote", that he was using e-mail? I infer from the IRC speak that he was writing in an IRC conversation, just like the Ptacek bloke mentioned immediately prior.'
No, I assume that he inferred it, as I did, based on the use of the moniker "/me" instead of the perpendicular pronoun "I".
Has *EVERYTHING* To Do With Their "Security" Products #
Posted Monday 9th February 2009 10:50 GMT
Hey donkey,
Refusing to come clean = corporate rot.
Corporate rot = swiss cheese all the way down the corporate food chain.
If they can't secure their customers, then how the F can they secure their customers?
DUUUUUUUUUUUH Too simple for blender minds.
Just goes to show.. #
Posted Monday 9th February 2009 12:51 GMT
No matter how clever you think you are Web Programmers no SH@t about security!
isn't that against the law? #
Posted Monday 9th February 2009 13:27 GMT
isn't hacking a protected computer against the law?
then to post screen shots of what you done, well assine?
@webdude #
Posted Monday 9th February 2009 14:18 GMT
Illegal or not, it makes an interesting point that a computer security company could overlook a glaring hole like this.
Besides, the guy putting it out in the open was probably primarily to light a fire under the arse of Kapersky's designers to fix it. Security? Lead by example and all that.
SQL Injections *Pehhh* #
Posted Monday 9th February 2009 14:18 GMT
SQL Injections are nothing new. I find hundreds every day. Some are on large websites. I have written scripts that can dump databases from browser sql injections all the time. Just sucj large sites are not uncommon to find SQL or XSS
Sign up, sign up for The Register's weekly IT security newsletter - click here
Top stories
Popular Whitepapers
- Thermal design of the Dell PowerEdge T610, R610, and R710 servers
Monolithic thermal design overview - Seven ways to optimize VMware server virtualization
Virtualized storage complimenting virtualized applications - 10 Steps to a Successful CRM Implementation
Avoid a rocky CRM rollout with this checklist - Checklist: Midmarket ERP Solutions
Control your rising business costs - Comparison Guide: IP Phones
Exact details on specific IP Phone features such as function buttons, display resolution, weight and price - Service level monitoring and management
Delivering service excellence across the network
