A Symantec-run website was vulnerable to Blind SQL Injection problems that reportedly exposes a wealth of potentially sensitive information. Romanian hacker Unu used off-the-shelf tools (Pangolin and sqlmap) to steal a glimpse at the database behind Symantec's Japanese website. A peek at the Symantec store revealed by the hack …
your own websites and databases. The tools are out there, they are free and they can be automated. What's more the results can be searched, so how hard can it be?
There is no excuse for having a database vulnerable to injection, just as there is no excuse for storing passwords in plain text. I don't have an excuse for not testing my MySql backend yet, and to be honest I can't think of one so I better get my finger out and blindly poke it around my backend just in case
Don't Symantec do security?
custodiet ipsos custodes?
Commander Vimes, that's who!
No great surprise for them
I never really had much faith on Symantec's PC security stuff, nasty horrilble and insidious installations. I have the pleasure of dealing with NetBackup which Symantec now deal with having bought Veritas. Veritas was tricky to deal with, ten times harder under Symantec.
Symantec have now moved into publishing security software for OSX, I still refuse to touch it. I will stick with the FOSS offerings thanks, at least I know what I'm getting most of the time.
This latest little cock-up just proves that Symantec have become a sprawling behemoth with no direction, no idea what they should do or how to do it correctly.
yet MORE crap from Symantec
Yet more Symantec CRAP, why do people use this company?!!!
- Vid Antarctic ice THICKER than first feared – penguin-bot boffins
- Hi-torque tank engines: EXTREME car hacking with The Register
- Review What's MISSING on Amazon Fire Phone... and why it WON'T set the world alight
- Product round-up Trousers down for six of the best affordable Androids
- Antique Code Show World of Warcraft then and now: From Orcs and Humans to Warlords of Draenor