A Symantec-run website was vulnerable to Blind SQL Injection problems that reportedly exposes a wealth of potentially sensitive information. Romanian hacker Unu used off-the-shelf tools (Pangolin and sqlmap) to steal a glimpse at the database behind Symantec's Japanese website. A peek at the Symantec store revealed by the hack …
your own websites and databases. The tools are out there, they are free and they can be automated. What's more the results can be searched, so how hard can it be?
There is no excuse for having a database vulnerable to injection, just as there is no excuse for storing passwords in plain text. I don't have an excuse for not testing my MySql backend yet, and to be honest I can't think of one so I better get my finger out and blindly poke it around my backend just in case
Don't Symantec do security?
custodiet ipsos custodes?
Commander Vimes, that's who!
No great surprise for them
I never really had much faith on Symantec's PC security stuff, nasty horrilble and insidious installations. I have the pleasure of dealing with NetBackup which Symantec now deal with having bought Veritas. Veritas was tricky to deal with, ten times harder under Symantec.
Symantec have now moved into publishing security software for OSX, I still refuse to touch it. I will stick with the FOSS offerings thanks, at least I know what I'm getting most of the time.
This latest little cock-up just proves that Symantec have become a sprawling behemoth with no direction, no idea what they should do or how to do it correctly.
yet MORE crap from Symantec
Yet more Symantec CRAP, why do people use this company?!!!