Feeds

back to article Symantec Japan website bamboozled by hacker

A Symantec-run website was vulnerable to Blind SQL Injection problems that reportedly exposes a wealth of potentially sensitive information. Romanian hacker Unu used off-the-shelf tools (Pangolin and sqlmap) to steal a glimpse at the database behind Symantec's Japanese website. A peek at the Symantec store revealed by the hack …

COMMENTS

This topic is closed for new posts.
Bronze badge

Pentest

your own websites and databases. The tools are out there, they are free and they can be automated. What's more the results can be searched, so how hard can it be?

There is no excuse for having a database vulnerable to injection, just as there is no excuse for storing passwords in plain text. I don't have an excuse for not testing my MySql backend yet, and to be honest I can't think of one so I better get my finger out and blindly poke it around my backend just in case

Don't Symantec do security?

0
0

Quis...

custodiet ipsos custodes?

0
0
Bronze badge

re: Quis...

Commander Vimes, that's who!

0
0
Unhappy

No great surprise for them

I never really had much faith on Symantec's PC security stuff, nasty horrilble and insidious installations. I have the pleasure of dealing with NetBackup which Symantec now deal with having bought Veritas. Veritas was tricky to deal with, ten times harder under Symantec.

Symantec have now moved into publishing security software for OSX, I still refuse to touch it. I will stick with the FOSS offerings thanks, at least I know what I'm getting most of the time.

This latest little cock-up just proves that Symantec have become a sprawling behemoth with no direction, no idea what they should do or how to do it correctly.

0
0
Grenade

yet MORE crap from Symantec

Yet more Symantec CRAP, why do people use this company?!!!

0
0
This topic is closed for new posts.