A Symantec-run website was vulnerable to Blind SQL Injection problems that reportedly exposes a wealth of potentially sensitive information. Romanian hacker Unu used off-the-shelf tools (Pangolin and sqlmap) to steal a glimpse at the database behind Symantec's Japanese website. A peek at the Symantec store revealed by the hack …
your own websites and databases. The tools are out there, they are free and they can be automated. What's more the results can be searched, so how hard can it be?
There is no excuse for having a database vulnerable to injection, just as there is no excuse for storing passwords in plain text. I don't have an excuse for not testing my MySql backend yet, and to be honest I can't think of one so I better get my finger out and blindly poke it around my backend just in case
Don't Symantec do security?
custodiet ipsos custodes?
Commander Vimes, that's who!
No great surprise for them
I never really had much faith on Symantec's PC security stuff, nasty horrilble and insidious installations. I have the pleasure of dealing with NetBackup which Symantec now deal with having bought Veritas. Veritas was tricky to deal with, ten times harder under Symantec.
Symantec have now moved into publishing security software for OSX, I still refuse to touch it. I will stick with the FOSS offerings thanks, at least I know what I'm getting most of the time.
This latest little cock-up just proves that Symantec have become a sprawling behemoth with no direction, no idea what they should do or how to do it correctly.
yet MORE crap from Symantec
Yet more Symantec CRAP, why do people use this company?!!!
- +Analysis Microsoft: We're making ONE TRUE WINDOWS to rule us all
- Climate: 'An excuse for tax hikes', scientists 'don't know what they're talking about'
- Analysis Nadella: Apps must run on ALL WINDOWS – PCs, slabs and mobes
- Apple: We'll unleash OS X Yosemite beta on the MASSES July 24
- Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network