A security lapse at Kaspersky has exposed a wealth of proprietary information about the anti-virus provider's products and customers, according to a blogger, who posted screen shots and other details that appeared to substantiate the claims. In a posting made Saturday, the hacker claimed a simple SQL injection gave access to a …
Finally a way to complain about kaspersky !
I tried the evaluation version on a PC that had many trojans,
it found them then put them in quarantine.
There was NO way to delete from, NONE at all.
Then 24h later it thought "well, it seems there is no problem on this PC,
why not take the quarantine thingies out ?" and actually put them back !!!
I zapped the stupid antivirus and installed another one.
Such stupid way of dealing with problems sure had to surface someplace else !
(in gayest possible voice): embarrassing!!!
Although equally embarrassing is the AVG guy using IRC shortcuts in e-mail. Next it'll be 1337!!
And for some reason I trusted the Ruskies to be better at computer security than the Yanks. How wrong I was...or at least they as bad as each other. Who to turn to now? Probably the Germans with Avira?
re: oh dear...
>Although equally embarrassing is the AVG guy using IRC shortcuts in e-mail.
You infer, solely from the word "wrote", that he was using e-mail? I infer from the IRC speak that he was writing in an IRC conversation, just like the Ptacek bloke mentioned immediately prior.
re: So much for Russian security
LOLWUT? "Russian security" ROFLMFAO *wipes tears from eyes* I'm pretty sure that's an oxymoron on the same order as "military intelligence"...
Kaspersky have great detection rates and the software is magnificent on a low resource laptop. Can't believe they made such a lapse, and I wonder if they don't use their own software on their servers??!!
They'd better fill them holes quickly.
Paris, because she enjoys....!!
Just to correct an assumption by a few commenters:
This looks like an SQL injection attack, which has nothing to do with how effective (or not) their anti-virus product is.
If I'm right, I'd fire the guy that still hasn't learned about basic precautions in website design/coding.
this bug was found with dorks query on google and exploited with schemafuzz.py ! that's all.
90% websites/forums are vulnerable to sql injection so I don't see where is the problem.
"90% websites/forums are vulnerable to sql injection..." 
"...so I don't see where is the problem."
@Anonymous Coward 18:16 GMT 'You infer, solely from the word "wrote", that he was using e-mail? I infer from the IRC speak that he was writing in an IRC conversation, just like the Ptacek bloke mentioned immediately prior.'
No, I assume that he inferred it, as I did, based on the use of the moniker "/me" instead of the perpendicular pronoun "I".
Refusing to come clean = corporate rot.
Corporate rot = swiss cheese all the way down the corporate food chain.
If they can't secure their customers, then how the F can they secure their customers?
DUUUUUUUUUUUH Too simple for blender minds.
No matter how clever you think you are Web Programmers no SH@t about security!
isn't hacking a protected computer against the law?
then to post screen shots of what you done, well assine?
Illegal or not, it makes an interesting point that a computer security company could overlook a glaring hole like this.
Besides, the guy putting it out in the open was probably primarily to light a fire under the arse of Kapersky's designers to fix it. Security? Lead by example and all that.
SQL Injections are nothing new. I find hundreds every day. Some are on large websites. I have written scripts that can dump databases from browser sql injections all the time. Just sucj large sites are not uncommon to find SQL or XSS
Biting the hand that feeds IT © 1998–2018