A security lapse at Kaspersky has exposed a wealth of proprietary information about the anti-virus provider's products and customers, according to a blogger, who posted screen shots and other details that appeared to substantiate the claims. In a posting made Saturday, the hacker claimed a simple SQL injection gave access to a …
Finally a way to complain about kaspersky !
I tried the evaluation version on a PC that had many trojans,
it found them then put them in quarantine.
There was NO way to delete from, NONE at all.
Then 24h later it thought "well, it seems there is no problem on this PC,
why not take the quarantine thingies out ?" and actually put them back !!!
I zapped the stupid antivirus and installed another one.
Such stupid way of dealing with problems sure had to surface someplace else !
re: oh dear...
>Although equally embarrassing is the AVG guy using IRC shortcuts in e-mail.
You infer, solely from the word "wrote", that he was using e-mail? I infer from the IRC speak that he was writing in an IRC conversation, just like the Ptacek bloke mentioned immediately prior.
re: So much for Russian security
LOLWUT? "Russian security" ROFLMFAO *wipes tears from eyes* I'm pretty sure that's an oxymoron on the same order as "military intelligence"...
Kaspersky have great detection rates and the software is magnificent on a low resource laptop. Can't believe they made such a lapse, and I wonder if they don't use their own software on their servers??!!
They'd better fill them holes quickly.
Paris, because she enjoys....!!
Just to correct an assumption by a few commenters:
This looks like an SQL injection attack, which has nothing to do with how effective (or not) their anti-virus product is.
If I'm right, I'd fire the guy that still hasn't learned about basic precautions in website design/coding.
@Anonymous Coward 18:16 GMT 'You infer, solely from the word "wrote", that he was using e-mail? I infer from the IRC speak that he was writing in an IRC conversation, just like the Ptacek bloke mentioned immediately prior.'
No, I assume that he inferred it, as I did, based on the use of the moniker "/me" instead of the perpendicular pronoun "I".
Refusing to come clean = corporate rot.
Corporate rot = swiss cheese all the way down the corporate food chain.
If they can't secure their customers, then how the F can they secure their customers?
DUUUUUUUUUUUH Too simple for blender minds.
Illegal or not, it makes an interesting point that a computer security company could overlook a glaring hole like this.
Besides, the guy putting it out in the open was probably primarily to light a fire under the arse of Kapersky's designers to fix it. Security? Lead by example and all that.
Biting the hand that feeds IT © 1998–2019