This is the story of the sprinklers watered the Kapsersky company, which provides antivirus solution for millions of consumers around the world and itself as a solid company in the field of security appeared to have difficulty managing that of its website. The latter has suffered from piracy in good and due form, exposing the web of sensitive information that have quite embarrassed the publisher. At least, what a site dedicated to hacking.
It is on the site Hackersblog.org that the pirate has published screenshots to demonstrate its piracy, explaining that he had used a SQL injection technique, which actually uses the introduction a SQL query not covered by the system. Thus, the attacker can provide a user name and password shadow to change the process of identification required.
This type of critical security flaw is being used to purchase online by usurping the identity of a third or reach the bases kept confidential on a server. Similarly, in the context that interests us, it would have been able to steal personal information by a user comes to renew its product, says an expert from IBM Internet Security Systems
The hacker was very correct, explaining that his team will retain or store personal data, "we just finger Pointon large websites with security problems," he said.
Kaspersky immediately reacted by saying that the flaw was not critical, and limiting the damage, explained that yes, on the field usa.kaspersky.com, an attack was attempted by an attacker. However, the site has been vulnerable for a short period, and since the fault was detected and reported, the teams did what it took to fill the gap. Which was effective 30 minutes after the detection of piracy.
This is not a first for the publisher who in July had seen the site cleared by a Malaysian Turkish hacker who had used the same technique SQL injection.
Bookmarks