• Check out all the best Amazon Prime Day deals 2021 here!

Hacker Infiltrates Kaspersky U.S. Databases

Status
Not open for further replies.

gwolfman

Distinguished
Jan 31, 2007
87
0
18,580
0
The press release also claims that reports of the attack being a success are completely untrue. While the images over on HackersBlog look real enough, there is nothing to really push this claim either way.
If the attack wasn't true, they why were they worried, had to fix something that they didn't know was there before, and release a statement to the press about doing so. If they knew it wasn't true, then they wouldn't have worried and there would have been nothing to fix.
 

razor512

Distinguished
Jun 16, 2007
501
0
18,940
4
well virus scans don't really protect against exploits unless the company also makes firewalls then they have problems. many companies who make virus scans often push other products and packages and before you know it, you have gone from a light weight virus scan, to a bloated all in one that makes your computer feel 15 years older
 

DXRick

Distinguished
Jun 9, 2006
117
0
18,640
2
A SQL injection attack is not something a firewall or AV can stop. It is up to the application to edit the data and/or use SQL features to ensure that the data is not interpreted as a database command.

 

dconnors

Distinguished
Jan 14, 2009
327
0
18,930
0
[citation][nom]gwolfman[/nom]If the attack wasn't true, they why were they worried, had to fix something that they didn't know was there before, and release a statement to the press about doing so. If they knew it wasn't true, then they wouldn't have worried and there would have been nothing to fix.[/citation]

They didn't deny the attack, they denied the success of the attack. I am sure Kaspersky finds small holes in their security on some sort of regular basis. A hacker unsuccessfully attempting to exploit one of these holes is not a "successful" attack.
 

Linux4geeks

Distinguished
Aug 15, 2008
1
0
18,510
0
Yep, the free programs like Comodo, AVG Antivirus, and ZA Firewall are awesome, and not bloated like some other programs you can buy...
 
G

Guest

Guest
That's why you close your SQL input fields so that commands cannot be entered and executed by the server.
 

hellwig

Distinguished
May 29, 2008
817
0
18,930
2
[citation][nom]Kaspersky Web Admin[/nom]Who is this user "a';DROP TABLE users; SELECT * FROM data WHERE name LIKE '%" anyway?[/citation]

According to wikipedia, "In July 2008, Kaspersky's Malaysian site was hacked by Turkish hacker going by the handle of "m0sted", who claimed to have used SQL injection." So this isn't a new problem for Kaspersky.
 

wrack

Distinguished
Sep 20, 2004
11
0
18,560
0
And SQL injection has nothing to do with actual Internet Security Software they make, totally unrelated stuff!
 

Neog2

Distinguished
Sep 7, 2007
48
0
18,580
0
AVG, and Zone Alarm both have better full pay to use versions.
Now Zone Alarms free version firewall is great and still has
some decent options for the free version.
On the other hand AVG's free anti-virus i find to be very
lacking to the full version of AVG. I mean I guess some
protection is way better than none, but I like to have full
access to all of the options of a program I have and not just
some.
 

rantsky

Distinguished
Aug 27, 2006
12
0
18,560
0
Does anyone know who this guy is? Am I the only one who suspects he works for a competing company? Such news could really hurt Kaspersky, so I can see the interest another company could have this operation..
 

jokemeister

Distinguished
Apr 18, 2008
15
0
18,560
0
The hackers name was "Unu" which I take to mean "you knew". As hellwig pointed out, this exploit was used previously so was there some message in this about Kaspersky knowing something and not taking action.??
 

neiroatopelcc

Distinguished
Oct 3, 2006
639
0
18,930
1
I've used kaspersky internet security since version 6 now, and although news like this may be a bit worrying, I still have full confidence in their abilities. I'm sure kaspersky is still one of the best choices when it comes to security software.
 

LightWeightX

Distinguished
Dec 1, 2008
21
0
18,560
0
From this report this actually looks like a good thing. That is, a hack attempt was made with limited success and another security hole was closed.
 

frenchy

Distinguished
Jul 24, 2004
25
0
18,580
0
I don't think it matters that he gained access to sensitive data on the website. It's the fact that he could hack the site and gain access to the database. It gives the company, who specializes in security, a black eye. As no hacker should ever gain any kind of access to the database. Get it?
 
G

Guest

Guest
@Jokemeister ,
although you might be right about "you knew" the guy is romanian and in romaninan "unu" also means one(as number).
 

Darkk

Distinguished
Oct 6, 2003
253
0
18,930
0
SQL injections happens all the time and my PFSense firewall with snort install does block it. Even though I don't have a SQL server exposed to the Internet. LOL.. It seems just bunch of script kiddies out there trying to find an exploit blindly. Kinda like war-dialing.

 
G

Guest

Guest
SQL Injection is relatively easy to protect with right tools of IPS.
So it just lame excuse from security vendor like kaspersky,
 
Status
Not open for further replies.
Thread starter Similar threads Forum Replies Date
G Streaming Video & TVs 0
henrytcasey Streaming Video & TVs 2
Marshall Honorof Streaming Video & TVs 4
Marshall Honorof Streaming Video & TVs 2
G Streaming Video & TVs 2
G Streaming Video & TVs 1
G Streaming Video & TVs 0
G Streaming Video & TVs 8
G Streaming Video & TVs 16
G Streaming Video & TVs 4
G Streaming Video & TVs 0
G Streaming Video & TVs 0
G Streaming Video & TVs 10
G Streaming Video & TVs 1
G Streaming Video & TVs 4
G Streaming Video & TVs 6
G Streaming Video & TVs 11
G Streaming Video & TVs 0
G Streaming Video & TVs 0
exfileme Streaming Video & TVs 20

ASK THE COMMUNITY