The press release also claims that reports of the attack being a success are completely untrue. While the images over on HackersBlog look real enough, there is nothing to really push this claim either way.
If the attack wasn't true, they why were they worried, had to fix something that they didn't know was there before, and release a statement to the press about doing so. If they knew it wasn't true, then they wouldn't have worried and there would have been nothing to fix.
well virus scans don't really protect against exploits unless the company also makes firewalls then they have problems. many companies who make virus scans often push other products and packages and before you know it, you have gone from a light weight virus scan, to a bloated all in one that makes your computer feel 15 years older
A SQL injection attack is not something a firewall or AV can stop. It is up to the application to edit the data and/or use SQL features to ensure that the data is not interpreted as a database command.
[citation][nom]gwolfman[/nom]If the attack wasn't true, they why were they worried, had to fix something that they didn't know was there before, and release a statement to the press about doing so. If they knew it wasn't true, then they wouldn't have worried and there would have been nothing to fix.[/citation]
They didn't deny the attack, they denied the success of the attack. I am sure Kaspersky finds small holes in their security on some sort of regular basis. A hacker unsuccessfully attempting to exploit one of these holes is not a "successful" attack.
[citation][nom]Kaspersky Web Admin[/nom]Who is this user "a';DROP TABLE users; SELECT * FROM data WHERE name LIKE '%" anyway?[/citation]
According to wikipedia, "In July 2008, Kaspersky's Malaysian site was hacked by Turkish hacker going by the handle of "m0sted", who claimed to have used SQL injection." So this isn't a new problem for Kaspersky.
AVG, and Zone Alarm both have better full pay to use versions.
Now Zone Alarms free version firewall is great and still has
some decent options for the free version.
On the other hand AVG's free anti-virus i find to be very
lacking to the full version of AVG. I mean I guess some
protection is way better than none, but I like to have full
access to all of the options of a program I have and not just
Does anyone know who this guy is? Am I the only one who suspects he works for a competing company? Such news could really hurt Kaspersky, so I can see the interest another company could have this operation..
The hackers name was "Unu" which I take to mean "you knew". As hellwig pointed out, this exploit was used previously so was there some message in this about Kaspersky knowing something and not taking action.??
I've used kaspersky internet security since version 6 now, and although news like this may be a bit worrying, I still have full confidence in their abilities. I'm sure kaspersky is still one of the best choices when it comes to security software.
I don't think it matters that he gained access to sensitive data on the website. It's the fact that he could hack the site and gain access to the database. It gives the company, who specializes in security, a black eye. As no hacker should ever gain any kind of access to the database. Get it?
SQL injections happens all the time and my PFSense firewall with snort install does block it. Even though I don't have a SQL server exposed to the Internet. LOL.. It seems just bunch of script kiddies out there trying to find an exploit blindly. Kinda like war-dialing.