Jump to content

Recommended Posts

On a dutch website a article was published that the website from Kaspersky was hacked, and that the user/activation database was stolen by a hacker...

 

If true this is very bad news.. :ai:

 

Dutch site: http://www.security.nl/artikel/27017/1/Kla...r_gestolen.html

English artikel: http://www.theregister.co.uk/2009/02/08/ka...promise_report/

Edited by Reload

Share this post


Link to post
Let`s wait for an official point of view ...

Exactly, this comes from an article in The register.................hardly the most accurate source in the world, it might a very small thing or even nothing at all.

 

Lets not get emotional/carried away again before the facts are on the table. So this will not turn into one of those threads. :)

Share this post


Link to post

Probably work of a white hat hacker, as noted in a response to The register: _http://hackersblog.org/2009/02/08/response-for-theregistercouk/ they don't have intentions to exploit what they gained access to.

Share this post


Link to post
Exactly, this comes from an article in The register.................hardly the most accurate source in the world

security.nl is usually quite accurate; they always double-check before throwing something into the air

 

SQL injection is very powerful, and even a giant like KL cannot completely foresee/prevent exploits against a site's engine, for example. Everybody: back to work! :)

 

Paul

Edited by p2u

Share this post


Link to post
Wow makes me really safe with the product, if they can't protect themselves how can they protect me?

One problem has absolutely nothing to do with the other - think carefully before jumping into conclusions.

Don: You'd better close this thread - better even: delete. Too many 'experts' around...

 

Paul

Edited by p2u

Share this post


Link to post

Folks,

 

We are not going to get anywhere by falling into mass hysteria or posting links to the same information on different blogs many times.

 

The most sensible thing to do is to wait for Kaspersky to issue a statement (if they see fit) and hear from them the facts. For the time being any speculation is pointless and will just lead us into a minefield of trolling and arguments. Nobody on the forum at the moment can currently give you a concrete answer as to what has or has not happened because we are not KL staffers.

 

For now this thread is closed, if there is a statement from Kaspersky regarding this alleged breach then we will update this topic.

 

Cheers,

 

Baz.

 

 

Share this post


Link to post

On Saturday, February 7, 2009, a vulnerability was detected on

usa.kaspersky.com website when a hacker made an attempt to attack. After

disclosing the vulnerability the site was vulnerable for a brief period,

and upon detection of the vulnerability, we immediately took action to

roll back the subsection of the site. The problem was eliminated within

30 minutes of detection. Fortunatly, no sensitive data was stolen from the site.

 

We expect a press-release today concerning this issue.

 

 

Share this post


Link to post

One side attacks , the other defends - it is the usual game .

Not the most confortable situation but it will happen again and again with any site .

 

Regards ,

 

mozar

 

 

Share this post


Link to post

Thanks for a officiel reply, Igor. Good to hear from HQ on this matter

Share this post


Link to post
On Saturday, February 7, 2009, a vulnerability was detected on

usa.kaspersky.com website when a hacker made an attempt to attack. After

disclosing the vulnerability the site was vulnerable for a brief period,

and upon detection of the vulnerability, we immediately took action to

roll back the subsection of the site. The problem was eliminated within

30 minutes of detection. Fortunatly, no sensitive data was stolen from the site.

 

We expect a press-release today concerning this issue.

 

Hello

Yes I have been using the google search engine and found out the same thing as what is stated here in the above quote as well .That might actually be the fastest way to find the lastest on this when it becomes available or as it is released from Kaspersky

Share this post


Link to post
On Saturday, February 7, 2009, a vulnerability was detected on

usa.kaspersky.com website when a hacker made an attempt to attack.

 

We expect a press-release today concerning this issue.

 

Thanks for posting. Seems that BitDefender now as well, so you are not alone.

Edited by norwegian

Share this post


Link to post
On Saturday, February 7, 2009, a vulnerability was detected on

usa.kaspersky.com website when a hacker made an attempt to attack. After

disclosing the vulnerability the site was vulnerable for a brief period,

and upon detection of the vulnerability, we immediately took action to

roll back the subsection of the site. The problem was eliminated within

30 minutes of detection. Fortunatly, no sensitive data was stolen from the site.

 

We expect a press-release today concerning this issue.

Good to hear that it was not something serious.

Share this post


Link to post
Thanks for posting. Seems tha tBitDefender now as well, so you are not alone.

 

thanks for the news  :b_grins:

 

 

 

Share this post


Link to post

 

True it is an illegal thing to hack web sites, but in all fairness, this was done with no ill intenet and was done only to point out there was a hole.

I'd give the finder a medal, not a jail sentence.

 

Glad someone out there is still of good solid moral fibre. It's a rare item in this day and age.

Share this post


Link to post
HQ should prosecute hackers, if possible!!

No, no. If it weren't for those people (he's a White-Hat), we would all be sitting with our malware-infested computers and not know about it.

 

The silly part about the whole thing is that:

* programmers will continue to force their crap upon us (this time KL fell victim, next time it's you), instead of starting to write secure code; nothing is going to change, I'm afraid, because people tend to draw the wrong conclusions.

* this is just another opportunity for good old FUD and pushing snake oil. In order to keep the Security Industry alive, one has to redefine the 'enemy' over and over, preferably in tabloid style...

 

Paul

Edited by p2u

Share this post


Link to post
No, no. If it weren't for those people (he's a White-Hat), we would all be sitting with our malware-infested computers and not know about it.

 

IMO that's why it's a good idea to have a stand alone anti-spyware app, just in case.

Share this post


Link to post
IMO that's why it's a good idea to have a stand alone anti-spyware app, just in case.

Kaspersky is actually good enough; adding yet another program (especially if it has lousy code) in real-time mode would just sustain the status quo. It's better to shut down unneeded functionality in the OS, use an alternative browser, not install programs you don't really need, and install ONE security program only to reduce the risk of your computer becoming compromised before you get yet another bunch of patches everybody seems to be craving for each month... :)

P.S.: Which does not mean that you shouldn't try to get a second opinion with a program that doesn't need to be installed in the system. The free Dr.Web CureIt!, for example, would be a nice choice (run in safe mode so as not to trigger problems with Kaspersky products). Or an anti-spyware program you keep on-demand only, not resident.

 

Paul

Edited by p2u

Share this post


Link to post
No, no. If it weren't for those people (he's a White-Hat), we would all be sitting with our malware-infested computers and not know about it.

 

The silly part about the whole thing is that:

* programmers will continue to force their crap upon us (this time KL fell victim, next time it's you), instead of starting to write secure code; nothing is going to change, I'm afraid, because people tend to draw the wrong conclusions.

* this is just another opportunity for good old FUD and pushing snake oil. In order to keep the Security Industry alive, one has to redefine the 'enemy' over and over, preferably in tabloid style...

 

Paul

I agree with your explanation but one thing is to attack street people and another one to get into highly security controlled sites.

Share this post


Link to post
I agree with your explanation but one thing is to attack street people and another one to get into highly security controlled sites.

I agree he should have kept this silent and should have notified KL only, but you know: there's a global economic crisis going on right now. Maybe he's just trying to get some attention to get a well-paid job. Some will consider him a really cool smart-ass expert right now... ;)

 

Paul

Edited by p2u

Share this post


Link to post

Analysis diary from Kaspersky

 

What really happened to usa.kaspersky.com/support

 

 

VitalyK February 09, 2009 | 21:25 GMT comments (3)

 

 

 

We have seen quite a few different and controversial comments regarding the recent attack on usa.kaspersky.com/support. People have questions and want answers: what really happened and what risk did the penetration create?

As a member of group dealing with the incident analysis I would like to share our results.

 

We confirm that the vulnerability existed in the new version of usa.kaspersky.com/support. We analyzed the log files and found requests with SQL injection. There were several attackers with IP addresses from Romanian ISPs. The requests were initially made with an automated tool - the screenshots showed that the hackers used a variant of an Acunetix tool.

 

Once the initial probes told the attackers that this section was vulnerable they attempted to manually exploit the vulnerability to get data about the structure of the database. They used an Information_Schema database to query existing table names and table columns. After collecting field names the attackers made a few attempts to extract the data from tables. Those queries failed because the attackers specified the wrong database. The attackers stopped after they got only the column and table names from the database and decided to go for glory. No data modification queries UPDATE,INSERT,DELETE... were logged.

 

After conducting the attack, the attackers decided to show off their ‘great code of ethics’ by sending Kaspersky an email - on a Saturday to several public email boxes. They gave us exactly 1 hour to respond. And posted on their blog without having received a response.

 

To sum up:

 

 

 

 

We are lucky the hackers proved to be more interested in fame than in causing damage

 

Secure development MUST be a key priority for web development - anywhere, anytime and all the time, and

 

It is a lesson to us all - check, check and re-check your processes and your code.

 

Link: http://www.viruslist.com/en/weblog

Share this post


Link to post
Good to hear that it was not something serious.

Better good to know that the Hacker had no intention of causing real damage TOO! The official kaspersky response says that the hacker 'failed'. How would he know the table names then? Are the table names fake or what? Something seems fishy... But surely, this is a situation that no security company want to fall into... EVER.

 

But guess what, I'm still going to trust my av for the moment (Still doing fair enough on the av tests.) since Kaspersky are experts in the Virus stuff and not really on Relational DBMS!... But still, SQL injection is not something discovered yesterday...

 

Anyway, I'm glad that no sensitive information were leaked. HACKERS ARE PEOPLE TOO! Lol...

 

WARNING:

1. This is not a rant whatsoever...

2. It's purely my point of view on stuff that I find not so logical (and please don't reply and ask me what!)

3. That doesn't mean I don't trust Kaspersky anymore. I'll still be using KIS for those wondering (and NO, I will not give away my license for free :-))

4. Most importantly, this post wasn't meant to be utterly serious...

 

Cheers.

Shehzad.

Share this post


Link to post
Guest
This topic is now closed to further replies.
Sign in to follow this  

×

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.