back to article Kaspersky breach exposes sensitive database, says hacker

A security lapse at Kaspersky has exposed a wealth of proprietary information about the anti-virus provider's products and customers, according to a blogger, who posted screen shots and other details that appeared to substantiate the claims. In a posting made Saturday, the hacker claimed a simple SQL injection gave access to a …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Physician...

    ...heal thyself!

  2. nicolas
    Flame

    not so great

    Finally a way to complain about kaspersky !

    I tried the evaluation version on a PC that had many trojans,

    it found them then put them in quarantine.

    There was NO way to delete from, NONE at all.

    Then 24h later it thought "well, it seems there is no problem on this PC,

    why not take the quarantine thingies out ?" and actually put them back !!!

    I zapped the stupid antivirus and installed another one.

    Such stupid way of dealing with problems sure had to surface someplace else !

  3. Anonymous Coward
    Happy

    oh dear...

    (in gayest possible voice): embarrassing!!!

    Although equally embarrassing is the AVG guy using IRC shortcuts in e-mail. Next it'll be 1337!!

  4. Anonymous Coward
    Thumb Down

    So much for Russian security

    And for some reason I trusted the Ruskies to be better at computer security than the Yanks. How wrong I was...or at least they as bad as each other. Who to turn to now? Probably the Germans with Avira?

  5. Anonymous Coward
    Happy

    @oh dear... and @So much for Russian security

    re: oh dear...

    >Although equally embarrassing is the AVG guy using IRC shortcuts in e-mail.

    You infer, solely from the word "wrote", that he was using e-mail? I infer from the IRC speak that he was writing in an IRC conversation, just like the Ptacek bloke mentioned immediately prior.

    re: So much for Russian security

    LOLWUT? "Russian security" ROFLMFAO *wipes tears from eyes* I'm pretty sure that's an oxymoron on the same order as "military intelligence"...

  6. Anonymous Coward
    Paris Hilton

    Great detection rates

    Kaspersky have great detection rates and the software is magnificent on a low resource laptop. Can't believe they made such a lapse, and I wonder if they don't use their own software on their servers??!!

    They'd better fill them holes quickly.

    Paris, because she enjoys....!!

  7. Johann
    Boffin

    SQL injection, not anti-virus

    Just to correct an assumption by a few commenters:

    This looks like an SQL injection attack, which has nothing to do with how effective (or not) their anti-virus product is.

    If I'm right, I'd fire the guy that still hasn't learned about basic precautions in website design/coding.

  8. Fugitif
    Thumb Down

    hackers or wannabe ?

    this bug was found with dorks query on google and exploited with schemafuzz.py ! that's all.

    90% websites/forums are vulnerable to sql injection so I don't see where is the problem.

  9. Steven Knox
    Paris Hilton

    @Fugitif

    "90% websites/forums are vulnerable to sql injection..." [citation needed]

    "...so I don't see where is the problem."

    ODFO

  10. Neoc
    Thumb Down

    @oh dear... and @So much for Russian security

    @Anonymous Coward 18:16 GMT 'You infer, solely from the word "wrote", that he was using e-mail? I infer from the IRC speak that he was writing in an IRC conversation, just like the Ptacek bloke mentioned immediately prior.'

    No, I assume that he inferred it, as I did, based on the use of the moniker "/me" instead of the perpendicular pronoun "I".

  11. David Kairns

    Has *EVERYTHING* To Do With Their "Security" Products

    Hey donkey,

    Refusing to come clean = corporate rot.

    Corporate rot = swiss cheese all the way down the corporate food chain.

    If they can't secure their customers, then how the F can they secure their customers?

    DUUUUUUUUUUUH Too simple for blender minds.

  12. Mickey Porkpies
    Flame

    Just goes to show..

    No matter how clever you think you are Web Programmers no SH@t about security!

  13. webdude

    isn't that against the law?

    isn't hacking a protected computer against the law?

    then to post screen shots of what you done, well assine?

  14. Tea-800

    @webdude

    Illegal or not, it makes an interesting point that a computer security company could overlook a glaring hole like this.

    Besides, the guy putting it out in the open was probably primarily to light a fire under the arse of Kapersky's designers to fix it. Security? Lead by example and all that.

  15. Anonymous Coward
    Linux

    SQL Injections *Pehhh*

    SQL Injections are nothing new. I find hundreds every day. Some are on large websites. I have written scripts that can dump databases from browser sql injections all the time. Just sucj large sites are not uncommon to find SQL or XSS

This topic is closed for new posts.

Other stories you might like