Two Kaspersky websites compromised on security- Kaspersky websites hacked

Two Kaspersky labs websites are hacked at Malaysia and Singapore , reported by Softpedia. Critical SQL injection weakness has been exploited by grey hat hacker. This hack expose customer information and product keys. This attach is well documented by a Romanian hacker “UNU“. UNU targets at high profile websites for these kind of database security issues.
Kaspersky’s websites are hacked earlier too and it was publicly discussed,after this incident well known database security expert David Litchfield was employed to perform a security audit. But he might have missed these checks. Anyways companies like Kaspersky who provides security solutions and ativirus would be having serious problems with these kind of attacks. UNU also explains that usage of ‘%’ while connecting to MySQL database is always a security risk which help to gain access from any IP address.Symantec’s website was also hacked earlier by the same hacker earlier for these kind of SQL Injection vulnerability.

More details from UNU about this hacking attempt

http://unu123456.baywords.com/2009/12/10/black-day-to-kaspersky-vulnerable-again-again-exposes-users-and-serial-data/

Tags: hacker, kaspersky