Jump to content
xisto Community
Lyon2

Kaspersky Web Site Hacked With Sql Injection Yes, they thought they were the best, think again

Recommended Posts

News Title: Kaspersky Web Site Hacked With SQL Injection

When: The last weekend it seems, read the hackersblog topic because it has more intel on this, a lot more...

Sources:
http://forums.xisto.com/no_longer_exists/
http://forums.xisto.com/no_longer_exists/
http://forums.xisto.com/no_longer_exists/



I have 2 reasons for sharing this news, first, kaspersky security products are not the best, not by bar, but they do clam it and say it out loud as i seen and talk about this in many occasions with my closest friends, and how can they be if they can not even protect their own server, databases and their tables.

If you use one of kaspersky products, you might want to think again on what you are using, this things can not happen to security products websites, specially one that is in the leading as kaspersky is, or i should say, it was.

Read the full story on one of the links above, in the meantime, read this to spice your apetite:

A security vulnerability in Moscow-based Kaspersky Lab's U.S. Web site was made public after a hacker launched a SQL attack and posted listings of tables contained on the security company's site.
The hacker, known as Unu, posted screen shots as well as a list of tables Feb. 7 to a blog after hacking into the security company's Web site via a simple SQL injection attack that allowed information to be exposed by entering secret username and password information.

"Kaspersky is one of the leading companies in the security and antivirus market. It seems as though they are not able to secure their own databases," the hacker said on a hackerblog.org posting. "Alter one of the parameters and you have access to EVERYTHING: users, activation codes, lists of bugs, admins, shop, etc."



What do you think about this?
Is this an acceptable think to happen o companies like this nowadays?
Do you use kaspersky? Do you feel unsecure now? Are you having second thoughts about keep using or start using kaspersky?
Edited by Lyon2 (see edit history)

Share this post


Link to post
Share on other sites

first, kaspersky security products are not the best, not by bar, but they do clam it and say it out loud as i seen and talk about this in many occasions with my closest friends, and how can they be if they can not even protect their own server, databases and their tables.
[...]

What do you think about this?

I consider them better than most anti-virus scanners because of what i have observed myself from a certain online virus scanner. Just for the fun of it, i would refresh the page and see which ones missed what. Every time i would see that the Kaspersky virus scanner always tagged the file with something, while some of the others missed. Also, your judgment is false: you're comparing SQL injection with a virus/firewall companythese are two different things. Bad coding and administration from the web developers does not mean bad protection for your operating system. If you're seeking to debunk Kaspersky, you'll have to find another method of doing so. I don't have Windows, so i don't need to worry about which anti-virus program to use. But even though Kaspersky is a really good anti-virus suite, i've also noticed it is the one that hogs the most resources out of all the ones i've tried. That's why for resources i promote Avira.

Share this post


Link to post
Share on other sites

I'm sure once there website has now got hacked that many people will not buy there Anti-Virus and other tools that may then come down to bankrupt.

Share this post


Link to post
Share on other sites

Of course that sql injection is not the same as antivirus programming but, it is not the main point here, i did sql injection before many times to test it and explore, and i have a rather big collection of virus which i use them to study things that i am interested.

Nonetheless, it is all programming, algorithms, et cetera, despite beeing different algorithms and even programming languages, and if they were hacked, which is unacceptable to me, they are not taking care of things as they must, the tables that were hacked could most likely lead to a lot more vulnerable stuff like usernames and passwords of members, et cetera, because those are saved in databases, tables... .

The point is that this can not happen to a major antivurs company, which has a lot more security related products, customers will be afraid now, at least a litle bit, their confidence will not be the ame anymore, that was my main point.

When you go to an online scanner, and virustotal has dozens of antivurs, check it out in the link, when most antivirus do not refer the file scanned as malware, it is because the ones that do are a fake positive, most cases, not all.

If you like kaspersky so much, keep using it or defending it, whatever, i prefer norton internet security or antivurs, or even avg pro which is the one that i think i consumes less computer resources.

Avira is good, but avg is better in my opinion, resources consuming i mean.

I have the norton internet security 2009 16.xxx and i am surprised with it, it consumes low resources too.

Edited by Lyon2 (see edit history)

Share this post


Link to post
Share on other sites

The only was they can't stop loosing money with leaving customers is to make up a story saying that they wasn't hacked and that the media are wrong.

Share this post


Link to post
Share on other sites

This is really bad. Definitely this attack affects its sales. Because Kaspersky is not just an antivirus product. They are providing many other tools like Firewall etc... (for example their complete internet suite which have antivirus, firewall etc.) They are meant to save us from hacking attacks like these. So a normal user thinks like "if kaspersky cannot protect themselves on internet how can they protect us?". And other competetive companies will take advantage of this too, to promote their products. I do not believe fully in Kaspersky, to be frank I don't believe all these paid antivirus companies...they are providing the same protection level as the free ones providing(combining different Free tools Antivirus+Firewall).And coming to the resources issue, Avira is better than AVG...I tested these two in my 256MB computer and 2GB laptop. Avira is using very low amount of resources...

Share this post


Link to post
Share on other sites

As the hacker said, a little sql hole you leave unfolded and you may take great damage for that. They can maybe miss that, it's hard to leave everything with top security when you're talking about making big scripts in mysql, but it's strange they made that mistake...

Share this post


Link to post
Share on other sites

When a security product takes very low resources, it is because they are not scanning what they should, that is what it think and many more people i know, it is not because they have such a fantastic technology or everyone would use avira, but that is not trues, avg is the most used free antivirus, and a lot of people and companies use avg pro and internet security suite, which is cheap and has a 2 years license last time i checked here in portugal.Besides, most popular websites, have avg as the most downloaded freeware product, which is included along with many freeare stuff for different purposes.But tell me, is it such a big difference between avg and avira, i would like to know please.


One more thing, the hacker hacked MANY tables of their databases, it seems that a lot if not all the usernames and passwords of their customers/members were hacked, so that means that they are going down for sure, happy to say that i am not their customer, and if i was, i would think again to keep beeing.End it is a fact, a lot of the stuff hacked will lead to many other possible vulnerabilities, which the unu hacker will use, or perhaps another hacker, who knows, sql injection is so easy to execute in a sql driven website, and i know from my own experience in this matter, but there is a differnce between a hacker and a cracker, the unu guy is a cracker for sure, a hacker never does it publicaly, it will report the vulnerability to the source directly, with the words: fix it, or else...
Notice from truefusion:
Merging.You can edit your posts. The time difference was 10 minutes.
Edited by truefusion (see edit history)

Share this post


Link to post
Share on other sites

I think Nortan would be the next target for the gang of hackers, Because no one likes them... One because they hate the Anti-Virus software they use alerting you for every thing you do a bit like Macafee. But I'm sure Nortan may go corrupt this year because of profit loss in sales.All this hacking big company's was a bit like "The Greek Security team" That hacked that big circle thing that can make mini black holes.

Share this post


Link to post
Share on other sites

I remember the The Greek Security team, ther are still a lot of topics and search results about it.I hope symantec keeps my expectations and confidence high, i trust their products for a long time.

Share this post


Link to post
Share on other sites

When a security product takes very low resources, it is because they are not scanning what they should, that is what it think and many more people i know, it is not because they have such a fantastic technology or everyone would use avira, but that is not trues, avg is the most used free antivirus, and a lot of people and companies use avg pro and internet security suite, which is cheap and has a 2 years license last time i checked here in portugal.
Besides, most popular websites, have avg as the most downloaded freeware product, which is included along with many freeare stuff for different purposes.


I cannot fully agree with that logic. If one product using low resources it doesn't mean that it is skipping its scanning. If google is giving search results much faster than other search engines it doesn't mean that google is not fully searching its database for best results and comes up quickly with some random ones. :D Google is using some better algorithm for faster and better searching. Just like that may be Avira is using some better scanning engine to use low resources...(well I'm talking about the usage of resources and not about its database of viruses). I agree AVG is also one of the best Antiviruses out there.

But tell me, is it such a big difference between avg and avira, i would like to know please.

I first faced the difference with the launch of AVG 8 on my 256MB system. My system became very sluggish and booting was very slow. I formatted my system entirely and tried it again and again.....same result. Then I searched for better one and found Avira.... Avira uses very low resources compared to AVG. And you can see the difference clearly on slow computers... :P

Share this post


Link to post
Share on other sites

I remember the The Greek Security team, ther are still a lot of topics and search results about it.I hope symantec keeps my expectations and confidence high, i trust their products for a long time.


Yes I know, There all over this other forum I am signed up on But when they did start to hack every thing they was all over the news in the UK and people where told to watch the website's and things they buy online otherwise they may be hacked and there credit card details stolen. That is one of the biggest risks in my opion having your credit card details stolen.

Share this post


Link to post
Share on other sites

xpress, it is not a fact, it is a possibility, a possibility that low resources security products do not do their job quite well as others that consume more computer resources because they just do not scan all that they should.You know xpress, i did try dozens of antivirus, and other security software, and there is no technology that wokrs perfectly and it also does not consume a at least a relativly good part of the computer resources.You see, when an antivirus takes more resources then the other, it is because it is scanning byte by byte, which takes resources, a lot if not well managed by algorithms and trust control technology and management, avira should be doing a low consuming method which should be the scanning of only infectable files, not all files, and the free edtion of both avira and avg do not have much to scan, they are limited because they are free editions.I trust more an antivirus that take more resources, not too much of course, because it is scanning all stuff, byte by byte, everything it appears, with the heuristic analysis too, on access scanning, et cetera, is it avira doing this?Google displays results as fast as the others this days, and has pretty much what yahoo and live has, google's algorithms are different and their technology too but, it does not differ much from the competitors like yahoo, live and ask nowadays, that is a fact.

Edited by Lyon2 (see edit history)

Share this post


Link to post
Share on other sites

Trust me, Kaspersky isn't the only website to get hit like this, *bottom* many other websites have been defaced or deleted over time. As for sales I highly doubt it since hacking a website verusus hacking a computer are two different things and you have to remember Kaspersky HQ is in the heartland of hackerland since it is based out of Russia. Odds are they have staff that have been on both sides of the track and so I would think their actual computers would be a lot safer then their website.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.