Results 1 to 8 of 8

Thread: Kaspersky hit with SQL injection attack

  1. #1
    The King of Vague Steve B's Avatar
    Join Date
    Oct 2005
    Location
    Glasgow
    Posts
    5,051
    Thanks
    116
    Thanked
    67 times in 63 posts

    Kaspersky hit with SQL injection attack

    Oh the irony!
    An internet-security company unable to secure their own database from SQL injection.
    *sigh*
    http://hackersblog.org/2009/02/07/us...sql-injection/

  2. #2
    DILLIGAF GoNz0's Avatar
    Join Date
    Jun 2006
    Location
    Derby
    Posts
    10,872
    Thanks
    632
    Thanked
    1,192 times in 945 posts
    • GoNz0's system
      • Motherboard:
      • Asus Rampage V Extreme
      • CPU:
      • i7 something X99 based
      • Memory:
      • 16gb GSkill
      • Storage:
      • 4 SSD's + WD Red
      • Graphics card(s):
      • GTX980 Strix WC
      • PSU:
      • Enermax Galaxy 1250 (9 years and counting)
      • Case:
      • Corsair 900D
      • Operating System:
      • win10 64bit
      • Monitor(s):
      • Dell 24"
      • Internet:
      • 220mb Cable

    Re: Kaspersky hit with SQL injection attack

    oops

  3. #3
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,164
    Thanks
    803
    Thanked
    2,152 times in 1,408 posts

    Re: Kaspersky hit with SQL injection attack

    you will find like any large organisation that the team that managed the website, was nothing to do with the team that made their software.

    What this does show is that, once again you get what you pay for. There are FAR too many shoddy 'web development' firms out there. Far too many of the people use technologies like PHP with Magic Quotes that allows un-santised input straight into the SQL.

    And for hte actual database people advocate things like MySQL which are really only just getting upto the 'grown ups' table, and are still horrifically lagging behind.

    But given that most of the web developers just aren't up there on the whole developing securely, and maintably whilst quickly plate. Some of them are pushing the barriers faster than any others i've ever seen. But it does seam to have its share of cowboys.

    In all honesty, i just can't see why a site like theirs wouldn't be abstracted away. If you're writing SQL you HAVE to ask why? What mistakes have been made? Why aren't you leveraging an ORM? Preferably with an expression tree over the top.
    throw new ArgumentException (String, String, Exception)

  4. #4
    I R Toff Pandi! TAKTAK's Avatar
    Join Date
    Mar 2008
    Location
    Vergon6
    Posts
    7,449
    Thanks
    549
    Thanked
    1,012 times in 747 posts
    • TAKTAK's system
      • Motherboard:
      • ASUS ROG STRIX B450-F GAMING
      • CPU:
      • Ryzen 7 3700X
      • Memory:
      • 16GB Corsair Vengeance LPX 3200MHz
      • Storage:
      • 500GB Samsung 970 EVO
      • Graphics card(s):
      • 5700 XT 50th Anniversary
      • PSU:
      • Be Quiet SFX-L 600W
      • Case:
      • Lian Li PC-O11 Mini
      • Operating System:
      • Windows 10
      • Monitor(s):
      • LG Ultrawide
      • Internet:
      • 200Mb FTTP

    Re: Kaspersky hit with SQL injection attack

    Whoopsie daisy
    Post Counts and Other Rewards, Rules, Folding@Home, Fans: Push vs Pull vs Push-Pull, Corsair PSU OEMs.

    Quote Originally Posted by razer121 View Post
    Would you like me to enter you? it would be my pleasure
    TAKTAK.co.uk

  5. #5
    Flat cap, Whippets, Cave. Clunk's Avatar
    Join Date
    Jan 2006
    Posts
    11,056
    Thanks
    360
    Thanked
    725 times in 459 posts

    Re: Kaspersky hit with SQL injection attack

    I wonder if they got the Barclay's customer database too?
    Quote Originally Posted by Blitzen View Post
    stupid betond belief.
    You owe it to yourself to click here really.

  6. #6
    Senior[ish] Member Singh400's Avatar
    Join Date
    Jun 2008
    Posts
    2,933
    Thanks
    136
    Thanked
    310 times in 247 posts

    Re: Kaspersky hit with SQL injection attack

    Damn and I was always recommend either Kaspersky or Eset security products. Looks like just Eset from now on then.

  7. #7
    DILLIGAF GoNz0's Avatar
    Join Date
    Jun 2006
    Location
    Derby
    Posts
    10,872
    Thanks
    632
    Thanked
    1,192 times in 945 posts
    • GoNz0's system
      • Motherboard:
      • Asus Rampage V Extreme
      • CPU:
      • i7 something X99 based
      • Memory:
      • 16gb GSkill
      • Storage:
      • 4 SSD's + WD Red
      • Graphics card(s):
      • GTX980 Strix WC
      • PSU:
      • Enermax Galaxy 1250 (9 years and counting)
      • Case:
      • Corsair 900D
      • Operating System:
      • win10 64bit
      • Monitor(s):
      • Dell 24"
      • Internet:
      • 220mb Cable

    Re: Kaspersky hit with SQL injection attack

    theres still nothing wrong with kaspersky, just the idiots that built the website.

  8. #8
    Tech Geek.
    Join Date
    Dec 2006
    Posts
    1,742
    Thanks
    82
    Thanked
    37 times in 36 posts

    Re: Kaspersky hit with SQL injection attack

    haha yer

    i always recommend Eset Nod32 or AntiVir because antivir seems better in some places and is free.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. All common rail diesels are inherently flawed?
    By davidstone28 in forum Automotive
    Replies: 33
    Last Post: 18-11-2009, 05:53 PM
  2. Replies: 0
    Last Post: 03-07-2008, 10:15 AM
  3. Replies: 6
    Last Post: 18-05-2005, 02:49 PM
  4. SQL Server Connection string?
    By Stoo in forum Software
    Replies: 7
    Last Post: 04-05-2005, 05:48 PM
  5. IL2:Forgotten Battles FAQ
    By Nick in forum PC
    Replies: 9
    Last Post: 21-01-2005, 03:13 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •