Loading....
- Apocalipsa dupa Nemessis
- Cand dorinta de afirmare depaseste granitele bunului simt – PaxNwo un leecher ordinar
- Cum sa iti protejezi adresa e-mail si datele confidentiale din aceasta
- Mi s-a furat id-ul de messenger/adresa e-mail. Ce sa fac?
- Experiment social II – andimoisescu.ro
- Pentru posteritate
- In curand…
- “Hot” de id-uri messenger
- Chiar ca sunteti retardati
- Ce nu se invata la scoala – Vendetta (6)
Loading....
- Apocalipsa dupa Nemessis in (81 Visits)
- Ce servicii de mail folositi? in (28 Visits)
- This is the end in (23 Visits)
- Hackersblog.org is now blog.rstcenter.com in (17 Visits)
- Short news in (16 Visits)
- La multi ani România, la multi ani românilor in (15 Visits)
- Inca o pierdere de timp in (11 Visits)
- Azi este ziua userilor hackersblog.org in (10 Visits)
- Raportare vulnerabilitati in (9 Visits)
- Contact si vulns report in (7 Visits)
- Mi s-a furat id-ul de messenger/adresa e-mail. Ce sa fac? in (229 Visits)
- Hi5.com coders read this in (28 Visits)
- SMS scam (1) in (21 Visits)
- Phishing Bancpost in (8 Visits)
- Dezinformare sau proasta informare? in (7 Visits)
- Si tentativele de phishing pot fi amuzante in (5 Visits)
- Phishing Raiffeisen cu atasament html in (4 Visits)
- Cum sa iti protejezi adresa e-mail si datele confidentiale din aceasta in (76 Visits)
- [Utilitare] Suna gratis de pe internet sau de pe iPhone in (41 Visits)
- Despre CSRF, hi5.com, cum sa trisezi la concursuri s.a.m.d. in (30 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/Hi5 (4) in (29 Visits)
- Ce nu se invata la scoala - (D)DOS (5) in (24 Visits)
- Virusi in clipuri video [how to] in (23 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/mail (2) in (21 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam (1) in (17 Visits)
- Yahoo! redirects - a big issue (with video) in (10 Visits)
- Ca musca in... in (9 Visits)
- usa.kaspersky.com hacked ... full database acces , sql injection in (123 Visits)
- Simpatie.ro, matrimoniale3x.ro, apetisant.ro, deliciu.ro , etc Sql injection in (72 Visits)
- Yahoo! epic fail - permanent xss unleashed in (70 Visits)
- Telegraph.co.uk hacked, sql injection in (52 Visits)
- RedTube.com ... The Free Sex Video Community in (42 Visits)
- Kaspersky Thailand hacked by TinKode in (37 Visits)
- Conquiztador Hacked Again in (33 Visits)
- Telegraph.co.uk hacked - when will they learn? in (29 Visits)
- F-Secure.com - SQL Injection + Cross Site Scripting in (27 Visits)
- In atentia BitDefender.com, SQL Injection in (26 Visits)
- Wannabe Hackers [2] - cum sa faci un virus by sppy_hacker in (24 Visits)
- Wannabe Hackers [1] - Cum sa hack-uiesti RapidShare-ul in (20 Visits)
- Digital Photocopiers Loaded With Secrets in (15 Visits)
- Hacker Uses XSS and Google Street View Data to Determine Physical Location in (12 Visits)
- OWASP Phishing demo in (7 Visits)
- Oldies but goodies - Freedom Downtime - The Story of Kevin Mitnick in (7 Visits)
- Hope 2603 – Kevin Mitnick - Life a Computer Hacker – Revealed in (6 Visits)
- Christopher "moot" Poole: The case for anonymity online in (6 Visits)
- Owasp5005 Part1 - New zero-day browser exploits - ClickJacking in (5 Visits)
- [Video] The History Of Hacking in (5 Visits)
- Se poate sparge parola de Yahoo? in (257 Visits)
- phpBB.ro hacked in (81 Visits)
- Cand dorinta de afirmare depaseste granitele bunului simt - PaxNwo un leecher ordinar in (47 Visits)
- Experiment social in (46 Visits)
- "Hot" de id-uri messenger in (39 Visits)
- Oare cum e pana la urma? in (39 Visits)
- Experiment social II - andimoisescu.ro in (37 Visits)
- Ce nu se invata la scoala – Vendetta (6) in (37 Visits)
- Concurs fara premii in (36 Visits)
- Forumul Andreei Balan spart in (33 Visits)
Posted on February 8th, 2009
Yes, that sql injection in usa.kaspersky.com is very real. Still, Kaspersky team doesn’t need to worry about us spreading their confidential stuff . Our staff will never save or keep any confidential data, we just point our fingers to big websites with security problems.
We hope to see that vulnerability patched very soon (if it isn’t already patched).
Articolul de pe theregister.co.uk poate fi gasit aici
February 8th, 2009 at 3:00 pm
wow. felicitari
February 8th, 2009 at 4:39 pm
Yap, congratz
February 8th, 2009 at 6:15 pm
[...] nach Bekanntwerden in einer E-Mail angekündigt, man benötige noch weitere Zeit. Auf Hackersblog rechtfertigte sich einer der Macher für die Veröffentlichung der Sicherheitslücke: Kaspersky brauche sich [...]
February 8th, 2009 at 6:48 pm
Felicitari
February 8th, 2009 at 10:15 pm
[...] a later post, the hacker indicated that no confidential data would be exposed, but he does provide a list of the different tables available [...]
February 9th, 2009 at 12:56 am
Hey, Reg reporter Dan Goodin here. I’d be obliged if Uno, 2fingers or someone else with direct knowledge of the hack would contact me ASAP.
Cheers,
Dan Goodin
February 9th, 2009 at 1:22 am
I have sent you an email
February 9th, 2009 at 4:02 am
Ah romanii iarasi ajung in headlines!?
February 9th, 2009 at 4:39 am
tocsixu, reply here, please, and confirm.
February 9th, 2009 at 9:20 am
Omg, you’re on slashdot!
And your site doesn’t feel like being slashdotted
Double congrats.
February 9th, 2009 at 12:24 pm
Definitely nice work there. Glad to see you don’t disclose private information of innocent users publicly like the recent PHPBB script-kiddy attack.
Congratulations on making it to the front page of /. too. Great achievement.
February 9th, 2009 at 12:27 pm
@Dan – tocsixu is sleeping i think.
February 9th, 2009 at 2:37 pm
bravo baieti, ati ajuns pe slashdot.
February 9th, 2009 at 2:39 pm
http://fr.news.yahoo.com/16/20090209/ttc-le-site-americain-de-kaspersky-pirat-c2f7783.html
http://www.theregister.co.uk/2009/02/08/kaspersky_compromise_report/
http://www.theregister.co.uk/2009/02/08/kaspersky_compromise_report/
http://www.zdnet.com.au/news/security/soa/Kaspersky-denies-leaks-after-SQL-hack/0,130061744,339294848,00.htm
http://www.heise.de/security/Kaspersky-Website-angeblich-undicht–/news/meldung/127091
http://security.nl/artikel/27017/1/Klantendatabase_Kaspersky_door_hacker_gestolen.html
Si multe altele
Era sa uit sa zic merci. Dumb me. Merci.
February 9th, 2009 at 5:08 pm
@Dan, the emails you received were from me, that is my legit email address. I will post my replies here.
February 9th, 2009 at 5:08 pm
First response sent to Dan Goodin
– First, can you tell me who you are and what your affiliation is to the hacker who posted the Kaspersky item to hackersblog?
I am part of the HackersBlog team (2fingers, Tocsixu [me], unu, Andre3000, virjil, epic). We maintain contact and share informations about the vulnerabilities each one of us discovers and can speak in the name of each other when some of us are not available.
– Kaspersky has issued the following statement:
On Saturday, February 7, 2009, a vulnerability was detected on a subsection of the usa.kaspersky.com domain when a hacker attempted an attack on the site. The site was only vulnerable for a very brief period, and upon detection of the vulnerability we immediately took action to roll back the subsection of the site and the vulnerability was eliminated within 30 minutes of detection. The vulnerability wasn’t critical and no data was compromised from the site.
– How long has this database been exposed?
Unu has discovered this vulnerability a couple of days before the public full disclosure. He has asked me to state this as being his words:
“I have sent emails to info@kaspersky.com, forum@kaspersky.com and webmaster@kaspersky.com warning Kasperky about the problem but I didn’t get any response. After some time, still having no response from Kaspersky, I have published the article on hackersblog.org regarding the vulnerability”
– Kaspersky has characterized this vulnerability and not critical and said no data was compromised from the site. Would you agree?
This vulnerability could have been critical if it were to be exploited by someone bad intended because several sensitive informations could have been extracted, like usernames, emails, passwords, codes, mysql users & passwords, etc.
Indeed, no data was compromised from the site because that is not Unu’s (our) intention. No sensitive information from the site was stored, legit Kaspersky users can rest assured.
– According to tipsters, the vulnerabilities involved those described at:
http://milw0rm.com/exploits/6595
concat_ws http://dev.mysql.com/doc/mysql/en/String_functions.html
Is this correct, or was it something else? If it was something else, can
you say exactly what?
– Another tipster said:
This was a typical UNION injection attack that enables SELECT statements
to be poisoned with information from foreign tables. Once you find the
number of columns in the initial SELECT statement (using ORDER BY
injection attacks) you can basically get access to the
information_schema database, find out table and column names and then
you’re home free.
Big whoopsie for Kaspersky. This was active the entire day yesterday.
Any reaction? Does this sound right to you?
The second tipster is right, this was a SQL Injection attack and because of the bad input filtering (a “big whoopsie for Kaspersky”), an attacker could have forged a special URL in order to alter the SQL queries and extract whatever he wanted from the database: tables and column names from information_schema, sensitive data from tables like users, codes, etc.
– What was your motivation for this hack and blog post?
We, at HackersBlog.org, focus on the today’s security from the online IT domain. Our main priority is to make end-users and web programmers aware of the security flaws some websites have and what are the consequences for both, users and web programmers.
We DO NOT hack for fun nor cause damage to the affected websites, we just announce the website owners about their security flaws and after they fix it (or if they don’t do it in a timely manner) we publish a full disclosure.
I would like this to be very clear for everyone.
February 9th, 2009 at 5:12 pm
Second response
OK, this is really helpful. Thanks so much.
There is one small thing, though. How do I know that you’re the Tocsixu who is connected to Hackersblog? Anyone could have registered that address. Is there a way I can confirm you’re the real deal?
Sorry for the late responses, in Romania we have a different timezone obviously. I will post a comment on hackersblog from my user as proof.
Also,
Please provide details about exactly what software was exploited. MySQL, by any chance? Are there others? Was Kaspersky using unpatched software, by any chance?
The website itself was exploited. This was the web programmer’s fault. They are using recent versions of MySQL and PHP.
One other question:
– Did Kaspersky store passwords in the clear?
Hope to hear from you ASAP!
Unu asked me to state for him that he did NOT access the users table thus protecting users privacy.
February 9th, 2009 at 7:15 pm
ma si rezistati voi la slashdot?n-au sarit unii cu ddos-ul?
February 9th, 2009 at 7:32 pm
@theStick – Ba da.
February 10th, 2009 at 10:52 pm
Tocsixule mersi pentru raspunsurile de la intrebari. O sa discutam interviul cu tipii de la Ohio Infosec in citeva zile cind ne intilnim…o sa fie un topic interesant.
Daca poti si vrei sa-mi trimiti un email cu detalii despre hack, cred ca multi ti-ar multumi pentru educatie.
February 10th, 2009 at 11:42 pm
felicitari ma. va citesc de cand erati la inceput si nu credeam ca o sa ajungeti aici. Si ma rog, presimt mult mai mult…faceti treaba buna …
Aveti grija. P.S. : Unu ce mai face ? ca n-am mai vb de o tona de timp cu el
February 11th, 2009 at 8:08 am
[...] posting on Hackers Blog said the SQL injection vulnerability in usa.kaspersky.com is very real, but [...]
February 11th, 2009 at 2:21 pm
[...] a later update, the same hacker purportedly indicated that no data would be exposed by him/her and his/her [...]
February 22nd, 2009 at 1:03 am
Damn I use Kaspersky too ……..
February 26th, 2009 at 10:01 pm
[...] The original post appeared on Hackersblog with follow on discussion here. [...]
January 15th, 2010 at 5:50 pm
I admit, I have not been on this your blog in a long time… though it was another enjoy to see It is such great subject and to avoided by so many, even specialist. I thank you to help making people more aware of possible issues.