Loading....
- Hacker Uses XSS and Google Street View Data to Determine Physical Location
- CAnCAn te iubim, CA CA tine nu gasim. Superfete.cancan.ro e de rahat
- Deface (?!?) pe Cotidianul.ro
- Virusi in clipuri video [how to]
- Cyber-Bullying – palma parinteasca a noului mileniu
- Christopher “moot” Poole: The case for anonymity online
- Wtf Avira?
- Some old story about tagged.com
- Pwning cam girls for fun
- Tabloshit
Loading....
- Yahoo! again - XSS in Uncategorized (357 Visits)
- Yahoo! again - bad settings? in Uncategorized (252 Visits)
- Fanii nostri in Uncategorized (183 Visits)
- Frustrant in Uncategorized (146 Visits)
- La multi ani România, la multi ani românilor in Uncategorized (137 Visits)
- Weblog.ro - Shell via Local File Inclusion in Uncategorized (119 Visits)
- Yahoo! epic fail - permanent xss unleashed in Uncategorized (50 Visits)
- ... in Uncategorized (38 Visits)
- XSS Ownage - hi5 vs. Yahoo! + video in Uncategorized (2 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/Hi5 (4) in Uncategorized (2 Visits)
- Hackersblog.org is now blog.rstcenter.com in (1770 Visits)
- O mica dar importanta precizare in (1371 Visits)
- Twitter in (805 Visits)
- This is the end in (776 Visits)
- Ce servicii de mail folositi? in (773 Visits)
- Un nou membru in (730 Visits)
- La multi ani România, la multi ani românilor in (718 Visits)
- Inca o pierdere de timp in (674 Visits)
- De reţinut in (634 Visits)
- Azi este ziua userilor hackersblog.org in (610 Visits)
- SMS scam (1) in (564 Visits)
- Dezinformare sau proasta informare? in (563 Visits)
- Hi5.com coders read this in (553 Visits)
- Phishing Raiffeisen cu atasament html in (516 Visits)
- Phishing Bancpost in (486 Visits)
- Si tentativele de phishing pot fi amuzante in (422 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/mail (2) in (2707 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/Hi5 (4) in (2601 Visits)
- Despre CSRF, hi5.com, cum sa trisezi la concursuri s.a.m.d. in (1143 Visits)
- [Utilitare] Suna gratis de pe internet sau de pe iPhone in (1107 Visits)
- Ce nu se invata la scoala - (D)DOS (5) in (950 Visits)
- Virusi in clipuri video [how to] in (838 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam (1) in (725 Visits)
- Yahoo! redirects - a big issue (with video) in (570 Visits)
- Internet vs. privacy (1) in (469 Visits)
- Ca musca in... in (435 Visits)
- RedTube.com ... The Free Sex Video Community in (12973 Visits)
- usa.kaspersky.com hacked ... full database acces , sql injection in (4921 Visits)
- libertatea.ro vulnerabil la (blind) sql injection in (2950 Visits)
- Pwning cam girls for fun in (2586 Visits)
- Telegraph.co.uk hacked, sql injection in (2546 Visits)
- Facebook hacked - sql injection in (2425 Visits)
- Simpatie.ro, matrimoniale3x.ro, apetisant.ro, deliciu.ro , etc Sql injection in (2406 Visits)
- F-Secure.com - SQL Injection + Cross Site Scripting in (1775 Visits)
- [Hacked]Bitdefender (Portugal) exposes sensitive customer data in (1743 Visits)
- Wtf Avira? in (1723 Visits)
- Christopher "moot" Poole: The case for anonymity online in (1495 Visits)
- Digital Photocopiers Loaded With Secrets in (1458 Visits)
- Wannabe Hackers [2] - cum sa faci un virus by sppy_hacker in (592 Visits)
- Wannabe Hackers [1] - Cum sa hack-uiesti RapidShare-ul in (590 Visits)
- Hope 2603 – Kevin Mitnick - Life a Computer Hacker – Revealed in (463 Visits)
- PRIVACY IS DEAD - GET OVER IT, Pt 01-34 (Recommended by Hackersblog ) in (396 Visits)
- Oldies but goodies - Freedom Downtime - The Story of Kevin Mitnick in (379 Visits)
- [Video] The History Of Hacking in (373 Visits)
- Email Security - Why You Should Encrypt Your Email - Part One in (368 Visits)
- The Story of DEFCON in (343 Visits)
- Deface - tuttoaffari.lastampa.it si citymusiclab.city.corriere.it in (3493 Visits)
- RNS vs. RAI - citizenreport.rai.it hacked. in (3300 Visits)
- Hi5 email finder si sfarsitul a tot ceea ce inseamna privacy in social networking in (2996 Visits)
- Se poate sparge parola de Yahoo? in (2572 Visits)
- Free SMS time, TrimiteSMS.ro in (2492 Visits)
- Planete-plus-intelligente.lemonde.fr defaced by R.N.S. in (2464 Visits)
- Gmail uber hacking in (2256 Visits)
- Camera de supraveghere a universitatii Alexandru Ioan Cuza din Iasi in (2255 Visits)
- Cancan.ro spart pentru a doua oara intr-o zi in (2252 Visits)
- Stiri cu antena3 in (2208 Visits)
Posted on February 8th, 2009
Yes, that sql injection in usa.kaspersky.com is very real. Still, Kaspersky team doesn’t need to worry about us spreading their confidential stuff . Our staff will never save or keep any confidential data, we just point our fingers to big websites with security problems.
We hope to see that vulnerability patched very soon (if it isn’t already patched).
Articolul de pe theregister.co.uk poate fi gasit aici
February 8th, 2009 at 3:00 pm
wow. felicitari
February 8th, 2009 at 4:39 pm
Yap, congratz
February 8th, 2009 at 6:15 pm
[...] nach Bekanntwerden in einer E-Mail angekündigt, man benötige noch weitere Zeit. Auf Hackersblog rechtfertigte sich einer der Macher für die Veröffentlichung der Sicherheitslücke: Kaspersky brauche sich [...]
February 8th, 2009 at 6:48 pm
Felicitari
February 8th, 2009 at 10:15 pm
[...] a later post, the hacker indicated that no confidential data would be exposed, but he does provide a list of the different tables available [...]
February 9th, 2009 at 12:56 am
Hey, Reg reporter Dan Goodin here. I’d be obliged if Uno, 2fingers or someone else with direct knowledge of the hack would contact me ASAP.
Cheers,
Dan Goodin
February 9th, 2009 at 1:22 am
I have sent you an email
February 9th, 2009 at 4:02 am
Ah romanii iarasi ajung in headlines!?
February 9th, 2009 at 4:39 am
tocsixu, reply here, please, and confirm.
February 9th, 2009 at 9:20 am
Omg, you’re on slashdot!
And your site doesn’t feel like being slashdotted
Double congrats.
February 9th, 2009 at 12:24 pm
Definitely nice work there. Glad to see you don’t disclose private information of innocent users publicly like the recent PHPBB script-kiddy attack.
Congratulations on making it to the front page of /. too. Great achievement.
February 9th, 2009 at 12:27 pm
@Dan – tocsixu is sleeping i think.
February 9th, 2009 at 2:37 pm
bravo baieti, ati ajuns pe slashdot.
February 9th, 2009 at 2:39 pm
http://fr.news.yahoo.com/16/20090209/ttc-le-site-americain-de-kaspersky-pirat-c2f7783.html
http://www.theregister.co.uk/2009/02/08/kaspersky_compromise_report/
http://www.theregister.co.uk/2009/02/08/kaspersky_compromise_report/
http://www.zdnet.com.au/news/security/soa/Kaspersky-denies-leaks-after-SQL-hack/0,130061744,339294848,00.htm
http://www.heise.de/security/Kaspersky-Website-angeblich-undicht–/news/meldung/127091
http://security.nl/artikel/27017/1/Klantendatabase_Kaspersky_door_hacker_gestolen.html
Si multe altele
Era sa uit sa zic merci. Dumb me. Merci.
February 9th, 2009 at 5:08 pm
@Dan, the emails you received were from me, that is my legit email address. I will post my replies here.
February 9th, 2009 at 5:08 pm
First response sent to Dan Goodin
– First, can you tell me who you are and what your affiliation is to the hacker who posted the Kaspersky item to hackersblog?
I am part of the HackersBlog team (2fingers, Tocsixu [me], unu, Andre3000, virjil, epic). We maintain contact and share informations about the vulnerabilities each one of us discovers and can speak in the name of each other when some of us are not available.
– Kaspersky has issued the following statement:
On Saturday, February 7, 2009, a vulnerability was detected on a subsection of the usa.kaspersky.com domain when a hacker attempted an attack on the site. The site was only vulnerable for a very brief period, and upon detection of the vulnerability we immediately took action to roll back the subsection of the site and the vulnerability was eliminated within 30 minutes of detection. The vulnerability wasn’t critical and no data was compromised from the site.
– How long has this database been exposed?
Unu has discovered this vulnerability a couple of days before the public full disclosure. He has asked me to state this as being his words:
“I have sent emails to info@kaspersky.com, forum@kaspersky.com and webmaster@kaspersky.com warning Kasperky about the problem but I didn’t get any response. After some time, still having no response from Kaspersky, I have published the article on hackersblog.org regarding the vulnerability”
– Kaspersky has characterized this vulnerability and not critical and said no data was compromised from the site. Would you agree?
This vulnerability could have been critical if it were to be exploited by someone bad intended because several sensitive informations could have been extracted, like usernames, emails, passwords, codes, mysql users & passwords, etc.
Indeed, no data was compromised from the site because that is not Unu’s (our) intention. No sensitive information from the site was stored, legit Kaspersky users can rest assured.
– According to tipsters, the vulnerabilities involved those described at:
http://milw0rm.com/exploits/6595
concat_ws http://dev.mysql.com/doc/mysql/en/String_functions.html
Is this correct, or was it something else? If it was something else, can
you say exactly what?
– Another tipster said:
This was a typical UNION injection attack that enables SELECT statements
to be poisoned with information from foreign tables. Once you find the
number of columns in the initial SELECT statement (using ORDER BY
injection attacks) you can basically get access to the
information_schema database, find out table and column names and then
you’re home free.
Big whoopsie for Kaspersky. This was active the entire day yesterday.
Any reaction? Does this sound right to you?
The second tipster is right, this was a SQL Injection attack and because of the bad input filtering (a “big whoopsie for Kaspersky”), an attacker could have forged a special URL in order to alter the SQL queries and extract whatever he wanted from the database: tables and column names from information_schema, sensitive data from tables like users, codes, etc.
– What was your motivation for this hack and blog post?
We, at HackersBlog.org, focus on the today’s security from the online IT domain. Our main priority is to make end-users and web programmers aware of the security flaws some websites have and what are the consequences for both, users and web programmers.
We DO NOT hack for fun nor cause damage to the affected websites, we just announce the website owners about their security flaws and after they fix it (or if they don’t do it in a timely manner) we publish a full disclosure.
I would like this to be very clear for everyone.
February 9th, 2009 at 5:12 pm
Second response
OK, this is really helpful. Thanks so much.
There is one small thing, though. How do I know that you’re the Tocsixu who is connected to Hackersblog? Anyone could have registered that address. Is there a way I can confirm you’re the real deal?
Sorry for the late responses, in Romania we have a different timezone obviously. I will post a comment on hackersblog from my user as proof.
Also,
Please provide details about exactly what software was exploited. MySQL, by any chance? Are there others? Was Kaspersky using unpatched software, by any chance?
The website itself was exploited. This was the web programmer’s fault. They are using recent versions of MySQL and PHP.
One other question:
– Did Kaspersky store passwords in the clear?
Hope to hear from you ASAP!
Unu asked me to state for him that he did NOT access the users table thus protecting users privacy.
February 9th, 2009 at 7:15 pm
ma si rezistati voi la slashdot?n-au sarit unii cu ddos-ul?
February 9th, 2009 at 7:32 pm
@theStick – Ba da.
February 10th, 2009 at 10:52 pm
Tocsixule mersi pentru raspunsurile de la intrebari. O sa discutam interviul cu tipii de la Ohio Infosec in citeva zile cind ne intilnim…o sa fie un topic interesant.
Daca poti si vrei sa-mi trimiti un email cu detalii despre hack, cred ca multi ti-ar multumi pentru educatie.
February 10th, 2009 at 11:42 pm
felicitari ma. va citesc de cand erati la inceput si nu credeam ca o sa ajungeti aici. Si ma rog, presimt mult mai mult…faceti treaba buna …
Aveti grija. P.S. : Unu ce mai face ? ca n-am mai vb de o tona de timp cu el
February 11th, 2009 at 8:08 am
[...] posting on Hackers Blog said the SQL injection vulnerability in usa.kaspersky.com is very real, but [...]
February 11th, 2009 at 2:21 pm
[...] a later update, the same hacker purportedly indicated that no data would be exposed by him/her and his/her [...]
February 22nd, 2009 at 1:03 am
Damn I use Kaspersky too ……..
February 26th, 2009 at 10:01 pm
[...] The original post appeared on Hackersblog with follow on discussion here. [...]
January 15th, 2010 at 5:50 pm
I admit, I have not been on this your blog in a long time… though it was another enjoy to see It is such great subject and to avoided by so many, even specialist. I thank you to help making people more aware of possible issues.