Comments on: Munca.ro, poarta deschisa catre baza de date http://blog.rstcenter.com/2009/02/13/muncaro-poarta-deschisa-catre-baza-de-date/ Sat, 17 Sep 2011 10:00:04 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: B7ackAnge7z http://blog.rstcenter.com/2009/02/13/muncaro-poarta-deschisa-catre-baza-de-date/comment-page-1/#comment-1022 B7ackAnge7z Sun, 15 Feb 2009 04:28:42 +0000 http://hackersblog.org/?p=1259#comment-1022 Poate ca esti mai bine informat, deaceea nu vreau sa te contrazic... Dar totusi, imi place sum "SUNA" aici: [url=http://blogs.technet.com/msrc/archive/2009/02/12/conficker-activity-update.aspx]Conficker Activity Update[/url] si sunt mai mult ca sigur ca cei de la Microsoft au urgent nevoie de autorul virusului. Si asta ma face sa cred ca Microsoftul nu este singura companie care se confrunta cu probleme de acest gen. Poate ca esti mai bine informat, deaceea nu vreau sa te contrazic…

Dar totusi, imi place sum “SUNA” aici: [url=http://blogs.technet.com/msrc/archive/2009/02/12/conficker-activity-update.aspx]Conficker Activity Update[/url] si sunt mai mult ca sigur ca cei de la Microsoft au urgent nevoie de autorul virusului.

Si asta ma face sa cred ca Microsoftul nu este singura companie care se confrunta cu probleme de acest gen.

]]> By: whatever http://blog.rstcenter.com/2009/02/13/muncaro-poarta-deschisa-catre-baza-de-date/comment-page-1/#comment-1021 whatever Sun, 15 Feb 2009 04:21:17 +0000 http://hackersblog.org/?p=1259#comment-1021 Continua sa visezi B7ackAnge7z. Visezi frumos :) Continua sa visezi B7ackAnge7z. Visezi frumos :)

]]> By: B7ackAnge7z http://blog.rstcenter.com/2009/02/13/muncaro-poarta-deschisa-catre-baza-de-date/comment-page-1/#comment-1020 B7ackAnge7z Sat, 14 Feb 2009 20:32:50 +0000 http://hackersblog.org/?p=1259#comment-1020 Nu cred ca au trecut acele timpuri()... caci orice companie doreste sa aiba cel putin un HACKER in echipa sa... si stim cu totii de ce ;) doar ca acum mARILE companii nu doresc sa "strice" imaginea... Cel mai recent exemplu este MicroSoft, care ofera $250.000 celui care va gasi autorul virusului Conficker. Sunt sigur ca daca il "aresteaza" pe autor, nu il vor trimite la racoare :D Nu cred ca au trecut acele timpuri()… caci orice companie doreste sa aiba cel putin un HACKER in echipa sa… si stim cu totii de ce ;)

doar ca acum mARILE companii nu doresc sa “strice” imaginea…

Cel mai recent exemplu este MicroSoft, care ofera $250.000 celui care va gasi autorul virusului Conficker. Sunt sigur ca daca il “aresteaza” pe autor, nu il vor trimite la racoare :D

]]> By: whatever http://blog.rstcenter.com/2009/02/13/muncaro-poarta-deschisa-catre-baza-de-date/comment-page-1/#comment-1017 whatever Sat, 14 Feb 2009 18:22:09 +0000 http://hackersblog.org/?p=1259#comment-1017 Deci clar nu au fost furate informatii confidentiale despre clienti. Litchfield stie ce vorbeste. - Kaspersky Lab’s specialists investigated the incident and hired an independent expert, Next Generation Security Software’s David Litchfield, to corroborate the results of the internal investigation, and to confirm that no data was leaked. Litchfield’s report was delivered to Kaspersky Lab on Thursday, February 12, 2009, and confirmed that no data had in fact been compromised from the site. Litchfield’s report states the following: “The usa.kaspersky.com website and database were successfully breached early on Saturday morning on the 7th of February. Kaspersky was deliberately targeted. The attacker, based in Romania, used Google to search for web servers owned by Kaspersky running applications that may be vulnerable to SQL injection. The attacker claims to have been able to access private customer information but has publicly stated that no data was compromised. The attacker's claim to be able to access customer data is correct and, as is apparent from the web server log files, the attacker did attempt to gain access to customer data however, the attempts failed. At no point was customer data accessed. On the Saturday, the attacker published the fact that the usa.kaspersky.com web site was vulnerable to SQL injection. This caused a number of other attackers from various locations to probe the site further. None of these followup attackers accessed any customer data either. On hearing of the threat, Kaspersky immediately took down the vulnerable web server, preventing further and deeper breaches.” Deci clar nu au fost furate informatii confidentiale despre clienti. Litchfield stie ce vorbeste.

-

Kaspersky Lab’s specialists investigated the incident and hired an independent expert, Next Generation Security Software’s David Litchfield, to corroborate the results of the internal investigation, and to confirm that no data was leaked. Litchfield’s report was delivered to Kaspersky Lab on Thursday, February 12, 2009, and confirmed that no data had in fact been compromised from the site.

Litchfield’s report states the following:

“The usa.kaspersky.com website and database were successfully breached early on Saturday morning on the 7th of February. Kaspersky was deliberately targeted. The attacker, based in Romania, used Google to search for web servers owned by Kaspersky running applications that may be vulnerable to SQL injection. The attacker claims to have been able to access private customer information but has publicly stated that no data was compromised. The attacker’s claim to be able to access customer data is correct and, as is apparent from the web server log files, the attacker did attempt to gain access to customer data however, the attempts failed. At no point was customer data accessed. On the Saturday, the attacker published the fact that the usa.kaspersky.com web site was vulnerable to SQL injection. This caused a number of other attackers from various locations to probe the site further. None of these followup attackers accessed any customer data either. On hearing of the threat, Kaspersky immediately took down the vulnerable web server, preventing further and deeper breaches.”

]]> By: whatever http://blog.rstcenter.com/2009/02/13/muncaro-poarta-deschisa-catre-baza-de-date/comment-page-1/#comment-1015 whatever Sat, 14 Feb 2009 17:19:25 +0000 http://hackersblog.org/?p=1259#comment-1015 Au trecut de mult timpurile cand hackerii erau angajati de cei care erau sparti. Au trecut de mult timpurile cand hackerii erau angajati de cei care erau sparti.

]]> By: B7ackAnge7z http://blog.rstcenter.com/2009/02/13/muncaro-poarta-deschisa-catre-baza-de-date/comment-page-1/#comment-1011 B7ackAnge7z Sat, 14 Feb 2009 11:59:52 +0000 http://hackersblog.org/?p=1259#comment-1011 2 Whatever :: Stii?! Pe forumuri, bloguri si chaturi din Russia se spune cam asa: "...Лаборатории Касперского имеет смысл отыскать этого хакера и принять его на работу..." Adica, in traducere suna cam asa:"... Laboratorul Kasperky ar face foarte bine sa sa prinda acel hacker... si sa-l angajeze la lucru..." Chiar si cei de la Kaspersky spun:"...a fost o lectie de care trebuie sa tinem cont..." Doar ca ei spun ca hakerul nu obtinut nici un byte de informatie confidentiala, interesant de ce? :) 2 Whatever ::
Stii?! Pe forumuri, bloguri si chaturi din Russia se spune cam asa: “…Лаборатории Касперского имеет смысл отыскать этого хакера и принять его на работу…”

Adica, in traducere suna cam asa:”… Laboratorul Kasperky ar face foarte bine sa sa prinda acel hacker… si sa-l angajeze la lucru…”

Chiar si cei de la Kaspersky spun:”…a fost o lectie de care trebuie sa tinem cont…”

Doar ca ei spun ca hakerul nu obtinut nici un byte de informatie confidentiala, interesant de ce? :)

]]> By: Foreverlost http://blog.rstcenter.com/2009/02/13/muncaro-poarta-deschisa-catre-baza-de-date/comment-page-1/#comment-1010 Foreverlost Sat, 14 Feb 2009 11:43:56 +0000 http://hackersblog.org/?p=1259#comment-1010 @Alex:Asa e Foreverlost. Am avut si eu de a face cu astfel de programatori. Saracii de ei… dar mai ‘Saracii’ de cei ce ii angajeaza sa presteze servicii pentru ei :)) Nu lor sa le plangi de mila ci celor care utilizeaza site-ul. @Alex:Asa e Foreverlost. Am avut si eu de a face cu astfel de programatori. Saracii de ei… dar mai ‘Saracii’ de cei ce ii angajeaza sa presteze servicii pentru ei :) )
Nu lor sa le plangi de mila ci celor care utilizeaza site-ul.

]]> By: Whatever http://blog.rstcenter.com/2009/02/13/muncaro-poarta-deschisa-catre-baza-de-date/comment-page-1/#comment-1008 Whatever Sat, 14 Feb 2009 11:06:37 +0000 http://hackersblog.org/?p=1259#comment-1008 Din cauza kiddie-lor ca si tine, Claudel au romanii renume asa prost in afara. Nu ai nimic concret de spus, habar nu ai ce vorbesti dar totusi te bagi in seama. Ziceai de chestii de pe .gov si alte faze din astea. Poti ai din astea atata timp cat nu citeste nimeni blogul. Cand devii popular oamenii incep sa fie mai atenti la ceea ce faci. Din cauza kiddie-lor ca si tine, Claudel au romanii renume asa prost in afara. Nu ai nimic concret de spus, habar nu ai ce vorbesti dar totusi te bagi in seama.

Ziceai de chestii de pe .gov si alte faze din astea. Poti ai din astea atata timp cat nu citeste nimeni blogul. Cand devii popular oamenii incep sa fie mai atenti la ceea ce faci.

]]> By: Claudel http://blog.rstcenter.com/2009/02/13/muncaro-poarta-deschisa-catre-baza-de-date/comment-page-1/#comment-1003 Claudel Sat, 14 Feb 2009 04:45:38 +0000 http://hackersblog.org/?p=1259#comment-1003 ceea ce nu inteleg eu, defapt e ca tu porti de grija altora, si-ti dai cu parerea cam cand s-ar plictisi ei si alte kkturi de 3 lei dinastea care pur si simplu nu-si au rostul, daca iti face placere citesti, daca nu, nu si cu asta basta ceea ce nu inteleg eu, defapt e ca tu porti de grija altora, si-ti dai cu parerea cam cand s-ar plictisi ei si alte kkturi de 3 lei dinastea care pur si simplu nu-si au rostul, daca iti face placere citesti, daca nu, nu si cu asta basta

]]> By: Claudel http://blog.rstcenter.com/2009/02/13/muncaro-poarta-deschisa-catre-baza-de-date/comment-page-1/#comment-1002 Claudel Sat, 14 Feb 2009 04:45:06 +0000 http://hackersblog.org/?p=1259#comment-1002 Stiu foarte bine care e diferenta intre hacker/cracker, lucrez in domeniu de vreo 10 ani (pentesting). stii sa scrii mult prost si mai ales fara rost, atat. exista site-uri de acest gen de cel putin 10 ani, care fac exact aceleasi lucruri daca nu chiar mai mult, si stai lejer ca totul e perfect legal, altfel nu ar fi stat 10 ani in picioare asa ca mai informeaza-te inainte sa arunci cu sume la misto. de curizitate vezi ca sunt 2a dburi de exploituri pe .gov si un FD pe .edu perfect listate, daca nu stiai. Stiu foarte bine care e diferenta intre hacker/cracker, lucrez in domeniu de vreo 10 ani (pentesting).

stii sa scrii mult prost si mai ales fara rost, atat.
exista site-uri de acest gen de cel putin 10 ani, care fac exact aceleasi lucruri daca nu chiar mai mult, si stai lejer ca totul e perfect legal, altfel nu ar fi stat 10 ani in picioare asa ca mai informeaza-te inainte sa arunci cu sume la misto. de curizitate vezi ca sunt 2a dburi de exploituri pe .gov si un FD pe .edu perfect listate, daca nu stiai.

]]>