Kaspersky breached by a simple device

Last week Kaspersky was breached by a hacker that exploited a security lapse at the official site of the antivirus company. According to the Register the hacker posted a blog entry where he claimed a simple SQL injection gave access to a database containing "users, activation codes, lists of bugs, admins, shop, etc." Thus, a large base of proprietary information about the anti-virus provider's products and customers was exposed.

The post which contained screen shots and other details that appeared to substantiate the claims advised that a simple modification of a URL exposed the site's entire database. "Alter one of the parameters and you have access to EVERYTHING: users, activation codes, lists of bugs, admins, shot, etc." On the screenshots readers could see the attack was focused on Kaspersky's technical support and knowledge base for the Americas. There were the names of over 150 tables.

Thomas Ptacek, a researcher at security provider Matasano, said that the post looked very real. He noted that the address bar of one screenshot showed usa.kaspersky.com along with the text "concat_ws(0x3a,ver" to the right of that. "It's a URL that is being used to alter the database request that's used to generate the page," Ptacek said. "One of them can be tricked into pulling arbitrary data from the database. Game over."

Source: The Register