A posting on the Hackersblog.org web site includes screenshots of the hacker who used an SQL injection to access the company's database. It looks like a part of Kaspersky's U.S. support site was breached using the SQL injection attack -- the site was created an unnamed third party and was not reviewed properly by the security company prior to being used on the site.
I think this touches 2 subjects: rapid development + outsourcing.
Apparently, Kaspersky's web site was developed by a 3rd party. I bet it was done using cheap rapid development approach. FYI, Kaspersky makes anti-viruses. It's a security software maker. To get compromised like this is beyond embarrassing. I didn't know you can still do SQL injection attacks. I thought developers learned this technique many many years ago.
Tuesday, February 10, 2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment