This is Argyn's blog. I comment on topics of my interests such as software, math, finance, and music. Also, I write about local events in Northern Virginia, USA and all things related to Kazakhstan

Tuesday, February 10, 2009

SQL injection?! give me a break, Mr Kaspersky! :)

A posting on the web site includes screenshots of the hacker who used an SQL injection to access the company's database. It looks like a part of Kaspersky's U.S. support site was breached using the SQL injection attack -- the site was created an unnamed third party and was not reviewed properly by the security company prior to being used on the site.

I think this touches 2 subjects: rapid development + outsourcing.

Apparently, Kaspersky's web site was developed by a 3rd party. I bet it was done using cheap rapid development approach. FYI, Kaspersky makes anti-viruses. It's a security software maker. To get compromised like this is beyond embarrassing. I didn't know you can still do SQL injection attacks. I thought developers learned this technique many many years ago.

No comments: