Kaspersky, Bit Defender, Facebook Hacked (Databases Exposed)
Recently Kasper-sky, Bit-defender, Face book websites were attacked via XSS and SQL Injections and their databases were exposed. Screen shots about their vulnerability and database tables were posted over internet.Kasper-sky is one of the leading companies in the security and antivirus market. Their website is down right now (9 Feb 09, 6:42 pm) as I checked it, which was hacked recently. They are in maintenance mode. It seems as though they are not able to secure their own data bases. The companies who claim to secure our computers are not secure themselves. Seems incredible but unfortunately, its true. Through SQL injection some hackers were able to expose users, activation codes, lists of bugs, admins, shop and many more tables of their database. This is just a security alert though. No loss to customers and company as I suppose because the team involved is saying that their purpose is to alert the big companies about security measures. They have posted all the names of the tables in database though. Now I suppose we will see the new secure Kasper-sky website. I have used myself this antivirus for quite a long time and then I had shifted to another one.
Similarly, Bit-Defender were facing the problem.
Facebook, a website with an estimated of 5 to 10 Million in US Dollars, a number of 250-1000 employees, a website ranked number 8 GLOBALLY by alexa.com’s traffic standards, was not capable of securing their data base. Millions of accounts, email addresses and passwords up for grabs by anyone. Not only is the website vulnerable to SQL injection but it also allows load_file to be executed making it very dangerous because a writable directory can be found and injection a malicious code we get command line access with which we can do virtually anything we want with the website: upload php-shells, redirects, INFECT PAGES WITH TROJAN DROPPERS, even deface the whole website.
This is done via XSS (Cross Site Scripting) attacks and SQL injections. Using this technique hi5.com and yahoo were also affected via “evil” iframe.
No comments:
Post a Comment