Comments on: Hacker site claims breach of third security firm Web site in a week

HackersBlog breaches Web site of F-Secure in string of attacks on security firm sites.

[gggg sssss]

and I doubt f-Secure was running the dreaded MS SQL server, so how can that be?

[ajhoughton]

SQL injection attacks aren't specific to SQL Server. They happen when people pass un-checked input through to the SQL side without escaping special characters.

[n3td3v]

F-Insecure

[Noneyabeeswax]

This really isn't funny, but it is.

I guess Microsoft isn't the only one with problems, heh.

I wonder what kind of effect this will have on their sales numbers?

I know I'd certainly think twice about buying security software from a vendor that can't even keep their website secure.

I wonder who's next, or if the other vendors started scrambling to double check everything?

[random truth]

How does this relate to Microsoft?

[sn0rf]

Apparently these guys don't know how to assess the security risks properly. Even if there's no sensitive data on their sites, such incidents can hurt their brands significantly. That's why it's weird that they don't have at least simple application firewall installed.

[DevSensible]

Firewalls have little if nothing to do with SQL Injections. This was done against a public-facing website. The injection was done via the query string and the input was not escaped/cleansed.