• On GameSpot: So-called 'Halo killer' gets 23 to life

Security

Read all 'Romania' posts in Security
February 13, 2009 10:14 AM PST

Audit: No customer data exposed in Kaspersky breach

by Elinor Mills
  • Post a comment

An independent audit of a data breach at security firm Kaspersky's U.S. Web site has confirmed that no customer data was exposed, Kaspersky said on Friday.

A Romanian hacker site used a SQL injection and cross-site scripting attack to get access to a database on a Web site of the Moscow-based Kaspersky and publicized the attack on Saturday.

Kaspersky announced on Monday that it would hire database security expert David Litchfield to analyze the breach.

In the report, Litchfield concludes that an attacker based in Romania used Google to search for Web servers owned by Kaspersky running applications that may be vulnerable to a SQL injection attack, launched an attack, and attempted to gain access to customer data, but failed.

"This caused a number of other attackers from various locations to probe the site further," the report said. "None of these follow-up attackers accessed any customer data either."

The report was delivered to Kaspersky on Thursday.

The same HackersBlog site also launched subsequent SLQ injection attacks on Web sites of two other security firms, BitDefender and F-Secure.

Topics:
Vulnerabilities and attacks
Tags:
Kaspersky,
security,
breach,
hacker,
Romania,
SQL injection
Share:
Digg
Del.icio.us
Reddit
February 9, 2009 11:17 AM PST

Kaspersky hires expert to analyze Web site hack

by Elinor Mills
  • 5 comments

Romanian Hacker site Hackers Blog displayed screen shots of the compromised Kaspersky site.

(Credit: Hackers Blog)

Updated 3:10 p.m. PST with comment from BitDefender.

Moscow-based security firm Kaspersky has hired a security expert to investigate the weekend breach of its U.S. site, the company said Monday.

Meanwhile, the hacker site claiming credit for the breach said on Monday that it had done the same compromise on the Portuguese Web site of antivirus provider BitDefender.

In a statement, BitDefender said an unnamed partner site was compromised and that the company was investigating the incident to help the partner prevent it from happening again. "This was an unfortunate event and while we sympathize with the sites that were affected, BitDefender was not one of those sites," the statement said.

In the Kaspersky breach, which was discovered on Saturday, no sensitive or customer data was compromised, Roel Schouwenberg, a senior antivirus researcher for Kaspersky, said on a conference call with reporters. But to allay concerns about the severity of the problem, Kaspersky has hired David Litchfield, an expert in database security, to conduct an independent audit of the systems involved, he said.

A section of Kaspersky's new U.S. support site was breached by someone using a SQL injection attack, in which a small malicious script is inserted into a database that feeds information to the Web site, according to Schouwenberg.

The portion of the site breached had been developed by an unnamed third party and was not subjected to an internal code review process as it should have been, he said. "Obviously we are not happy about that and are in the process of making the review process stricter than it currently is," he added.

"A more advanced hacker" could have potentially accessed about 2,500 e-mail addresses of customers and about 25,000 product activation codes that were on the compromised server, but that did not happen, Schouwenberg said.

Kaspersky's new U.S. support site went live on January 28 and was publicly launched on January 29, the company said. There is no indication of any other breaches since then, according to Schouwenberg.

A Kaspersky employee in Romania was alerted to the breach on Saturday after seeing a report of it on the Romanian site Hackers Blog, he said. That worker notified Kaspersky workers in the U.S. and within half an hour, the affected section of the site was taken down and then replaced with the older, secure version of the site, he added.

Asked if the company was worried its reputation would be damaged as a result of the attack, Schouwenberg said: "Honestly speaking, yes. This is not good for any company, especially a company dealing with security. This should not have happened. We are doing everything within our power to do the forensics on this case and to prevent this from ever happening again."

Someone taking credit for the breach had sent an e-mail warning the company about the problem one hour before the attack, "which gave us little if any chance to respond" in a timely manner, he said.

Topics:
Privacy and data protection,
Vulnerabilities and attacks,
News
Tags:
security,
breach,
Kaspersky,
Romania,
hacker,
SQL injection
Share:
Digg
Del.icio.us
Reddit
advertisement
Click Here
  • prev
  • 1
  • next
advertisement

S.F. hacker space: Heaven for the DIY set?

The Noisebridge hacker space offers sewing and Mandarin classes, soldering workshops, Internet-controlled front door access, and a server room with no door.
• Photos: Circuits, code, community

The browser battles go on and on

roundup From Firefox to IE and from Chrome to Opera and Safari, there's no sitting still for browser makers looking to keep their products fresh and competitive.

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

Most Discussed



advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET