United
Loading....
- Yahoo! again - XSS in Uncategorized (357 Visits)
- Yahoo! again - bad settings? in Uncategorized (252 Visits)
- Fanii nostri in Uncategorized (183 Visits)
- Frustrant in Uncategorized (146 Visits)
- La multi ani România, la multi ani românilor in Uncategorized (137 Visits)
- Weblog.ro - Shell via Local File Inclusion in Uncategorized (119 Visits)
- Yahoo! epic fail - permanent xss unleashed in Uncategorized (50 Visits)
- ... in Uncategorized (38 Visits)
- XSS Ownage - hi5 vs. Yahoo! + video in Uncategorized (2 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/Hi5 (4) in Uncategorized (2 Visits)
- Ce servicii de mail folositi? in (121 Visits)
- Azi este ziua userilor hackersblog.org in (120 Visits)
- De reţinut in (117 Visits)
- Inca o pierdere de timp in (107 Visits)
- De tinut minte in (106 Visits)
- Twitter in (78 Visits)
- Un nou membru in (74 Visits)
- Interviu la Radio Lynx in (70 Visits)
- 2009 in (51 Visits)
- Editori noi. in (35 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/mail (2) in (199 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam (1) in (139 Visits)
- Ce nu se invata la scoala - (D)DOS (5) in (104 Visits)
Loading....
- B7ackAnge7z (1)
- Nicu Calcea (1)
- andrasi zsolt (1)
- Ovidiu U (1)
- Dumitru (1)
- Andrei Rinea (1)
Posted on February 8th, 2009
Yes, that sql injection in usa.kaspersky.com is very real. Still, Kaspersky team doesn’t need to worry about us spreading their confidential stuff . Our staff will never save or keep any confidential data, we just point our fingers to big websites with security problems.
We hope to see that vulnerability patched very soon (if it isn’t already patched).
Articolul de pe theregister.co.uk poate fi gasit aici
February 8th, 2009 at 3:00 pm
wow. felicitari
February 8th, 2009 at 4:39 pm
Yap, congratz
February 8th, 2009 at 6:15 pm
[...] nach Bekanntwerden in einer E-Mail angekündigt, man benötige noch weitere Zeit. Auf Hackersblog rechtfertigte sich einer der Macher für die Veröffentlichung der Sicherheitslücke: Kaspersky brauche sich [...]
February 8th, 2009 at 6:48 pm
Felicitari
February 8th, 2009 at 10:15 pm
[...] a later post, the hacker indicated that no confidential data would be exposed, but he does provide a list of the different tables available [...]
February 9th, 2009 at 12:56 am
Hey, Reg reporter Dan Goodin here. I’d be obliged if Uno, 2fingers or someone else with direct knowledge of the hack would contact me ASAP.
Cheers,
Dan Goodin
February 9th, 2009 at 1:22 am
I have sent you an email
February 9th, 2009 at 4:02 am
Ah romanii iarasi ajung in headlines!?
February 9th, 2009 at 4:39 am
tocsixu, reply here, please, and confirm.
February 9th, 2009 at 9:20 am
Omg, you’re on slashdot!
And your site doesn’t feel like being slashdotted
Double congrats.
February 9th, 2009 at 12:24 pm
Definitely nice work there. Glad to see you don’t disclose private information of innocent users publicly like the recent PHPBB script-kiddy attack.
Congratulations on making it to the front page of /. too. Great achievement.
February 9th, 2009 at 12:27 pm
@Dan – tocsixu is sleeping i think.
February 9th, 2009 at 2:37 pm
bravo baieti, ati ajuns pe slashdot.
February 9th, 2009 at 2:39 pm
http://fr.news.yahoo.com/16/20090209/ttc-le-site-americain-de-kaspersky-pirat-c2f7783.html
http://www.theregister.co.uk/2009/02/08/kaspersky_compromise_report/
http://www.theregister.co.uk/2009/02/08/kaspersky_compromise_report/
http://www.zdnet.com.au/news/security/soa/Kaspersky-denies-leaks-after-SQL-hack/0,130061744,339294848,00.htm
http://www.heise.de/security/Kaspersky-Website-angeblich-undicht–/news/meldung/127091
http://security.nl/artikel/27017/1/Klantendatabase_Kaspersky_door_hacker_gestolen.html
Si multe altele
Era sa uit sa zic merci. Dumb me. Merci.
February 9th, 2009 at 5:08 pm
@Dan, the emails you received were from me, that is my legit email address. I will post my replies here.
February 9th, 2009 at 5:08 pm
First response sent to Dan Goodin
– First, can you tell me who you are and what your affiliation is to the hacker who posted the Kaspersky item to hackersblog?
I am part of the HackersBlog team (2fingers, Tocsixu [me], unu, Andre3000, virjil, epic). We maintain contact and share informations about the vulnerabilities each one of us discovers and can speak in the name of each other when some of us are not available.
– Kaspersky has issued the following statement:
On Saturday, February 7, 2009, a vulnerability was detected on a subsection of the usa.kaspersky.com domain when a hacker attempted an attack on the site. The site was only vulnerable for a very brief period, and upon detection of the vulnerability we immediately took action to roll back the subsection of the site and the vulnerability was eliminated within 30 minutes of detection. The vulnerability wasn’t critical and no data was compromised from the site.
– How long has this database been exposed?
Unu has discovered this vulnerability a couple of days before the public full disclosure. He has asked me to state this as being his words:
“I have sent emails to info@kaspersky.com, forum@kaspersky.com and webmaster@kaspersky.com warning Kasperky about the problem but I didn’t get any response. After some time, still having no response from Kaspersky, I have published the article on hackersblog.org regarding the vulnerability”
– Kaspersky has characterized this vulnerability and not critical and said no data was compromised from the site. Would you agree?
This vulnerability could have been critical if it were to be exploited by someone bad intended because several sensitive informations could have been extracted, like usernames, emails, passwords, codes, mysql users & passwords, etc.
Indeed, no data was compromised from the site because that is not Unu’s (our) intention. No sensitive information from the site was stored, legit Kaspersky users can rest assured.
– According to tipsters, the vulnerabilities involved those described at:
http://milw0rm.com/exploits/6595
concat_ws http://dev.mysql.com/doc/mysql/en/String_functions.html
Is this correct, or was it something else? If it was something else, can
you say exactly what?
– Another tipster said:
This was a typical UNION injection attack that enables SELECT statements
to be poisoned with information from foreign tables. Once you find the
number of columns in the initial SELECT statement (using ORDER BY
injection attacks) you can basically get access to the
information_schema database, find out table and column names and then
you’re home free.
Big whoopsie for Kaspersky. This was active the entire day yesterday.
Any reaction? Does this sound right to you?
The second tipster is right, this was a SQL Injection attack and because of the bad input filtering (a “big whoopsie for Kaspersky”), an attacker could have forged a special URL in order to alter the SQL queries and extract whatever he wanted from the database: tables and column names from information_schema, sensitive data from tables like users, codes, etc.
– What was your motivation for this hack and blog post?
We, at HackersBlog.org, focus on the today’s security from the online IT domain. Our main priority is to make end-users and web programmers aware of the security flaws some websites have and what are the consequences for both, users and web programmers.
We DO NOT hack for fun nor cause damage to the affected websites, we just announce the website owners about their security flaws and after they fix it (or if they don’t do it in a timely manner) we publish a full disclosure.
I would like this to be very clear for everyone.
February 9th, 2009 at 5:12 pm
Second response
OK, this is really helpful. Thanks so much.
There is one small thing, though. How do I know that you’re the Tocsixu who is connected to Hackersblog? Anyone could have registered that address. Is there a way I can confirm you’re the real deal?
Sorry for the late responses, in Romania we have a different timezone obviously. I will post a comment on hackersblog from my user as proof.
Also,
Please provide details about exactly what software was exploited. MySQL, by any chance? Are there others? Was Kaspersky using unpatched software, by any chance?
The website itself was exploited. This was the web programmer’s fault. They are using recent versions of MySQL and PHP.
One other question:
– Did Kaspersky store passwords in the clear?
Hope to hear from you ASAP!
Unu asked me to state for him that he did NOT access the users table thus protecting users privacy.
February 9th, 2009 at 7:15 pm
ma si rezistati voi la slashdot?n-au sarit unii cu ddos-ul?
February 9th, 2009 at 7:32 pm
@theStick – Ba da.
February 10th, 2009 at 10:52 pm
Tocsixule mersi pentru raspunsurile de la intrebari. O sa discutam interviul cu tipii de la Ohio Infosec in citeva zile cind ne intilnim…o sa fie un topic interesant.
Daca poti si vrei sa-mi trimiti un email cu detalii despre hack, cred ca multi ti-ar multumi pentru educatie.
February 10th, 2009 at 11:42 pm
felicitari ma. va citesc de cand erati la inceput si nu credeam ca o sa ajungeti aici. Si ma rog, presimt mult mai mult…faceti treaba buna …
Aveti grija. P.S. : Unu ce mai face ? ca n-am mai vb de o tona de timp cu el
February 11th, 2009 at 8:08 am
[...] posting on Hackers Blog said the SQL injection vulnerability in usa.kaspersky.com is very real, but [...]
February 11th, 2009 at 2:21 pm
[...] a later update, the same hacker purportedly indicated that no data would be exposed by him/her and his/her [...]
February 22nd, 2009 at 1:03 am
Damn I use Kaspersky too ……..
February 26th, 2009 at 10:01 pm
[...] The original post appeared on Hackersblog with follow on discussion here. [...]
January 15th, 2010 at 5:50 pm
I admit, I have not been on this your blog in a long time… though it was another enjoy to see It is such great subject and to avoided by so many, even specialist. I thank you to help making people more aware of possible issues.