« Firefox 3.6 locks out rogue add-ons | Main | Nozzle: A Defense Against Heap-spraying Code Injection Attacks »

Symantec SQL Injected, Seeks Counseling

"The Romanian hacker who successfully broke into a web site owned by security vendor Kaspersky Lab has struck again, this time exposing shortcomings in a Symantec web server.

The hacker, known only as Unu, said in a blog post today that he was able to access a server belonging to the security giant using a blind SQL injection attack.

Once in, he accessed sensitive information including customer address data and catalogue keys on the Symantec Store database.

The hacker also expressed outrage that user passwords were displayed in plain text and had not been encrypted."

CRN: http://www.crn.com.au/News/161220,symantec-falls-as-romanian-hacker-strikes-again.aspx
Unu's Blog: http://unu123456.baywords.com/2009/11/23/symantec-exposed-passwordsserials-sql-injection-full-database-access/


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!

Who cares? A 5 year old can do a SQL injection, perhaps unu should being such a loud attention whore.