Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Kaspersky Lab Pours Cold Water on Claims of Data Breach By Hacker



 By: Brian Prince
2009-02-09
Article Rating:starstarstarstarstar / 5


There are 2 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Anti-virus vendor Kaspersky Lab denies any data was stolen during a SQL injection attack launched Feb. 6. Well-known database security expert David Litchfield of NGSSoftware is doing a third-party review for Kaspersky.

Officials at anti-virus vendor Kaspersky Lab are adamant that no data was stolen during a hack of its U.S. support site over the weekend.

According to Kaspersky Lab, on Feb. 6, a hacker exploited a flaw on the Web site to launch a SQL injection attack. After Kaspersky officials received word of the breach Feb. 7, they took down the vulnerable site and replaced it.

The security company maintained in a press conference Feb. 9 that no data had been leaked. However, the anonymous hacker behind the attack publicized table names purportedly taken from a Kaspersky database the hacker accessed.

Resource Library:

"This time I will not (for reasons that need no explanation) publish any screenshot containing personal details or activation code," the hacker wrote on a blog. "I will only make public the names of the tables. Though the list is long, the table(s) are very interesting."

For a review of Kaspersky Anti-Virus 6.0, click here.  

According to the company, the problem was due to the site not properly validating user input. Roel Schouwenberg, senior anti-virus researcher at Kaspersky, confirmed that the names of the tables are accurate. However, having the names of the tables does not mean the hacker actually accessed them, he noted in an interview with eWEEK.

Schouwenberg added that no credit card data was stored on the server targeted by the hacker, though there were product activation codes and 2,500 e-mail addresses for people who signed up for a product trial.

"This shouldn't have happened," Schouwenberg said during a separate conference call with the press, adding he was worried about the impact the hack would have on Kaspersky's reputation.

The vulnerable code the hacker took advantage of to launch the attack was developed externally and did not go through Kaspersky's normal code review process, Schouwenberg said.

To reassure customers that no data was actually exposed, the company has hired well-known database security expert David Litchfield of NGSSoftware (Next Generation Security Software) to perform an independent investigation of the incident.





  Reader Comments: Kaspersky Lab Pours Cold Water on Claims of Data Breach By Hacker
>>> Post your comment now!
Need more information
Hi , My name is Kiran Murthy, I'm working in a company, Well your article is really AWESOME & mind blowing, After reading your article I'm...
Posted At: 11-04-09
By: Kiran murthy
My PC is running like new.
I was having trouble with my new computer running slow after I had only had it for a few months. I was upset thinking it was something wrong with my...
Posted At: 04-29-09
By: Shantel
>>> Post your comment now!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Brian Prince
 


x}r8s;iW1E%Uȶ\֔ey,UywO((ئHIҽ~fMJ]-wM@Hd&D?{{o~$rhiOH1%3TI}"Iͽ~xh#H7`)_rdxBԲ|WRjk99rMz=F"7x 'DPL9 ƜM}ٜi6'x2 X m 8kOjw- P8$H.{H~. DuXqDǎH;aL|iĴ QCR* J<7ϛkb| =k|-Vya+ w-,GZY'[zXy1lB!"Bτ]ͻHݠLo$Gd jlIv`iT11܋Hч;@XSTPԢj̴9gj5[gc}ױ}ǣ.&$ftj6?Ƶ (RI&qO)'z^yz<۱"˭U֯eU^G~;mgD5GlR" =q74JaHO LE7rؖCY֌aF-S4uHUZ+R^(Տ췢}޴ ޷L{`Tyݙ/ EU z9ʑGA GfnGkp[Nv^ԢZvN{ـ\>/.ȣ oFo:Fֶ߉ Q\"*+Jx4KA >$/@B.RMWJQߩz^T Z, Ԏ$0L"@K3zĢ(:q}<8M-AoA>CN,[sAVU衂ĠʠW:+1㝩S9;y\nwMN;'>'g:Qm3H/lio af;PeP[w8LwZ\[$N{'OWm2 Շ I|S<){A x(-4Kۗ9K2}1xyp-? , G)HcU|`AmdƱ(|ÚrN~cEJ^統LQiJ5f!aF 0sn5r'@̀kiF5r(,egy05@N)V1rGVvfy+P:^',|YB* bj9nQWȨY7өr$o# iF\B(&PHQ~*nlN|yx.ljY]V'dauIUis[d.ϱ'ͳvk}JW~~ S35ލpX.B2iI1.prj۫jRU"eY`~ 8ʕ??5n!S[ö@ .ks+kv̆>(:mNQm51l;5d}4>ACA4icŦ4@ӧ&hC:ҋLZ {ͣPo]=&uno7LAbG@c`Ψ6rjTP"iwC hA'r<kJMlLJ&??6 ; G`p&;hk-D+wCGHAb1LDE}vCڡ́Yz]X.s:GTZLKx GN }p ]|#s\( w^ S2(%łdh$@!"5i]NP@Br6< -84rrd+3~Gy=#!b\Jj2'9\v{B#™8C\~(Pύgr)b -xkb$d6g2KIMig]W-&D7r"eL/GwMᙚ6Z=oZy y-0fГc~Xz poǦnB?5aѺ)jM=--j|2ˇ)}آ&5mmf0&[l6g{ΌA34NP"/Կ _u˙.'˗wјSQrRҋS fQ Hj`>gYA3G|@]4>╋zV*H(A00ѿ[6YBbOXr+sF3UʜW.NrB@-T_%eYX᎑tXMڠ~w LRd8uf6NI :3XhhO͡vvuV"kBFm^u {9r@{4 u24F@Lk ,ښ(+AK_iݴksqŰ,Bt6б<y:LI_=M!4v!jMj\'O;ߊ*P?62aiF6oZPGZJRzgܲM(N8wCJ$l%K+Ww⸀T-=]OT <}6L'|фP ;u JYY,,b3*T+z VÄ끈_E3c’%tDe*tǙkjrp쟵ה=% ._8g6y+lUu~8`CLmRǦE}B5ߴ!ӞWʈ>Z3^dX)1 VD ȸau-CaP9ĢTQۂ*6B Qڄa'M}XtSykyWр!as`|"}lA$6\,0|*U*Uˈ`na+V.(%7M.&D ~DJS}O=&Cf+DŜU^ofx$jXUctxѡV\=*)j8+,s??Mex$R:9tc~y890Nݷ7LFe ^-LH+ou7{ V{P z+k9m7b/9[D ZTňh{qĆj )Ӛ5'"H5ysVW9y^%fR+2yݙVzruF!Yhyl3isUnU ҕ 7Y|3VbT Јͳq(58-h]PpfEi*}Sϼ;BN7ax^xPEu/OﺢD_P Fd&*T~!\y)]3Vp321͓~^f'a*\ GqOXo|X wl>s7ѸdNkl s ʻvrf@D|*(8 BK6,^Jf;9^o@Hous> `;G-an ~/I6+0Zg\TuEj9.a^&k꾬=M~qDyC[TޫReR/S Y-q'&.҂VSf:}b;/ci)ր EXqmTV̑g^`.󊅚R9҃lz(rM5Y ;4ch#*a\hob产jFT޴j BoXn /7Ÿ ޜbt[ i|դR/ԕKOe3~1쌸8DX=y`: B5]s451uq0Nos-$NM6ifƲ}P`}` YV|ejMRԞ'aL4лt{.ˤCOTTzogA7W[U5cEIHT]я{_ 3iG\PR=ʼ'KrUNV[_T b zQ2 2w>y?6o -"P *S7xo~.YSH##I x8 ӄm48TM"zW5CuWΰ3vH]!Br_zקkN,SVXMR!m%۪2>C٠Gk: ?V֭Ě_fbB!I|FgGܙA(l1@+JFvWOi{k D-hb#a_RJI$Q#=)#ķIʼn/`Ec1:Vt";CWυR~C<B<dxL %ǻBY3Gg2Iwq@H E>]9/gWIB9e(n2~I .U>Ro4 jGYk.Nl-ŧ-[O|BB[aTsJ d($ZbenfIlx8cRJɔ&]I8z>RB&T5˓$-+I^O Eq ie*ʒ*~I/h'1ۡX#Үۓ_.G8 (O krwsq^^۹n,D2z=`l)LZa"A|)J| a9i] e!>ewqJhIw鳎ᬖ^}Y;Óhqb yx*=  $ rHJ=_鞟FUĶ{3Dұ<:x; v;2(Qf -dFoP/ [_Y.40{oC]#ޓd=4WL{$塚>%h?ift)cn ~UJ5rל8JnLcBWٔAmv,2\?=K|, g6v1CN{7 A.? A 6̯O$U :tyD^WuTT~eFx>HPݙ-p9!MtL_wfؒ9_'c$Ǿz/ݺ7>--84Ǡ#RK1M$$(j^UH,"s攤˾\E㳏)C8}{xH_@Ɍ7CKf-K==4zo>ȥ'~>,~X} ~W*];I9w뻿P;6YjYU9/r\ 5"n'Z^8|W90N5=y$/@vm ,D>?Gko[DL;*p&^83rٞ6lŽw@3GsoX<06o̴aowyl(.i u9BDLy,">$-hwGѵ3@?1e'j4 E8*x@m20]v3s=玒L3{~I;,i(adɛv7J,l -хq]qOiٟO&ԑ3 ^-Pr@=CH',H}ILN|0_\C2dAWAgAVFM r U.e+t:S+]0{(#w}zcQňQ?gYU1/OUqJIAd̃&%%SRE!WH\+ym "1[SCoH&R^JݞEpm 5^,&"!1\sbXhEws<6x|!`e͂yvh]{A,W,\$b2rbR6_u4_t@D=̃7o;㈟ d|̀=;w3l/x/f7jjJH~͉If(B&C2\O:KbmJ{J . "R:)}/8RRAP?7ʻH"0MC`HBE={ۘCɇ_awos˷&rYoR Rg$tR@Zu/؊dXQŠG"~dˤ_M9v'uk(>,a(zi(=z>KW#pK@=/U+B@';á  A qAr=6.byiDnnq'K")m)BftW9ڣtj2ue1ىmɎ U_wĪTP$ ?b$ҐϕZ>}>!P*$3vKW ǎe:۪ BbظFfJ 0riՔDJ%|i; gŢ-W^ Y+锎Rۛ0Z cpg\R"^ p@"Z@ - [QB9dX}qB%g,0`434ˠw|[ѭG{\y1-IJaݘ(2n2æ8zz8888mB>/b;Xҵ3;lY &k닰8Ib˯h=JjKM^^ ljs[˛([ұ  $kEDEŽֆ7aײLr/5tjba1۶BjC|F~q2i^h~H?H" HDCg nmޢƄ~!J,J`j>48yt-G:JQr#*KXYaoM~lᰯU-卓'-?7*u5ϟjIgz?tBb$,FD1‹}kC˦57r,_ֲ#c4F0]7 c0 GO).Gvlnoˑ~1SNx/[р'6t͔ !€0 yLOFC]{ܱ:;IC_nInInInInI,ij]UKK݈g >3>۷04u++ɰ,,~C0_\Xؽ\#4MGC Q !< o0{m6W3 -ᝋRwZR؝kDEKS,F;ܘ嫙P)e@@/O+ `-趡=f1H*+/ O@"ޏ2@|g\$=w{s_ڢ! R?p2W)V42D[ l۰{ܘe=.H:,z1($-ͥe7!& |]w3cQ-?e[oX#-g$G@0+<W&~цˆ2("{XJ:FcC"r~P8Pkǰo|֊^A5uĴhg!?q["xB|b>)OC g7V};O̷W܍~ PAftvGDY0GT»ST0Ì:O0q[n]sƖLǔvǏ{'sa4;8q/#&Ȥ#>ybqLq)R RcP>o7F F=vr7ٕ? T֜rc]0 *r~;&-V%8IuYŢPv>Q9##ꋽa=ʱ,~]CyD7q.\NEe9xmbb{(FiB4>ĨW\Г"9HbלßXVTsu\+#, .aZrD-xUHH ]^< 2?X2x@FPxy34ka>F F(xѴB*]sN /Ts\ { ]N1xy[ߣ \1a5TA950Qj5]\UBJ?͹jr>B1R:mnbjƊXU0Xfz^5lz^E*M` oJ+.қQ㉠D37:UqYsÑٷ]@)0']?0:4;$G 1Ь~6տ4,L D8\΀TnUw=jh D\ΤH fvZZ6w^S UVRRn7 Hdp\=IO 4TO`{>ב8ۭ祸jXz<둴 CoTXW:10хq->(vBA9bm3w[\>7$ pr3}Un5ܵt_HWJ+gQ ,8t~?xe%Fo[q{u >dg$t|юUݺ[knr99h<Ðj$Z(Lϱz=/ն'& +KNlsxa}oˊRM8ҽ]F bd 3}mj6~ R4_C*g=-ЫM)k(`@vʹMh%mF__W2h?G@# 3PSC,6M$Adȃ5T?OJeh^j{BV} hM, l|U:f|%wR]tMx-4+ ާ$7A6po2zU,TZ~M";{| &̊Lt<.&J6ȝIoRWO 5Vw:ioHl/ڃAXGgD"8 xv4q,tS{$ ƒuN <9$.+Ra 3ܙ}y–ҧV g>rS=u|1[CG)WbʑfNVoo__ Bi!;'0斩eS-0)kMQ(Vpxwv4ŸLm!@ㅞ3#Hb1E!*"[s6#&l-l sBmDcs9o%P` W|83nj=J<|WH8ʿJS< Mΰ"@[ g  s Q@Ĕ67+I8F|VK h` 4A@"\dz?^4+۠50? 0 YKWC'kB@ gH:Ϝ؝ts!aR;4rU>UoE a߾h Hﲝk*5/(/./2C_!׌kH^~=He#֧N'~> sww?O?\sd3ˌth'~F'H>_dٮ..fv3t3Ӆw3fg賛Aȣ3!<#o.w3a|/32.a.3Ưe!z _z *>UFk CC 2oH@_2#J}G @MV:M@7d_ry[|ֺ…)qFz9<ΠrEV*SV:,.2됞!*HϠXi7{ZeU+\^}FV*话ir]!4.%PeZ« /Y3ʹ*qմ m }}}P ByekRq? A)Q.a 3l>VLY[,OмzgBܓs+Z`~J逷\Yd}+er6VD-ŘO7&R<=subxvY늮̌j7m(c}>Y;Уx߇ ߊD+,{T eHI\=< jh7_j nAmם'5/[ëֻ6hg"{Ǡ,hMDB'pX`("D74\9Kq` a㮩%gh7xF mqo85c[&:4HΝJIUKJ~+jZ'\#a *+P#}a`J^.U& K}# P .=m^d F 5ϡ'!,pC>FJ-@h P>1=:1F`h p4f!2^8ռDMFD|&ߢ*tO /Ax[e /V@|s Aɴd<@T:߱@^Nc̓] 3/!Ar:=fGܽ0t;AW.ҡw Ńca]m8qOnK0*-n5V\ˆkK$ Oe~]"^Q:bRz5⧭AԽD%Z#7[Nƀ_ðP=LNW"f80̆I+܉ -g)gxp1kN϶{3[9!tW5u7L_'/T#|c͘]h&u'17o ~#pIi`gD/A0نs)^y 6N> !"q0q?K*_yl x S/!I/ @#ǹvrh=)gѵ|\k,!!1苄I UЦ ˵ L8̈́N';Ǧ a4:ᯘV# i u EݩcF\cͅ x{p1a`aY~l'PTE'0H=Cb SW>QbБ/jUﵰtwd9Hr&zU h$.7="VDwΖl'/Qq1^Rs]q4OJm{X@ćx,דx/j Xh=$5|t,CgcS#Πb/MZKV9j[۲"/H& ]aь%m4yGhRݠO =$sDc݅ ۠^g|D{,~[Kwl`B`t09լ`*E3 "@"x̴5[PˎƌaiѶZ QO~l]O(CkLk,>iЀΧ^p穎PhU|Al>1^<;ZއK8=-!0pX-\ftOG#m2`Սأ|EKo@y|w!ZQtERb0yNvCF} ߟ2"L-L Ԣ3g)+],1AƂ?vL769~gSg _(LϖWt<ml/>yGW}Fa|dt%+FzM`Wpۂ{wiWeRpCV)tnOĭ狰CNx3NEws,^rXտben0SGghp#b uu+y!N1 fȰ.Xݫ8mׁQ#nHWdJE["î,:u` {];<k{.2kW؁faTx雸-@>[z7n~c\1V`]ccƫӳ-I>2ePCik5\K Eq sXǼȖWWRڱ!;r/D;8@ caL ;acXJYD!Ƨ۹ 7OЧU|-\`};Mr,S0'¿Er⸏,E#^u%ӪrX5lQozc|>[zw0 _jPpP9˓Z0 9\Mhc{bp8 te0Q3J m!胋Ƚgz`>^OgWэX-1!Dt9)ҡCCĚBfF) 5P.oXn-n$B@ εx C'G%?: } |{ ŧ$FS,0?xD')W#.r]+ SqK>].˛ByֻHgn!w$ghvZ;~v?;K;ˌXi*.㉓oڝw'u Fw׽RB^zI