Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Kaspersky Lab Pours Cold Water on Claims of Data Breach By Hacker



 By: Brian Prince
2009-02-09
Article Rating:starstarstarstarstar / 5


There are 2 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Anti-virus vendor Kaspersky Lab denies any data was stolen during a SQL injection attack launched Feb. 6. Well-known database security expert David Litchfield of NGSSoftware is doing a third-party review for Kaspersky.

Officials at anti-virus vendor Kaspersky Lab are adamant that no data was stolen during a hack of its U.S. support site over the weekend.

According to Kaspersky Lab, on Feb. 6, a hacker exploited a flaw on the Web site to launch a SQL injection attack. After Kaspersky officials received word of the breach Feb. 7, they took down the vulnerable site and replaced it.

The security company maintained in a press conference Feb. 9 that no data had been leaked. However, the anonymous hacker behind the attack publicized table names purportedly taken from a Kaspersky database the hacker accessed.

Resource Library:

"This time I will not (for reasons that need no explanation) publish any screenshot containing personal details or activation code," the hacker wrote on a blog. "I will only make public the names of the tables. Though the list is long, the table(s) are very interesting."

For a review of Kaspersky Anti-Virus 6.0, click here.  

According to the company, the problem was due to the site not properly validating user input. Roel Schouwenberg, senior anti-virus researcher at Kaspersky, confirmed that the names of the tables are accurate. However, having the names of the tables does not mean the hacker actually accessed them, he noted in an interview with eWEEK.

Schouwenberg added that no credit card data was stored on the server targeted by the hacker, though there were product activation codes and 2,500 e-mail addresses for people who signed up for a product trial.

"This shouldn't have happened," Schouwenberg said during a separate conference call with the press, adding he was worried about the impact the hack would have on Kaspersky's reputation.

The vulnerable code the hacker took advantage of to launch the attack was developed externally and did not go through Kaspersky's normal code review process, Schouwenberg said.

To reassure customers that no data was actually exposed, the company has hired well-known database security expert David Litchfield of NGSSoftware (Next Generation Security Software) to perform an independent investigation of the incident.





  Reader Comments: Kaspersky Lab Pours Cold Water on Claims of Data Breach By Hacker
>>> Post your comment now!
Need more information
Hi , My name is Kiran Murthy, I'm working in a company, Well your article is really AWESOME & mind blowing, After reading your article I'm...
Posted At: 11-04-09
By: Kiran murthy
My PC is running like new.
I was having trouble with my new computer running slow after I had only had it for a few months. I was upset thinking it was something wrong with my...
Posted At: 04-29-09
By: Shantel
>>> Post your comment now!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Brian Prince
 


x}r8s;iW1E%Uȶ\֔ey,UywO((ئHIҽ~fMJ]-wM@Hd&D?{{o~$rhiOH1%3TI}"Iͽ~xh#H7`)_rdxBԲ|WRjk99rMz=F"7x 'DPL9 ƜM}ٜi6'x2 X m 8kOjw- P8$H.{H~. DuXqDǎH;aL|iĴ QCR* J<7ϛkb| =k|-Vya+ w-,GZY'[zXy1lB!"Bτ]ͻHݠLo$Gd jlIv`iT11܋Hч;@XSTPԢj̴9gj5[gc}ױ}ǣ.&$ftj6?Ƶ (RI&qO)'z^yz<۱"˭U֯eU^G~;mgD5GlR" =q74JaHO LE7rؖCY֌aF-S4uHUZ+R^(Տ췢}޴ ޷L{`Tyݙ/ EU z9ʑGA GfnGkp[Nv^ԢZvN{ـ\>/.ȣ oFo:Fֶ߉ Q\"*+Jx4KA >$/@B.RMWJQߩz^T Z, Ԏ$0L"@K3zĢ(:q}<8M-AoA>CN,[sAVU衂ĠʠW:+1㝩S9;y\nwMN;'>'g:Qm3H/lio af;PeP[w8LwZ\[$N{'OWm2 Շ I|S<){A x(-4Kۗ9K2}1xyp-? , G)HcU|`AmdƱ(|ÚrN~cEJ^統LQiJ5f!aF 0sn5r'@̀kiF5r(,egy05@N)V1rGVvfy+P:^',|YB* bj9nQWȨY7өr$o# iF\B(&PHQ~*nlN|yx.ljY]V'dauIUis[d.ϱ'ͳvk}JW~~ S35ލpX.B2iI1.prj۫jRU"eY`~ 8ʕ??5n!S[ö@ .ks+kv̆>(:mNQm51l;5d}4>ACA4icŦ4@ӧ&hC:ҋLZ {ͣPo]=&uno7LAbG@c`Ψ6rjTP"iwC hA'r<kJMlLJ&??6 ; G`p&;hk-D+wCGHAb1LDE}vCڡ́Yz]X.s:GTZLKx GN }p ]|#s\( w^ S2(%łdh$@!"5i]NP@Br6< -84rrd+3~Gy=#!b\Jj2'9\v{B#™8C\~(Pύgr)b -xkb$d6g2KIMig]W-&D7r"eL/GwMᙚ6Z=oZy y-0fГc~Xz poǦnB?5aѺ)jM=--j|2ˇ)}آ&5mmf0&[l6g{ΌA34NP"/Կ _u˙.'˗wјSQrRҋS fQ Hj`>gYA3G|@]4>╋zV*H(A00ѿ[6YBbOXr+sF3UʜW.NrB@-T_%eYX᎑tXMڠ~w LRd8uf6NI :3XhhO͡vvuV"kBFm^u {9r@{4 u24F@Lk ,ښ(+AK_iݴksqŰ,Bt6б<y:LI_=M!4v!jMj\'O;ߊ*P?62aiF6oZPGZJRzgܲM(N8wCJ$l%K+Ww⸀T-=]OT <}6L'|фP ;u JYY,,b3*T+z VÄ끈_E3c’%tDe*tǙkjrp쟵ה=% ._8g6y+lUu~8`CLmRǦE}B5ߴ!ӞWʈ>Z3^dX)1 VD ȸau-CaP9ĢTQۂ*6B Qڄa'M}XtSykyWр!as`|"}lA$6\,0|*U*Uˈ`na+V.(%7M.&D ~DJS}O=&Cf+DŜU^ofx$jXUctxѡV\=*)j8+,s??Mex$R:9tc~y890Nݷ7LFe ^-LH+ou7{ V{P z+k9m7b/9[D ZTňh{qĆj )Ӛ5'"H5ysVW9y^%fR+2yݙVzruF!Yhyl3isUnU ҕ 7Y|3VbT Јͳq(58-h]PpfEi*}Sϼ;BN7ax^xPEu/OﺢD_P Fd&*T~!\y)]3Vp321͓~^f'a*\ GqOXo|X wl>s7ѸdNkl s ʻvrf@D|*(8 BK6,^Jf;9^o@Hous> `;G-an ~/I6+0Zg\TuEj9.a^&k꾬=M~qDyC[TޫReR/S Y-q'&.҂VSf:}b;/ci)ր EXqmTV̑g^`.󊅚R9҃lz(rM5Y ;4ch#*a\hob产jFT޴j BoXn /7Ÿ ޜbt[ i|դR/ԕKOe3~1쌸8DX=y`: B5]s451uq0Nos-$NM6ifƲ}P`}` YV|ejMRԞ'aL4лt{.ˤCOTTzogA7W[U5cEIHT]я{_ 3iG\PR=ʼ'KrUNV[_T b zQ2 2w>y?6o -"P *S7xo~.YSH##I x8 ӄ]!#rѹlKV+Q~\#{RG!pUv:<fSڎ6N#R_=I];&!uM@H}]95c5Igl< &Fp[Qx~WXk~o$݃q_P8,{B*q_]>E2sE51VS P+bK)"$DY |FN'' <=9xYщ=>~KiV T t~n1ў.` e܃ɼ*WVr['v>!+>T8t㿜yNG$M a&A.HWؾJ9$S0QJ"g8NE;6l->;0 cl9aR)%\z* [vhiay%erdJ)%SBtF0RH PU,O$y=%lQ2 (KB%lbTH{RoOպ,7<1ޥ]ƙxzIn纱yx22i1(5AuNH>ޡ)-& :*VjRZz]XgUHN~@R>Ap0R`0"!9+|)}~XU׫۽lH@{q?Kl8N*4b9,_AپnaeѼ̱?jwh{f ~{OК3Lpj `ֳs;[RsrЧx"6TlyWy#K(] ;8JnLcBWٔAm6,p\?=K|, g6v1CN{7 A.? A 6̯O$U :tyD^WuTT~e6x>HPݙ-p9!M[_wfؒ9_'c$Ǿz/ݺ7>-l-84Ǡ#R#K1M$$(j^UH,"s攤˾\E㣑);8{xH_@Ɍ7CCf Kζ==4zo>ȥ'~>,~O GwUv@!r@pSx|}mԲH>r_jD Np5{qJ%Np}.r`TkzH^أXڃ} vUL&ur5Oxc ~k'Kmx<~ro?0G OVxfW9; 8>lPfpvn ֘I "i#ĠQIߙɣ4r٢pr[vP\9>c \PbG /odH΀{̙SBVy0}0 u?'1c$;aq ʐ]Y`51b R85ĚCV*Mk6V8Nynxp4vYDhx?sܭeFѡJngUXTf>M2X1~ +%Yƛ2!LII˟^q#qO-TnAL%΀`mTJz)q{{qX{<우`Udhωގb_k$燀!ܗ5 ١ 4wI%X^pa"PˉWK?l~ʢ0޼A $~$]ZllX"OpͰEJCxݨjr#(;"-J 5'2~b2Pd rHp=,m[)==(5>J,P/P t8KJAX(!; a`! 0 !ocB&~i}ߩ]r/_eyJ-*JJu^|SIA{Mj}su`+aE +JZ(ɺ.ƚ~57؝ԭItdeqAA/]BhcȌ.5 T e.h$IHĥI"QM[eƝ(.)Tҋ ѥ_jҩ ԙ!Gpd'"%;V'7W}iRAҶX1ƊXC~|Wj0hnf@fDڑ.]T;l  IBWAb)%Q+VS^+^!D5ʶ_yq$ *d9>\S:Jmoxhts-KMz1 havW$Dn}nG ֓a ªז4Hf /r@G(mFFEs]Ǵ$)ucʂ8Vʸ k C.nnnnq |g,s`Kh4}g 3XX) \_ /NX~D1PW[:lb`SW[gr_Dْ(N ^3-",X.ͷ6 ݥffCW|KTE'ٶVRK-40s',@C"8DID ">X8dpk;5& QgAWSOP7>iO;k9)PrQY]/L ~kc}ݮͭm9/oe@\! y!|{}ߣno9In@m ds?8גBtD_;x ]%%,Xboo7w6rع,_4M)K]z5|%]Q)kD 1cARUxxD78;"!Sߛ)fPƖi90_]OX!]:H`ކܻ,kqaDo֑ pfַA!ih.- 1d[Ve_7jA-zi9/ 9rǮ_1 ϖ}6Eq 븚e}{%.⛽GKH1 ˑu2-~?]u Ctϡ6?0r Xtyn&F$%m GX `|J0-c C(S#.|i ȲK٥gyΜ;uV*rJ 85|6LZl~Bif-0kĚHa-IiqlrGJNMg5s+xH[0F@=|~4b>8\BOޅ./cc >U&9IM~ۥHԭڅ=n[f4_Y@7kYb72$Mw ۤ-r9-D?\<@D!5OB/4sRL^'RJ18{7~Z;(X675|V R<9#E;Y#@ǵ1Lyf8#Y:[I}bRxPDng/ 2ä>"̂y?^혢YfYGoۺp䭼-d??~܋n ?3 я{0G&fK7]|5Dž} P+I77+4ė{ͮqO8mz͵#OUx]LU3e䏅D7nt.qH*Mt,¶a=)ȰP_ sTeQOǽ'(Usr(J(akcWFC!5zH ad$F₞tyϹgDlʸ"ZaX-ot[Ԓ#rh!@ BߘDP`a`8ĒAu7‹/͛I~oYK]u.951E^R6&ƘsjxZ-ԕ՜|咿܋VYr: Zmh n y"rI$TC $r(U꠴oPcyistWS#6Vr="z0 pWec=,*bW9m3\MxTZ9Ow|b dlׇf-MaaZ' vrQ Dc'r&Eb7+3׊ Ćvw{=`Zrۼ1mX5`D2' 7kZ%I5'|z`np砡zEkɽn=/=7\VKZ%Ye8.zT5<0 .LkG ʉ]kR~!1l˖CawvᮥGV(]8sJ`!?{wn/+1~ۊ۫k6&< 933v"B]s˩^@$W ByF}gz0OyXԞ=A7aXYrRf ʹ{[Vjƹ.04&n'S#FlS;çh@$}oMG,%_]FzV=lEi^mJ\SG!K..kobD+ .o3F]J<1E}'>Q*j@(eiir' &'GxBW*CWݫRG& :{ѫbR=Pk;$86w_ 6aVFgZq1G(V=xA2I= o~y@ܬ2 ~aCV krkEVIz# -՞ZĮEH#I}nGzhu.e } do>:s&?`#of#an`owOm!/@vQ^ su`@^?& [:LXS4pB巷z}_xH Qݹ ?ч@6L-{nIAX#hbG#3uϸۧ 45`Bx$lx Dx&/mDR,) P0mݚ1a;m<`j r$? {+?-Px,[{GǙ9fQstϾ@yTP"!ddhtM\"@J>S|נ6hP؞?pm2'\I0Z v6Xh0u@s<]1zq" ' [q꾠q?]_@ffQ p͒w\j:YstԨ b8+&F}%nwK هRyL]ƒ $BѽӜ^\0!ݯ6ݩ2}xCИ1_ջPSr%Tk:,!xW`ŊRN/|&OOb`Yͬ(_7-4!W)WTh 4r#cvFCh`5P }a5brL5vcٺDzפEήmp?\ :Krܾ1&kEQvjqIY}uݹg7o*u^h+Lie(A.[6Sr=XԞpi.$ "G}ɂw]%8/[ʼn3~|L,a^e5DU@2}v &63I=vfc+εt6gg:>/5]rRO-7AkZ (CrYn8\(:hEd@z\3TyDyuxg f_CVHAz/#)}>ppH?g ha}y'vnt݌w~7 >ෛ.৛..g7>@ DGH~ew!{1?s w1~=h/=? ː/W@Wq2_\gOoA@?֧A_!cV:cF>>foҁ~o2ɨ&s$eC._Op3˹q+ /Wa uy^ yV)@zJˠ ,c2\) Sܾ72~RA\N q)•({^U^xڞiVq뭦MnPKG{2Ph +[yHJ r hxVYdRd byXeïh?+枔u]SRMj. {%])7e[M'j)<~5_9* 4!}}mZo=ǒ{Ьan]!=aD~(sҗje&ms?`fEA}@' @8Ds9MA7N/[W_dVl<-4&\aޣj(+@J~@qaPKFzևVV+_p3Nlc}o| >=}}ٺ^޵G{>kٓ= =gA7gn"B8C`%ɠ1zI\U Ǧ>1@ YAjT} 6N7q (1-}H$GR% J\~ܓJ&"CF*BUN-U+zT,Ng /($@%X̷|'C3<8iTqx+YӷM!%\HKm!+X#Ҽx[T!9 @)?@#(v[\I|lC#x3Jg 6VzA[hת辥P: v8{4F<>PM38\"Z7.@cud߻C"NM yqoQ^\ N Y-4ċ kY{9Fd [5FdX#XMr5X\tL7}/'ɱz.YDb9L#azF>!AO^LxI{ǻط0.<OH_)%@JY v7n+cla5v%fF^ӧ21o@|J 1)֠}Q^ iH-'c@aXmt(RVWB&+3FbrwZf$JB]Hr憄3PcxX8 5 g[=ǙېZupo_^ۍvqutfL~4T bӆ|8$"Cted3}$u60-dx _AlCo=#}'GԄ8E8O%}h.q5sEEאE$*JhӄZ{JfBM'KYcӄ0v~WL }+̑R4:WdԢԱQ#tH߱ =8ޘ0D00,?kP(MP"qm$!1M(1H YY*Z:ZUm$9=ASh4ϛWU;gKJrJcw]/I)H[aԹD.Nw+zZVAO=Y,~ N?[I<ŗ`5_x|XT ,sD>;!31Q)ւ_Ogwcx&%mY $v.ychFʒ6\z$4nP' ;"=mPm b;3YJ>= TxE- %;\6`DRg}F0N:]jV0N anwfښ euMc0ŴBChI -(P?'kn 5E`}`ehDS0T6y4 *>ܠK6A/ i+%^HPVFWݞO (Xo}8/h6AFQ&7 <{k;(Na")1 ;Ќ50}3#5cgb@xVmүy~kC#>F kwxuzu2i^GfBLjmf^ktiz)sanAha,d'lu K# *t;f0 # ߰· sWeDh\N"xNvdZU Z-14eo̓gkV"N#gy^ ð3Vv=ǘ mr?u,r]l)jCi>cэ1}p1LXBL+ַ 92lt*XH Ŵ"&D0;'R:4sh{۟XsTHهl~H&с,[[нD~xLs-<ɑ>χGĂ+<"eW~)Ix)/ρ.?I\h`Pb@T.oO P.Y۹t]*GVN'Ўί0?!>D"VxvpEIwş{l~r[)#Es̹D/TR_JB\qrh6