Hacker Group Alerts of SQL Attacks on Symantec’s WebsiteAccording to a hacking group "Unu" based in Romania and associated with HackersBlog (a group that proclaims itself as ethical hackers), the Symantec website's Document Download Center section contains an improperly sanitized parameter that could help in launching SQL injection attacks. The group reveals that SQL injection attacks that involve inserting a tiny malicious script into the code of a website could lead to an effective exploitation of a security company's database. Moreover, 'Unu' describes the SQL attacks against Symantec as 'blind SQL Injection attacks' that are different from the usual attacks. Therefore, these kinds of attacks cannot be handled lightly since they are capable of damaging the site without notice. In addition, 'Unu' further points out that the attack is carried out on the site's login page that advances security software such as Norton Internet SECURITY and Norton anti-virus 2009, and this makes the attack worse. Meanwhile, 'Unu' says that it tried to notify Symantec about the problem. However, since it could not find an e-mail address on the site at which such cases could be notified, it sent the alert message to security@symantec.com and webmaster@symantec.com, as reported by SOFTPEDIA on February 19, 2009. Also, since the e-mail didn't come back, Unu assumed that it must have reached someone, the group said. Additionally, the group noted that further details of the attack could be disclosed once the company rectifies the fault. However, responding to Unu's notification on the group's website, Symantec, which although admitted that there was a flaw in the page, dismissed Unu's allegations that the vulnerability could facilitate in downloading of malware through SQL injection attacks against the security company website. Meanwhile, it is known that 'Unu' revealed security flaws in the International Herald Tribune's website too, claiming that attacks could be launched on it through SQL injections. Further, antivirus providers F-Secure and Kaspersky also faced similar allegations from Unu recently during January-February 2009. However, security experts advise keeping website security up-to-date so that such dangerous attacks could be averted that hackers might orchestrate anytime to download malware on a site. Related article: Hacker & Virus in MySpace » SPAMfighter News - 3/7/2009 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
