Kaspersky web site reportedly leaky
A report signed "unu" at hackersblog.org says pages containing sensitive information can be accessed by simply changing some characters in the URL. He says this technique uses SQL injection on Kaspersky's apparently poorly programmed web server, allowing him to read out information about users, activation codes, security advisories, administrators' names, and shops. He backs up his story with some screenshots.
A UK online source says that Roger Thompson, chief research officer at AVG, and Thomas Ptacek, a researcher at security provider Matasano, both consider the report convincing. Kaspersky is said to have been unwilling to comment initially, responding in an email some hours after being notified, that it needed more time. A further posting on the blog attempts to reassure the Kaspersky team that they needn't worry about their confidential stuff being spread around, saying "We just point our fingers to big websites with security problems".
(djwm)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
