In association with heise online

08 February 2009, 19:04

Kaspersky web site reportedly leaky

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A report signed "unu" at says pages containing sensitive information can be accessed by simply changing some characters in the URL. He says this technique uses SQL injection on Kaspersky's apparently poorly programmed web server, allowing him to read out information about users, activation codes, security advisories, administrators' names, and shops. He backs up his story with some screenshots.

A UK online source says that Roger Thompson, chief research officer at AVG, and Thomas Ptacek, a researcher at security provider Matasano, both consider the report convincing. Kaspersky is said to have been unwilling to comment initially, responding in an email some hours after being notified, that it needed more time. A further posting on the blog attempts to reassure the Kaspersky team that they needn't worry about their confidential stuff being spread around, saying "We just point our fingers to big websites with security problems".


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit