SQL injector strikes again...
After SQL injection attacks on Kaspersky and BitDefender's Portuguese reseller, F-Secure has confirmed that it too found itself under attack. According to a blog posting on the F-Secure site, the attack was limited to one server, which has a page that didn't properly sanitise input.
F-Secure says that the attack was limited by its defence-in-depth strategy. The attackers could read information from the database, but could only see one database that the web servers SQL user had access to. That database only contained public information for display on the statistics web site, worldmap.f-secure.com.
(djwm)