International Telecommunication Union   ITU
 
 
Site Map Contact us Print Version
 Tuesday, February 17, 2009
Romanian Hacker Breaches Third Security Vendor Site

The hacker who broke through the Website defenses of two prominent security vendors has claimed a third victim.

According to a posting on hackersblog.com, the Romanian attacker who launched SQL injection attacks on Kaspersky and BitDefender has now successfully penetrated the Web defenses of F-Secure, as well.

"[The F-Secure site is] vulnerable to SQL injection plus cross site scripting," the posting says. "Fortunately, F-Secure doesn't leak sensitive data, just some statistics regarding past virus activity."

An F-Secure spokesman told news reporters the breach occurred on a low-level server that doesn't contain sensitive data, only marketing statistics. "It is slightly embarrassing as a security company that we have had the breach," said F-Secure's David Frazer, in a news report. "We certainly, as a security company, want to ensure that all of our servers are patched to the levels that they should be."

On Monday Kaspersky conceded that a Romanian hacker had launched a SQL injection attack on its newly implemented U.S. customer support site, exposing a potentially data-threatening vulnerability in its Website. The attacker did not publish any sensitive data, even though he could have gained access to it, Kaspersky said.

Read More