09 February 2009 | Author: L. Sutherland Head of Media Content
If there's one thing a security vendor wants to avoid, it's being exposed as vulnerable to security attacks. But for hackers, what is more tempting than hacking something that should be immune to their attempts? Perhaps it's no real surprise that Kaspersky Labs - the Russian antivirus vendor - was subject to an attack this weekend.
According to ZDNet, the company's US website was affected when hackers exposed its customer database. However, Kaspersky was quick to claim that data was not compromised and that the vulnerability is not critical. What's more, the hacker - who claimed to have made it into the databases with the help of an SQL injection attack - announced on hackersblog.org that the confidential data they accessed would not be released.
Kaspersky issued a statement concerning the unfortunate event in which it suggested that a subsection of its usa.kaspersky.com domain was vulnerable.
The company said: "The site was only vulnerable for a very brief period, and upon detection of the vulnerability we immediately took action to roll back the subsection of the site and the vulnerability was eliminated within 30 minutes of detection. The vulnerability wasn't critical and no data was compromised from the site."
However, industry news site The Register reported that an admin at hackersblog.com claimed that the hacker had exposed the flaw days earlier and had only gone public with the information when they received no answer from the Kaspersky employees they contacted. If this is the case it will do nothing for Kaspersky's reputation; if, and when, you get burned online the best solution is to be honest about it - especially when customers could fear that their privacy is at stake.
Kaspersky claims hacking debacle non-critical
If there's one thing a security vendor wants to avoid, it's being exposed as vulnerable to security attacks. But for hackers, what is more tempting than hacking something that should be immune to their attempts? Perhaps it's no real surprise that Kaspersky Labs - the Russian antivirus vendor - was subject to an attack this weekend. According to ZDNet, the company's US website was affected when hackers exposed its customer database. However, Kaspersky was quick to claim that data was not compromised and that the vulnerability is not critical. What's more, the hacker - who claimed to have made it into the databases with the help of an SQL injection attack - announced on hackersblog.org that the confidential data they accessed would not be released.
Kaspersky issued a statement concerning the unfortunate event in which it suggested that a subsection of its usa.kaspersky.com domain was vulnerable.
The company said: "The site was only vulnerable for a very brief period, and upon detection of the vulnerability we immediately took action to roll back the subsection of the site and the vulnerability was eliminated within 30 minutes of detection. The vulnerability wasn't critical and no data was compromised from the site."
However, industry news site The Register reported that an admin at hackersblog.com claimed that the hacker had exposed the flaw days earlier and had only gone public with the information when they received no answer from the Kaspersky employees they contacted. If this is the case it will do nothing for Kaspersky's reputation; if, and when, you get burned online the best solution is to be honest about it - especially when customers could fear that their privacy is at stake.
English
German/Deutsch
Norwegian/Norsk
Swedish/Svenska
Italian/Italiano
French/Français
Spanish/Español
Latest News
RSS News Feeds
Related Articles
