All the latest UK technology news, reviews and analysis
|
|
|
23 Nov 2009
The Romanian hacker who successfully broke into a web site owned by security vendor Kaspersky Lab has struck again, this time exposing shortcomings in a Symantec web server.
The hacker, known only as Unu, said in a blog post today that he was able to access a server belonging to the security giant using a blind SQL injection attack. Once in, he accessed sensitive information including customer address data and catalogue keys on the Symantec Store database.
The hacker also expressed outrage that user passwords were displayed in plain text and had not been encrypted.
"A secured bad parameter allows full access to Symantec servers, allows access to many sensitive data stored on this server," wrote Unu.
"So, it seems quite strange how a company like Symantec, which sells software and security solutions, the famous Norton for example, wants to protect ourselves. Instead, it is not able to protect its own database."
Symantec has confirmed the vulnerability at pcd.symantec.com, a Norton support web site for customers in Japan and South Korea only.
"This incident impacts customer support in Japan and South Korea but does not affect the safety and usage of Symantec's Norton-branded consumer products," the firm said in a statement.
"Symantec is currently in the process of updating the web site with appropriate security measures, and will bring it back online as soon as possible. Symantec is still investigating the incident, and has no further details to share at this time."
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Desktop Support Manager 3 month contract - to start...
/ Programme Manager / 45k / Significant benefits / London...
Automation Test Manager Selenium London 75k Automation...
Mitel 3300 Engineer Key skills Mitel 3300...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
No one is impervious
Even security giants Symantec are not impervious to being hacked. It goes to show that being secure is not so clear-cut as consumers believe or as security vendors have you believe (if you buy their product). With an evolving IT market there will always be vulnerabilities waiting to be exploited. It's a matter of who finds them first, the hacker or the security vendor.
Posted by: Pramatr IAM 24 Nov 2009