Kaspersky site hack expands to BitDefender and F-Secure

Following a successful SQL Injection attack on the Kaspersky Labs web site earlier this month, the hackers are claiming similar attacks on the web sites of BitDefender and F-Secure.

According to postings on the Hackersblog.org web site, the attacks form part of a concerted campaign by a group of hackers led by `Unu' who is intent on highlighting the fact that IT security vendors are not practising what they preach.

All three companies are reported to be boosting their website defences in the wake of the attacks, but the good news is that no data appears to have been stolen, Infosecurity notes.

In his/her posting on Hackersblog, Unu says that s/he is not disclosing the full methodology behind the attack on the Bitdefender site, as it is only a warning message to the company.

Unu claims that the news section of the Bitdefender web site "is acting weird when tested with the `trivial' SQLi test."

S/he also claims that the site is powered by an Apache 2.0.52 webserver, with PHP 4.3.9, running on a Linux Red Hat Enterprise 4 server, with a database backend of PostgreSQL.

Kaspersky and F-Secure, s/he says, "have been pretty open about the incidents that affected them, and appear to have learned something from them."

Infosecurity notes that Kaspersky Labs has hired a database security expert to review all its websites.

What’s hot on Infosecurity Magazine?