{"id":1213,"date":"2009-02-09T09:43:32","date_gmt":"2009-02-09T08:43:32","guid":{"rendered":"http:\/\/www.itwriting.com\/blog\/1213-kaspersky-site-hacked-through-sql-injection.html"},"modified":"2009-02-09T09:43:32","modified_gmt":"2009-02-09T08:43:32","slug":"kaspersky-site-hacked-through-sql-injection","status":"publish","type":"post","link":"https:\/\/www.itwriting.com\/blog\/1213-kaspersky-site-hacked-through-sql-injection.html","title":{"rendered":"Kaspersky site hacked through SQL injection"},"content":{"rendered":"<p>There are millions of sites out there vulnerable to SQL injection; apparently one of them (at least until yesterday) was that of the security software vendor <a href=\"http:\/\/www.kaspersky.com\" target=\"_blank\">kaspersky.com<\/a>. A hacker codenamed unu <a href=\"http:\/\/hackersblog.org\/2009\/02\/07\/usakasperskycom-hacked-full-database-acces-sql-injection\/\" target=\"_blank\">posted details<\/a> \u2013 not all the details, but enough to show that the vulnerability was real. The hack exposed username tables and possibly personal details. Reddit <a href=\"http:\/\/www.reddit.com\/r\/programming\/comments\/7vrs1\/usakasperskycom_hacked_full_database_access_sql\/\" target=\"_blank\">has a discussion<\/a> of the programming issues. <a href=\"http:\/\/www.theregister.co.uk\/2009\/02\/09\/kaspersky_compromise_follow_up\/\" target=\"_blank\">According to the Reg<\/a>, Kaspersky had been warned but took no action:<\/p>\n<blockquote>\n<p>I have sent emails to info@kaspersky.com, forum@kaspersky.com, and webmaster@kaspersky.com warning Kasperky [sic] about the problem but I didn&#8217;t get any response,&quot; Unu, the hacker, said in an email. &quot;After some time, still having no response from Kaspersky, I have published the article on hackersblog.org regarding the vulnerability.<\/p>\n<\/blockquote>\n<p>The trouble with those kinds of email addresses is that they are unlikely to get to the right people. It\u2019s still disappointing; and also disappointing that there is currently no mention of the issue (that I can see) on Kaspersky\u2019s site. The company\u2019s response to the security hole is equally as important as the vulnerability itself. When <a href=\"http:\/\/www.itwriting.com\/blog\/date\/2007\/03\/03\" target=\"_blank\">WordPress was hacked<\/a>, founder Matt Mullenweg was everywhere responding to comments \u2013 <a href=\"http:\/\/www.itwriting.com\/blog\/147-wordpress-hacked-where-do-we-go-from-here.html#comment-6294\" target=\"_blank\">on this blog<\/a>, for example. I liked that a lot.<\/p>\n<p><div class=\"wlWriterEditableSmartContent\" id=\"scid:0767317B-992E-4b12-91E0-4F059A8CECA8:f914d2af-8a29-462f-844d-66040fa8c515\" style=\"padding-right: 0px; display: inline; padding-left: 0px; float: none; padding-bottom: 0px; margin: 0px; padding-top: 0px\">Technorati tags: <a href=\"http:\/\/technorati.com\/tags\/kaspersky\" rel=\"tag\">kaspersky<\/a>, <a href=\"http:\/\/technorati.com\/tags\/sql+injection\" rel=\"tag\">sql injection<\/a>, <a href=\"http:\/\/technorati.com\/tags\/mysql\" rel=\"tag\">mysql<\/a><\/div><\/p>\n","protected":false},"excerpt":{"rendered":"<p>There are millions of sites out there vulnerable to SQL injection; apparently one of them (at least until yesterday) was that of the security software vendor kaspersky.com. A hacker codenamed unu posted details \u2013 not all the details, but enough to show that the vulnerability was real. The hack exposed username tables and possibly personal &hellip; <a href=\"https:\/\/www.itwriting.com\/blog\/1213-kaspersky-site-hacked-through-sql-injection.html\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Kaspersky site hacked through SQL injection<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[75,80,83],"tags":[],"class_list":["post-1213","post","type-post","status-publish","format-standard","hentry","category-security","category-software-development","category-sql"],"_links":{"self":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/posts\/1213","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/comments?post=1213"}],"version-history":[{"count":0,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/posts\/1213\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/media?parent=1213"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/categories?post=1213"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/tags?post=1213"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}