Security News and Feeds News and events concerning the IT world.

InterN0T Affiliates:
EvilZonepy1337

SirCapsAlot.NET

Reply
 
LinkBack Thread Tools Display Modes
  #1  
Old 24th November 2009, 15:40
MaXe's Avatar
Studying shellcode..
 
Join Date: Jun 2008
Location: Sweden - Ljusdal
Posts: 3,405
Blog Entries: 36
Rep Power: 10
Reputation: 198
MaXe has made his way up the systemMaXe has made his way up the system
Japanese Symantec Site Hacked!

Yesterday, a romanian hacker nicknamed ``Unu´´ disclosed on his
blog that Symantecs website was vulnerable to Blind SQL Injection
.

A proof of concept made by using Pangolin:


At the moment Symantec has taken the affected part of their website
offline for further analysis until the problem is fixed. After receiving the
notification from the hacker, they issued a public announcement:

Quote:
A SQL injection vulnerability has been identified at pcd.symantec.com.

The Web site facilitates customer support for users of Symantec's Norton-
branded products in Japan and South Korea only. This incident does not
affect Symantec customers anywhere else in the world. This incident
impacts customer support in Japan and South Korea but does not affect
the safety and usage of Symantec's Norton-branded consumer products.

Symantec is currently in the process of updating the Web site with
appropriate security measures and will bring it back online as soon as
possible. Symantec is still investigating the incident and has no further
details to share at this time.
It's sad to see that major companies like Symantec doesn't have security
checks on everything they implement and publish on the Internet though
human errors are something that will always happen.

Earlier this year the hacker nicknamed ``Unu´´ also disclosed that Kaspersky's
website was vulnerable. Last year, many other major security companies
such as F-Secure were hacked as well due to SQL Injection.

References:
Unu's Blog: Symantec Exposed Passwords, Serials, etc..
The Register: Symantec Japan website bamboozled by hacker
BlogSpot: Symantec Site Vulnerable to Blind SQL Injection


All of the best,
MaXe
__________________

Quote:
Originally Posted by Norph
MaXe, I really doubt that you are able to browse ANY site more than 2 minutes before you start pwning it xD
Reply With Quote
  #2  
Old 21st December 2009, 02:58
K1llTh3C0rruption's Avatar
 
Join Date: Nov 2009
Location: US
Posts: 66
Rep Power: 4
Reputation: 41
K1llTh3C0rruption is on the way to become something
Re: Japanese Symantec Site Hacked!

Still, pretty impressive program.
too bad the professional edition is $2000.

I wonder if there's a torrent floating around somewhere.
Reply With Quote
  #3  
Old 4th January 2010, 22:25
 
Join Date: Dec 2009
Posts: 11
Rep Power: 4
Reputation: 1
jrey is an unknown memory address at this point
Re: Japanese Symantec Site Hacked!

Yeah this is pretty scary when the security companies can't secure their sites to something like sql injection at least it was blind but still... common!!
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
We got hacked TheXero General Hacking Discussions 11 6th June 2010 16:48
E-mail hacked CyberDevin The Offtopic Section 8 15th February 2010 17:37
How to get yourself hacked Tsukasa General Hacking Discussions 1 21st September 2009 12:23
[Global News] [+] Yahoo! News hacked ne011 Security News and Feeds 1 9th September 2009 20:58
Metasploit Site Hacked, But Not "Owned" MaXe Security News and Feeds 0 23rd June 2008 18:21


All times are GMT +2. The time now is 14:00.
Copyright ©2007 - Forever, InterN0T & Teh Unkwon

Hosted by 1and1