» Japanese Symantec Site Hacked!

[MaXe]

Yesterday, a romanian hacker nicknamed ``Unu´´ disclosed on his
blog that Symantecs website was vulnerable to Blind SQL Injection.

A proof of concept made by using Pangolin:


At the moment Symantec has taken the affected part of their website
offline for further analysis until the problem is fixed. After receiving the
notification from the hacker, they issued a public announcement:

Quote:

A SQL injection vulnerability has been identified at pcd.symantec.com.

The Web site facilitates customer support for users of Symantec's Norton-
branded products in Japan and South Korea only. This incident does not
affect Symantec customers anywhere else in the world. This incident
impacts customer support in Japan and South Korea but does not affect
the safety and usage of Symantec's Norton-branded consumer products.

Symantec is currently in the process of updating the Web site with
appropriate security measures and will bring it back online as soon as
possible. Symantec is still investigating the incident and has no further
details to share at this time.

It's sad to see that major companies like Symantec doesn't have security
checks on everything they implement and publish on the Internet though
human errors are something that will always happen.

Earlier this year the hacker nicknamed ``Unu´´ also disclosed that Kaspersky's
website was vulnerable. Last year, many other major security companies
such as F-Secure were hacked as well due to SQL Injection.

References:
Unu's Blog: Symantec Exposed Passwords, Serials, etc..
The Register: Symantec Japan website bamboozled by hacker
BlogSpot: Symantec Site Vulnerable to Blind SQL Injection


All of the best,
MaXe

[K1llTh3C0rruption]

Still, pretty impressive program.
too bad the professional edition is $2000.

I wonder if there's a torrent floating around somewhere.

[jrey]

Yeah this is pretty scary when the security companies can't secure their sites to something like sql injection at least it was blind but still... common!!