Kaspersky Lab's Portuguese Website Compromised

[chlorophyll]

Kaspersky Lab's online presence in Portugal has been targeted by a Romanian hacker, who used SQL injection to obtain unrestricted access to the database. According to the attacker, the website contained, at the very least, product licensing information.

The self-confessed grey hacker goes by the moniker of "TinKode" and was inspired to perform this unauthorized research on the kaspersky.com.pt website by the actions of his fellow countryman "Unu." The latter is a security enthusiast who grabbed international headlines after he demonstrated serious security vulnerabilities on the websites of several anti-virus vendors, including Kaspersky.

"Kaspersky, from what i know has been hacked by 'unu' with MySQLi. So I said to try to see if I could find a vulnerability!" writes TinKode, referring to the February incident, which involved Kaspersky's USA support site. According to him, it only took five minutes to locate an insecure parameter on the kaspersky.com.pt.

This allowed him to instrument an SQL injection attack against the underlying PostgreSQL database server. This type of vulnerabilities allow attackers to execute rogue SQL queries and extract information from website databases without authorization.

However, unlike Unu, who grabbed pieces of sensitive data for demonstrative purposes, TinKode claims that he did not extract any content from the database. "I wasn’t concerned about the content, I only 'got' the names of databases, tables and columns," he explains. Some examples of databases present on the server are estkaspersky, license, acessosclientes (clients access) or licencefmota.

Even though their actions are not authorized by the companies they target, grey hat hackers such as Unu or TinKode do follow an ethical code of their own making. They sometimes decide to obfuscate potentially sensitive information in their screenshots or notify the affected companies in advance of going public.

It is worth noting that kaspersky.com.pt appears to be maintained by a local business partner called iPortalMais. While this might theoretically absolve the Russian security vendor of some responsibility, it’s unlikely that users will see past Kaspersky's name, logo and even website template being used.

Incidents such as this should serve as a reminder to companies who entrust other parties with their branding elements, to make sure their reputation is upheld accordingly. On a side note, in this case, TinKode did not contact Kaspersky, but we did and will update our article as soon as we get a response from them.

source;;;softpedia

[chlorophyll]

hhhhmmmm,,someone hacked their website,,its too ridiculous,,guys what do u say about this,,???where about kaspersky self protection??pls comment on this article,,,

[DKT27]

SQL injection? And by a grey hat? Cmon you call these companies security specialists? They cannot keep their own sites secure.

[shought]

The people who create/operate their website(s) mostly have nothing to do with the antivirus/antispyware/firewall designing part of the business, so I wouldn't read too much into this ;)

[Anas]

I disagree, there are no computer or security system that can stop a talented haker, com on they even haked the pentagon...

[DKT27]

That's only half true. If they are security specialists and they offer security, they have to keep themselves perfect.

By SQLi attack, it seems to me that they are runnin a careless and unsecured site, similar to the normal sites that are vulnerable.