Symantec falls as Romanian hacker strikes again

Powered by SC Magazine
 

SQL injection attack exposes customer data.

The Romanian hacker who successfully broke into a web site owned by security vendor Kaspersky Lab has struck again, this time exposing shortcomings in a Symantec web server.

The hacker, known only as Unu, said in a blog post today that he was able to access a server belonging to the security giant using a blind SQL injection attack.

Once in, he accessed sensitive information including customer address data and catalogue keys on the Symantec Store database.

The hacker also expressed outrage that user passwords were displayed in plain text and had not been encrypted.

"A secured bad parameter allows full access to Symantec servers, allows access to many sensitive data stored on this server," wrote Unu.

"So, it seems quite strange how a company like Symantec, which sells software and security solutions, the famous Norton for example, wants to protect ourselves. Instead, it is not able to protect its own database."

Symantec has confirmed the vulnerability at pcd.symantec.com, a Norton support web site for customers in Japan and South Korea only.

"This incident impacts customer support in Japan and South Korea but does not affect the safety and usage of Symantec's Norton-branded consumer products," the firm said in a statement.

"Symantec is currently in the process of updating the web site with appropriate security measures, and will bring it back online as soon as possible. Symantec is still investigating the incident, and has no further details to share at this time."

Copyright ©v3.co.uk


Symantec falls as Romanian hacker strikes again
 
 
 
Top Stories
Myer CIO named retailer's new chief executive
Richard Umbers to lead data-driven retail strategy.
 
Empty terminals and mountains of data
Qantas CIO Luc Hennekens says no-one is safe from digital disruption.
 
BoQ takes $10m hit on Salesforce CRM
Regulatory hurdles end cloud pilot.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  35%
 
Your insurance company
  5%
 
A technology company (Google, Facebook et al)
  9%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  4%
 
A Federal Government agency (ATO, Centrelink etc)
  18%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  7%
TOTAL VOTES: 4115

Vote
Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
  27%
 
I DON'T support shutting the OAIC.
  73%
TOTAL VOTES: 1403

Vote