Jump to content
daatdraqq

Romanian Hacker Cracks Symantec

By daatdraqq, in Stiri securitate

Recommended Posts

daatdraqq Apprentice

daatdraqq

Posted
Posted

Romanian Hacker Cracks Symantec, International Herald Tribune

Unu claims SQL injection flaws in sites operated by Symantec, New York Times

Feb 19, 2009 | 05:28 PM

By Tim Wilson

DarkReading

The Romanian hacker who penetrated the Websites of three security vendors last week is now claiming two new victims: Symantec and The New York Times.

The hacker, known only as "unu," posted a blog about an SQL injection vulnerability found on one of Symantec's Websites, the Document Download Center of the Norton Resource Center For Resellers. The flaw "permits access to their databases," unu says, although he did not say which databases or what data is contained in them.

Ironically, the flaw was found on a login page that promotes the Norton line of security products, unu observes.

In a response posted to unu's Website, Symantec concedes that the page is flawed by "inconsistent exception handling," but it rejects unu's assertion that the bug could lead to database access.

"Upon thorough investigation, we have determined that the blind SQL injection is, in fact, not effective," Symantec says. "The difference in response between valid and injected queries exists because of inconsistent exception handling routine for language options. Thanks again for notifying us of the issue. We will have the modified page up again soon with better exception handling."

In a separate blog, unu also claims to have discovered an SQL injection vulnerability in the Website of the International Herald Tribune, the global edition of The New York Times.

"I discovered an unsecured parameter, which allows access to the database," unu says. "Besides the wealth of information in the database, we also found an interesting table containing login details of 161 affiliates, editors, reporters, and other associates of the famed newspaper."

The International Herald Tribune says the vulnerability has been patched, but concedes that some login details were exposed.

Unu says he's targeting other newspapers' Websites for further research.

sursa : http://www.darkreading.com

"unu" =)))))))) :-j

Link to comment
Share on other sites
Trompitza Newbie

Trompitza

Posted
Posted

Hackeri români, în aten?ia FBI

În urm? cu câteva zile, un alt hacker a ajuns pe paginile ziarelor. De data aceasta, jurnali?tii americani au relatat despre cazul unui român care ar fi spart site-ul publica?iei "The New York Times". Hackerul, cunoscut sub numele de "unu", oferea pe un blog informa?ii despre bazele de date nesecurizate ale diferitelor companii, pe care acesta le-ar fi accesat ilegal. Românul preciza c? a reu?it s? modifice site-ul unei companii, Symantec, profitând de o vulnerabilitate, o reclam? inserat? pe pagina de logare. Pe pagina respectiv? erau prezentate diferite produse ale firmei, Norton AntiVirus 2009 ?i Norton Internet Security, destinate întocmai securiz?rii calculatorului. Printre companiile ale c?ror pagini virtuale au fost atacate de "unu" se mai afl? produc?torul rus de software Kaspersky ?i ziarul "International Herald Tribune".

http://www.evz.ro/articole/detalii-articol/841278/Hacker-roman-angajat-de-procuratura-italiana/

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...