armandino
19-02-09, 00:50
Aceiasi pusti care au spart ejobs.ro / bestjobs.ro / noi2.ro/ fujitsu ... au atacat in data de 8 feb si siteul kaspersky
http://www.theregister.co.uk/2009/02/08/kaspersky_compromise_report/
http://news.cnet.com/8301-1009_3-10159640-83.html?part=rss&subj=news&tag=2547-1_3-0-20
http://www.tomsguide.com/us/Kaspersky-Hacker-Internet-Security,news-3456.html
.
http://cotidianul.ro/un_hacker_roman_a_spart_site_ul_kaspersky-72951.html
Prima data sa vedem versiunea, userul si numele bazei de date.
http://img150.imageshack.us/img150/1007/versionuserdatabaseaa4.jpg
Acum user host si password pentru mysql.user
http://img297.imageshack.us/img297/4880/mysqluserid5.jpg
http://img12.imageshack.us/img12/5052/usertablecolumnsqs7.jpg
Oficiali de la Kaspessky confirma acest atack si raspund cu urmatorul pasaj:
What really happened to usa.kaspersky.com/support
http://images.kaspersky.com/en/vldesign/e.gif
VitalyK February 09, 2009 | 21:25 GMT
comments (http://www.viruslist.com/en/weblog?discuss=208187633) (5) http://images.kaspersky.com/en/vldesign/arr_1.gif
We have seen quite a few different and controversial comments regarding the recent attack on usa.kaspersky.com/support. People have questions and want answers: what really happened and what risk did the penetration create?As a member of group dealing with the incident analysis I would like to share our results.
We confirm that the vulnerability existed in the new version of usa.kaspersky.com/support. We analyzed the log files and found requests with SQL injection. There were several attackers with IP addresses from Romanian ISPs. The requests were initially made with an automated tool - the screenshots showed that the hackers used a variant of an Acunetix tool.
Once the initial probes told the attackers that this section was vulnerable they attempted to manually exploit the vulnerability to get data about the structure of the database. They used an Information_Schema database to query existing table names and table columns. After collecting field names the attackers made a few attempts to extract the data from tables. Those queries failed because the attackers specified the wrong database. The attackers stopped after they got only the column and table names from the database and decided to go for glory. No data modification queries UPDATE,INSERT,DELETE... were logged.
After conducting the attack, the attackers decided to show off their ‘great code of ethics’ by sending Kaspersky an email - on a Saturday to several public email boxes. They gave us exactly 1 hour to respond. And posted on their blog without having received a response.
To sum up:
We are lucky the hackers proved to be more interested in fame than in causing damage
Secure development MUST be a key priority for web development - anywhere, anytime and all the time, and
It is a lesson to us all - check, check and re-check your processes and your code. "
Gurile rele spun ca bajeti le-au trims mail cu problemele lor de securitate la baza de date si acestia au inceput cu amenintarile cu legi si plimbari prin justitie :) Bajeti nostri au jucat tare si au spus ca vor trimite cele 150 mii de key pe site-urile cu warez :) ... Unuia dintre hackeri i s-a oferti un job in companie pt a scapa de posibilele key aruncate pe net :D
P.S. stiati ca : cei care folosesc kasp au ip-urile, detaliile pc-ului salvate + un fel de logger care inregistreaza cuvinte cheie ?
http://www.theregister.co.uk/2009/02/08/kaspersky_compromise_report/
http://news.cnet.com/8301-1009_3-10159640-83.html?part=rss&subj=news&tag=2547-1_3-0-20
http://www.tomsguide.com/us/Kaspersky-Hacker-Internet-Security,news-3456.html
.
http://cotidianul.ro/un_hacker_roman_a_spart_site_ul_kaspersky-72951.html
Prima data sa vedem versiunea, userul si numele bazei de date.
http://img150.imageshack.us/img150/1007/versionuserdatabaseaa4.jpg
Acum user host si password pentru mysql.user
http://img297.imageshack.us/img297/4880/mysqluserid5.jpg
http://img12.imageshack.us/img12/5052/usertablecolumnsqs7.jpg
Oficiali de la Kaspessky confirma acest atack si raspund cu urmatorul pasaj:
What really happened to usa.kaspersky.com/support
http://images.kaspersky.com/en/vldesign/e.gif
VitalyK February 09, 2009 | 21:25 GMT
comments (http://www.viruslist.com/en/weblog?discuss=208187633) (5) http://images.kaspersky.com/en/vldesign/arr_1.gif
We have seen quite a few different and controversial comments regarding the recent attack on usa.kaspersky.com/support. People have questions and want answers: what really happened and what risk did the penetration create?As a member of group dealing with the incident analysis I would like to share our results.
We confirm that the vulnerability existed in the new version of usa.kaspersky.com/support. We analyzed the log files and found requests with SQL injection. There were several attackers with IP addresses from Romanian ISPs. The requests were initially made with an automated tool - the screenshots showed that the hackers used a variant of an Acunetix tool.
Once the initial probes told the attackers that this section was vulnerable they attempted to manually exploit the vulnerability to get data about the structure of the database. They used an Information_Schema database to query existing table names and table columns. After collecting field names the attackers made a few attempts to extract the data from tables. Those queries failed because the attackers specified the wrong database. The attackers stopped after they got only the column and table names from the database and decided to go for glory. No data modification queries UPDATE,INSERT,DELETE... were logged.
After conducting the attack, the attackers decided to show off their ‘great code of ethics’ by sending Kaspersky an email - on a Saturday to several public email boxes. They gave us exactly 1 hour to respond. And posted on their blog without having received a response.
To sum up:
We are lucky the hackers proved to be more interested in fame than in causing damage
Secure development MUST be a key priority for web development - anywhere, anytime and all the time, and
It is a lesson to us all - check, check and re-check your processes and your code. "
Gurile rele spun ca bajeti le-au trims mail cu problemele lor de securitate la baza de date si acestia au inceput cu amenintarile cu legi si plimbari prin justitie :) Bajeti nostri au jucat tare si au spus ca vor trimite cele 150 mii de key pe site-urile cu warez :) ... Unuia dintre hackeri i s-a oferti un job in companie pt a scapa de posibilele key aruncate pe net :D
P.S. stiati ca : cei care folosesc kasp au ip-urile, detaliile pc-ului salvate + un fel de logger care inregistreaza cuvinte cheie ?