Thursday, July 30, 2015
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Researchers Showcase Javascript-based Attack On a Computer's DRAM
Hackers Used Twitter hashtags To Extract Data From Compromised Networks
Facebook Unveils New Security Checkup Tool
Court of Appeals Rejects Google's Move To Overturn Microsoft's Patent Royalty Victory
Toshiba Expands Lineup of Phase Detection Auto-Focus-equipped CMOS Image Sensors for Smartphones
Sony Profit Rises Following Demand For Mobile Cameras
Facebook Profit Fell In 2Q
Galaxy S6 Sales Not Enough To Keep Samsung's Profit High
Active Discussions
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
How to burn a backup copy of The Frozen Throne
Help make DVDInfoPro better with dvdinfomantis!!!
Copied dvd's say blank in computer only
menu making
Optiarc AD-7260S review
 Home > News > General Computing > F-Secur...
Last 7 Days News : SU MO TU WE TH FR SA All News

Friday, February 13, 2009
F-Secure Web site Hit By SQL Injection Attack


F-secure was hit by an SQL injection attack which was partly successful, according to the security firm.

The attack was performed by a Romanian group yesterday. According to F-secure, the group had been doing SQL injection attacks on several security vendor's websites during the week.

The attackers managed to find a security hole in one of the F-secure's servers, which the company used in gathering malware statistics. The server had a page that didn't properly sanitize input and was therefore vulnerable to attack. According to F-secure, defense-in-depth strategies followed did not allow the attack to succeed.

"Although the attackers were able to read information from the database they couldn't write or manipulate it. And they couldn't access any other data on that server because the SQL user only had access to its own database, which only contains public information that is shown on our statistics pages. So while the attack is something we must learn from and points at things we need to improve, it's not the end of the world," F-secure said.

SQL injection is a type of attack that is growing in popularity. It is code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. This type of attck can also be used to steal information, and to show that an attack is possible.

Earlier this week, a similar attack had been reported at the United States web site of the Kaspersky Labs security firm.


Previous
Next
Adobe Announces Flash Player For Mobiles        All News        Google Exits Radio but Will Explore Online Streaming Audio
Skype for Windows Mobile 2.5 Gold Released     General Computing News      Google Exits Radio but Will Explore Online Streaming Audio

Get RSS feed Easy Print E-Mail this Message

Related News
Cisco Identifies Virus That Kills Off PCs
Researchers Identify iOS Espionage App
Researchers Identify New iOS Vulnerability
Dropbox, WordPress Used To Spread Malware
Microsoft Says Viruses Are Back On The Rise
First Targeted Attack Utilising Malware for Android Devices Reported
Cyber Attack Targets Nato, Government Websites
Stuxnet Roots Found Back in 2005
Java Exploit Behind "Red October" Cyber Attacks
FTC Warns Small Businesses Of Spam Email
Kaspersky Says 'Red October' Virus Has Been Targeting Diplomatic and Government Agencies
Kaspersky Discovers New version Of Flams Virus

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2015 - All rights reserved -
Privacy policy - Contact Us .