Tuesday, September 16, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
IBM Offers Watson Data Tool To the Mainstream
Microsoft Releases New Arc Touch Bluetooth Mouse, PC Accessories
Toshiba Introduces New Exceria UHS-I SD Memory Cards, Transmemory Flash Drive
Nvidia SHIELD Tablet Gets 32GB Storage and 4G LTE
Micron M600 SSD Released With Dynamic SLC Cache
Orange to Buy Spanish Operator Jazztel
US Government Data Requests Increased: Google
Wi-Fi Alliance Enhances Wi-Fi CERTIFIED Wi-Fi Direct
Active Discussions
help questions structure DVDR
Made video, won't play back easily
Questions durability monitor LCD
Questions fungus CD/DVD Media, Some expert engineer in optical media can help me?
CD, DVD and Blu-ray burning for Android in development
IBM supercharges Power servers with graphics chips
Werner Vogels: four cloud computing trends for 2014
Video editing software.
 Home > News > General Computing > F-Secur...
Last 7 Days News : SU MO TU WE TH FR SA All News

Friday, February 13, 2009
F-Secure Web site Hit By SQL Injection Attack


F-secure was hit by an SQL injection attack which was partly successful, according to the security firm.

The attack was performed by a Romanian group yesterday. According to F-secure, the group had been doing SQL injection attacks on several security vendor's websites during the week.

The attackers managed to find a security hole in one of the F-secure's servers, which the company used in gathering malware statistics. The server had a page that didn't properly sanitize input and was therefore vulnerable to attack. According to F-secure, defense-in-depth strategies followed did not allow the attack to succeed.

"Although the attackers were able to read information from the database they couldn't write or manipulate it. And they couldn't access any other data on that server because the SQL user only had access to its own database, which only contains public information that is shown on our statistics pages. So while the attack is something we must learn from and points at things we need to improve, it's not the end of the world," F-secure said.

SQL injection is a type of attack that is growing in popularity. It is code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. This type of attck can also be used to steal information, and to show that an attack is possible.

Earlier this week, a similar attack had been reported at the United States web site of the Kaspersky Labs security firm.


Previous
Next
Adobe Announces Flash Player For Mobiles        All News        Google Exits Radio but Will Explore Online Streaming Audio
Skype for Windows Mobile 2.5 Gold Released     General Computing News      Google Exits Radio but Will Explore Online Streaming Audio

Get RSS feed Easy Print E-Mail this Message

Related News
Dropbox, WordPress Used To Spread Malware
Microsoft Says Viruses Are Back On The Rise
First Targeted Attack Utilising Malware for Android Devices Reported
Cyber Attack Targets Nato, Government Websites
Stuxnet Roots Found Back in 2005
Java Exploit Behind "Red October" Cyber Attacks
FTC Warns Small Businesses Of Spam Email
Kaspersky Says 'Red October' Virus Has Been Targeting Diplomatic and Government Agencies
Kaspersky Discovers New version Of Flams Virus
Microsoft Warns Of New IE Security Breach
Microsoft Disrupts Nitol Botnet
Kaspersky Discovers New IT Virus Linked To Stuxnet

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .