Thursday, November 26, 2015
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
German ISPs May Block Music-sharing Sites: court
Study Says HTTPS Certificate and SSH Key Reuse Endangers Millions of Devices Worldwide
SK Hynix Rejects Chinese Take-over Offer
New Huawei Mate 8 Smartphone Launched With Kirin 950 Inside
Samsung's New DDR4 with TSV Gives a Boost To Data Centers and Servers
New Raspberry Pi Zero Is A $5 Tiny Computer
Panasonic's CX Ultra HD Smart TVs Bring 4K Closer To Home
New LG Ray Smartphone Focuses On Photo Shooting
Active Discussions
roxio issues with xp pro
How to back up a PS2 DL game
Copy a protected DVD?
How to burn a backup copy of The Frozen Throne
Help make DVDInfoPro better with dvdinfomantis!!!
Copied dvd's say blank in computer only
menu making
Optiarc AD-7260S review
 Home > News > General Computing > F-Secur...
Last 7 Days News : SU MO TU WE TH FR SA All News

Friday, February 13, 2009
F-Secure Web site Hit By SQL Injection Attack

F-secure was hit by an SQL injection attack which was partly successful, according to the security firm.

The attack was performed by a Romanian group yesterday. According to F-secure, the group had been doing SQL injection attacks on several security vendor's websites during the week.

The attackers managed to find a security hole in one of the F-secure's servers, which the company used in gathering malware statistics. The server had a page that didn't properly sanitize input and was therefore vulnerable to attack. According to F-secure, defense-in-depth strategies followed did not allow the attack to succeed.

"Although the attackers were able to read information from the database they couldn't write or manipulate it. And they couldn't access any other data on that server because the SQL user only had access to its own database, which only contains public information that is shown on our statistics pages. So while the attack is something we must learn from and points at things we need to improve, it's not the end of the world," F-secure said.

SQL injection is a type of attack that is growing in popularity. It is code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. This type of attck can also be used to steal information, and to show that an attack is possible.

Earlier this week, a similar attack had been reported at the United States web site of the Kaspersky Labs security firm.

Adobe Announces Flash Player For Mobiles        All News        Google Exits Radio but Will Explore Online Streaming Audio
Skype for Windows Mobile 2.5 Gold Released     General Computing News      Google Exits Radio but Will Explore Online Streaming Audio

Get RSS feed Easy Print E-Mail this Message

Related News
Cisco Identifies Virus That Kills Off PCs
Researchers Identify iOS Espionage App
Researchers Identify New iOS Vulnerability
Dropbox, WordPress Used To Spread Malware
Microsoft Says Viruses Are Back On The Rise
First Targeted Attack Utilising Malware for Android Devices Reported
Cyber Attack Targets Nato, Government Websites
Stuxnet Roots Found Back in 2005
Java Exploit Behind "Red October" Cyber Attacks
FTC Warns Small Businesses Of Spam Email
Kaspersky Says 'Red October' Virus Has Been Targeting Diplomatic and Government Agencies
Kaspersky Discovers New version Of Flams Virus

Most Popular News
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2015 - All rights reserved -
Privacy policy - Contact Us .