Monday, October 24, 2016
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Samsung Galaxy Note 7 Customers To Get New Galaxy Note 8 Or Galaxy S8 Smartphones Half Price
AT&T to Acquire Time Warner For $85.4B
Internet Disruptions Were Caused By Attacked Connected Devices
TSMC, GlobalFoundries/Samsung To Present Their 7nm Platforms At IEDM
Hon Hai Gains Apple Mac Orders From Quanta
AT&T In Advanced Talks With Time Warner On Merger
LG's Next Flagship G6 Smartphone Won't be Modular
Samsung to Exchange Galaxy Note 7 with New Galaxy S8
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > General Computing > F-Secur...
Last 7 Days News : SU MO TU WE TH FR SA All News

Friday, February 13, 2009
F-Secure Web site Hit By SQL Injection Attack

F-secure was hit by an SQL injection attack which was partly successful, according to the security firm.

The attack was performed by a Romanian group yesterday. According to F-secure, the group had been doing SQL injection attacks on several security vendor's websites during the week.

The attackers managed to find a security hole in one of the F-secure's servers, which the company used in gathering malware statistics. The server had a page that didn't properly sanitize input and was therefore vulnerable to attack. According to F-secure, defense-in-depth strategies followed did not allow the attack to succeed.

"Although the attackers were able to read information from the database they couldn't write or manipulate it. And they couldn't access any other data on that server because the SQL user only had access to its own database, which only contains public information that is shown on our statistics pages. So while the attack is something we must learn from and points at things we need to improve, it's not the end of the world," F-secure said.

SQL injection is a type of attack that is growing in popularity. It is code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. This type of attck can also be used to steal information, and to show that an attack is possible.

Earlier this week, a similar attack had been reported at the United States web site of the Kaspersky Labs security firm.

Adobe Announces Flash Player For Mobiles        All News        Google Exits Radio but Will Explore Online Streaming Audio
Skype for Windows Mobile 2.5 Gold Released     General Computing News      Google Exits Radio but Will Explore Online Streaming Audio

Get RSS feed Easy Print E-Mail this Message

Related News
Cisco Identifies Virus That Kills Off PCs
Researchers Identify iOS Espionage App
Researchers Identify New iOS Vulnerability
Dropbox, WordPress Used To Spread Malware
Microsoft Says Viruses Are Back On The Rise
First Targeted Attack Utilising Malware for Android Devices Reported
Cyber Attack Targets Nato, Government Websites
Stuxnet Roots Found Back in 2005
Java Exploit Behind "Red October" Cyber Attacks
FTC Warns Small Businesses Of Spam Email
Kaspersky Says 'Red October' Virus Has Been Targeting Diplomatic and Government Agencies
Kaspersky Discovers New version Of Flams Virus

Most Popular News
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2016 - All rights reserved -
Privacy policy - Contact Us .