Thursday, October 30, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
YouTube Now Supports 60fps Videos
Samsung Brings Gear S to U.S. Next Week
Corsair Introduces Sabre RGB Mice For Gamers
Ubisoft's Assassin's Creed Unity Included with Purchase of Samsung UD590 Monitor or 850 PRO Series SSD
Apple's Tim Cook Declares His Sexual Orientation
Motorola Becomes Part Of Lenovo
US Film Industry Wants To Ban Smartwatches And Smart Glasses From Theaters
MSI Releases The X99S MPower Motherboard
Active Discussions
Copied dvd's say blank in computer only
Made video, won't play back easily
New Features In Firefox 33
updated tests for dvd and cd burners
How to generate lots of different CDs quickly
Yamaha CRW-F1UX
help questions structure DVDR
Questions durability monitor LCD
 Home > News > General Computing > F-Secur...
Last 7 Days News : SU MO TU WE TH FR SA All News

Friday, February 13, 2009
F-Secure Web site Hit By SQL Injection Attack


F-secure was hit by an SQL injection attack which was partly successful, according to the security firm.

The attack was performed by a Romanian group yesterday. According to F-secure, the group had been doing SQL injection attacks on several security vendor's websites during the week.

The attackers managed to find a security hole in one of the F-secure's servers, which the company used in gathering malware statistics. The server had a page that didn't properly sanitize input and was therefore vulnerable to attack. According to F-secure, defense-in-depth strategies followed did not allow the attack to succeed.

"Although the attackers were able to read information from the database they couldn't write or manipulate it. And they couldn't access any other data on that server because the SQL user only had access to its own database, which only contains public information that is shown on our statistics pages. So while the attack is something we must learn from and points at things we need to improve, it's not the end of the world," F-secure said.

SQL injection is a type of attack that is growing in popularity. It is code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. This type of attck can also be used to steal information, and to show that an attack is possible.

Earlier this week, a similar attack had been reported at the United States web site of the Kaspersky Labs security firm.


Previous
Next
Adobe Announces Flash Player For Mobiles        All News        Google Exits Radio but Will Explore Online Streaming Audio
Skype for Windows Mobile 2.5 Gold Released     General Computing News      Google Exits Radio but Will Explore Online Streaming Audio

Get RSS feed Easy Print E-Mail this Message

Related News
Dropbox, WordPress Used To Spread Malware
Microsoft Says Viruses Are Back On The Rise
First Targeted Attack Utilising Malware for Android Devices Reported
Cyber Attack Targets Nato, Government Websites
Stuxnet Roots Found Back in 2005
Java Exploit Behind "Red October" Cyber Attacks
FTC Warns Small Businesses Of Spam Email
Kaspersky Says 'Red October' Virus Has Been Targeting Diplomatic and Government Agencies
Kaspersky Discovers New version Of Flams Virus
Microsoft Warns Of New IE Security Breach
Microsoft Disrupts Nitol Botnet
Kaspersky Discovers New IT Virus Linked To Stuxnet

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .