The official Malaysian Kaspersky Antivirus’s website has been hacked yesterday by a Turkish cracker going by the handle of “m0sted”. Along with it, the same cracker hacked also the official Kaspersky S.E.S. online shop and its several other subdomains. The attacker reported “patriotism” as the reason behind the attack and “SQL Injection” as the technical way the intrusion was performed.
Both websites has been home page defaced (sic) as well as several other secondary pages. The incident, though appearing a simple website defacement, might carry along big risks for end-users because from both the websites, evaluation copies of the Kaspersky Antivirus are distributed to the public. In theory, the attacker could have uploaded trojanized versions of the antivirus, infecting in this way the unaware users attempting a download from a trusted Kaspersky’s file repository (remember the trojan in the Debian file repository?).
Though i don't know much about SQL injection but i heard about it when RIAA website also get hacked.Any one can raise question about that if these website belonging to world's most reputed anti virus and internet security service provider can get hacked then guess who is safe on internet.
Here is what expert says "Both of the websites that were attacked are managed using third-party hosting. The sites have never been publicly accessible as they are still under construction.
Since the websites are still being developed, they haven’t yet been fully secured. Naturally appropriate security features will be implemented before the sites go live.
This situation can be compared to a thief breaking into an empty house that is still under construction and has not been yet properly secured. Breaking in is therefore an easy task, but in such cases there is nothing to steal or damage – the websites are not yet live and are not linked to other Kaspersky Lab corporate websites. It seems clear that the attacker’s only motive was to attract attention.
This attack could therefore not harm users in any way. Additionally, it will not be possible to use this attack method once the websites have been officially launched."
That may act as sign of some kind of relief to internet user.
Here is what expert says "Both of the websites that were attacked are managed using third-party hosting. The sites have never been publicly accessible as they are still under construction.
Since the websites are still being developed, they haven’t yet been fully secured. Naturally appropriate security features will be implemented before the sites go live.
This situation can be compared to a thief breaking into an empty house that is still under construction and has not been yet properly secured. Breaking in is therefore an easy task, but in such cases there is nothing to steal or damage – the websites are not yet live and are not linked to other Kaspersky Lab corporate websites. It seems clear that the attacker’s only motive was to attract attention.
This attack could therefore not harm users in any way. Additionally, it will not be possible to use this attack method once the websites have been officially launched."
That may act as sign of some kind of relief to internet user.
0 comments:
Post a Comment