Categories: Security

Hacker Embarrasses Symantec website

There were red faces at Symantec after the same hacker who penetrated Kaspersky’s website earlier in the year, also hacked Symantec’s Japanese support website.

The Romanian hacker known as Unu, who earlier this year uncovered a hole in a website run by Kaspersky Lab, exploited a blind SQL injection problem to get his hands on clear-text passwords associated with customer records and other data.

Unu used sqlmap and Pangolin to demonstrate the vulnerability, and published screenshots to his blog. According to Symantec, the vulnerability was on its pcd.symantec.com site, which is used to facilitate customer support for Symantec’s Norton products in Japan and South Korea.

“At this time, we believe that this incident does not affect Symantec customers anywhere else in the world,” a Symantec spokesperson said. “This incident impacts customer support in Japan and South Korea but does not affect the safety and usage of Symantec’s Norton-branded consumer products. Symantec is currently in the process of ensuring that the website is appropriately secured and will bring it back online as soon as possible.”

According to Unu, his goal was not to cause harm, but to create a stir so the problem would be fixed.

“If you remember, in February, Kaspersky faced with a sql injection,” he blogged. “Then they had the courage to admit vulnerability… There was fair play, they quickly secured vulnerable parameter, and even if at first they were very angry at me, finally understood that I did not extract (data), I saved nothing… My goal was, what (it) is still, to warn. To call attention.”

Trend Micro Advanced Threats Researcher Rik Ferguson said the incident serves as a reminder to follow best practices when it comes to securing web applications. Sensitive data should never be stored in clear text, he blogged, and bounds checking of input data can help avoid buffer overflows and SQL injection attacks.

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

View Comments

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Northvolt Mulls US Bankruptcy Protection – Report

Troubled battery maker Northvolt reportedly considers Chapter 11 bankruptcy protection in the United States as…

2 hours ago

FTC Plans Investigation Into Microsoft Cloud Business – Report

Microsoft's cloud business practices are reportedly facing a potential anti-competitive investigation by the FTC

4 hours ago

Programmer Sentenced To Five Years In Prison For Bitcoin Laundering

Ilya Lichtenstein sentenced to five years in prison for hacking into a virtual currency exchange…

5 hours ago

Hate Speech Watchdog CCDH To Quit Musk’s X

Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…

22 hours ago

Meta Fined €798m Over Alleged Facebook Marketplace Violations

Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…

23 hours ago

Elon Musk Rebuked By Italian President Over Migration Tweets

Elon Musk continues to provoke the ire of various leaders around the world with his…

1 day ago