Kaspersky and BitDefender websites hacked

I can't believe no one has posted this already...

Kaspersky's USA website hacked

BitDefender's Portuguese website hacked

For both these 'hacks' unu claimed to use simple SQL injections.

The original posts for both these hacks can be found at HackersBlog:
Kaspersky Hack
BitDefender Hack

 

Kaspersky now blames the sub-contractor who developed the SQL code, which was installed some 10 days ago.
The guy 'Unu' has tried to contact Kaspersky folks for days in order to give them a chance to plug the hole but Kaspersky didn't respond, according to 'Unu' that is.
Kaspersky has stated that they received only emails, one hour before the screenshots were made public.

 

Ya I read about that. However, once the security vulnerability was posted about, Kaspersky said they had it fixed within 30 minutes. So even if they got emails one hour before, technically shouldn't they have been able to fix it then? Unless of course they didn't take it seriously until it was posted in public.

Kaspersky has also hired a third party consultant to review their security.

Lastly, BitDefender denies being connected with the BitDefender website being hacked - they say it is a "partner" website and not associated with them.

 

Very embarrassing for ANY security software company! I wonder who else has been breeched and have not disclosed it?

I guess I should move all my personal thermonuclear arming codes off my INTERNET connected laptop?

 

Oh... most places that claim to be secure aren't. That's the problem nowadays...

 

All I can say is, "Wow!"

Especially about this part..."The guy 'Unu' has tried to contact Kaspersky folks for days in order to give them a chance to plug the hole but Kaspersky didn't respond, according to 'Unu' that is." (if true)

 

There is the flaw - acording to.

Maybe he did contact them a day earlier, maybe he didn't...
We don't know.
Of course Kaspersky will deny making a serious error too.

So basically - we really should just learn from this that nothing that is online is really secure.

 

So in summary, we do know that he contacted them exactly an hour before, because they admitted it. And they did not deny making a serious error, but admitted to it...

an honorable company in my opinion.... unlike Norton...

 

Well - the 1 hour that they stated can be skewed in their favour

But I have to agree - it is honourable to at least agree to having made an error.

 

This is an evidence that Kaspersky AV used for business is not the same as the one used to protect the de facto chiefs of Kasperski - Russia's FSB (ex KGB) headquarters in the huge building near to Kremlin in Moscow.

 

We know you don't like Kaspersky, but this has got absolutely nothing to do with the actual anti virus software.

This is about a website which Kaspersky has had redesigned by a 2nd party contractor.

And that "huge building" is called "Lublianka".

 

Lubyanka (Лубянка , in fact.

 

Maybe the SQL subcontractor for the US Kaspersky site was actually an FSB agent, posing as a CIA agent, attempting to fake a double cross conspiracy to..., to...., to make ivar lose a couple of nights of sleep?

 

lol ^^^^^^^^ that sure gave me a good laugh

 

You mean Detlef's blind reproduction of Kaspersky's Lab PR about a mythical subcontractor (that, again, americans would be those to blame)? I woudn't lough here.

Do you trust the security of you computer to the company which is saving and not pereviewing the code it has started to use 10 years ago, not to say the company with close ties with Russian FSB?

 

you're right... theres conspiracy afoot... [looks around]

lol...