Tuesday, February 10, 2009

Kaspersky US Site hacked, so what?

In the Kaspersky US hack, which was discovered last Saturday, no sensitive or customer data was compromised but to allay concerns about the severity of the problem, Kaspersky Lab has hired David Litchfield, an expert in database security, to conduct an independent audit of the systems involved. A section of Kaspersky's new U.S. support site was breached by someone using a SQL injection attack. After conducting the attack, the attackers decided to show off their ‘great code of ethics’ by sending Kaspersky Lab an email - on a Saturday to several public email boxes. They gave us exactly 1 hour to respond. And posted on their blog without having received a response. Obviously I am of course not happy about this and Kaspersky Lab is in the process of making the review process stricter than it currently is. Kaspersky Lab is doing everything to do the best forensics on this case and to prevent this from ever happening again.

At least some keypoints to remember in this case:
• NO data was compromised and KL hired a 3rd party organization to do an independent audit to confirm this.
• The attack happened on a subsection of the US site with no link to the ecommerce or global site. No KL websites other than the US site was attacked.
• This attack has nothing to do at all with the quality of our products of course!

You can read more about what really happened at the official Kaspersky blog.

Interesting for the more technical reader ... it seems that a variant of the Acunetix tool was used to facilitate the attack.
Isn't that not a 'special' form of promotion? ;-)

And oh yes, I'm a little bit sick today (possibly catched a cold) but I'm using 'Sinutab' to clear up my personal health problem today.
So, does this change me, am I a different person now?
No, I'm still the old good Eddy with all his known skills. (I suppose so)
Do you know what I mean?