back to article Symantec Japan website bamboozled by hacker

A Symantec-run website was vulnerable to Blind SQL Injection problems that reportedly exposes a wealth of potentially sensitive information. Romanian hacker Unu used off-the-shelf tools (Pangolin and sqlmap) to steal a glimpse at the database behind Symantec's Japanese website. A peek at the Symantec store revealed by the hack …

COMMENTS

This topic is closed for new posts.
  1. adnim

    Pentest

    your own websites and databases. The tools are out there, they are free and they can be automated. What's more the results can be searched, so how hard can it be?

    There is no excuse for having a database vulnerable to injection, just as there is no excuse for storing passwords in plain text. I don't have an excuse for not testing my MySql backend yet, and to be honest I can't think of one so I better get my finger out and blindly poke it around my backend just in case

    Don't Symantec do security?

  2. chacal

    Quis...

    custodiet ipsos custodes?

  3. Anonymous Coward
    Anonymous Coward

    re: Quis...

    Commander Vimes, that's who!

  4. Anonymous Coward
    Unhappy

    No great surprise for them

    I never really had much faith on Symantec's PC security stuff, nasty horrilble and insidious installations. I have the pleasure of dealing with NetBackup which Symantec now deal with having bought Veritas. Veritas was tricky to deal with, ten times harder under Symantec.

    Symantec have now moved into publishing security software for OSX, I still refuse to touch it. I will stick with the FOSS offerings thanks, at least I know what I'm getting most of the time.

    This latest little cock-up just proves that Symantec have become a sprawling behemoth with no direction, no idea what they should do or how to do it correctly.

  5. Simon B
    Grenade

    yet MORE crap from Symantec

    Yet more Symantec CRAP, why do people use this company?!!!

This topic is closed for new posts.

Other stories you might like