|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: InfoSec News (alerts
infosecnews.org)
Date: Tue Feb 17 2009 - 04:27:23 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
http://www.theregister.co.uk/2009/02/16/bitdefender_website_breach/
By Dan Goodin in San Francisco
The Register
16th February 2009
Updated - Romanian hackers have discovered a security flaw in the
website of anti-virus provider BitDefender. They said it was the second
time in a week the company has inadvertently exposed a database that is
supposed to remain private.
According to an item posted to HackersBlog, BitDefender's main website
can be tricked into disclosing database contents by embedding commands
into the BitDefender.com URL.
"This parameter gives access to the DB," a hacker by the name of Unu
reported. "I will not publish too much now as I am waiting for the
problem to be solved."
Unu went on to say he had reported the vulnerability to the site's
webmaster but had received no reply. "Therefore, knowing they read our
articles, I will let them know here that they have a vulnerable
parameter," he wrote.
[...]
_______________________________________________
Best Selling Security Books & More!
http://www.shopinfosecnews.org/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]