Hacked: Symantec.com breached by SQL injection
// February 18th, 2009 // News
News emerged today that the website of Symantec Corporation, makers of internet security products Norton Anti Virus and Norton Internet Security and probably the largest security firm on the planet have had their website breached via SQL injection.
The hacker, going by the name of unu, claimed that they were able to discover a vulnerable parameter that gave him the ability to penetrate the security giant’s defences and gain access to their databases which may contain sensitive data. The hacker has responsibly decided not to release any more details while the security vendor has time to patch the vulnerability. Unu says ” I’m waiting for the problem to be solved and maybe after that I will post more detailed info.”
According to Unu, “The irony of the situation is that it’s done on https , on a login page , a page that promotes security products like Norton AntiVirus 2009 and Norton Internet SECURITY. What can I say: nice advertising , an sql injection in the page that promotes those products.” which leaves me wondering if such a security giant has trouble securing their website, what chance do normal users have of protecting themselves?
This latest attack on security vendors comes after a week in which three high profile security vendors, including F-Secure and BitDefender, had their websites compromised, with Bitdefender coming under attack twice on two seperate sites that it owns.
Read the rest of the article by unu, in his own words, by clicking HERE
One Response to “Hacked: Symantec.com breached by SQL injection”
Leave a Reply
- Praveen said: I also have the same problem. But the thing is now...
- Woody said: okguy i had the exact same problem as jordanna abo...
- Rika-chan said: For those who can't open the Internet I had the sa...
- Capricorn Logan said: thank god for telling me this but im glad i got th...
- kristina said: I installed it, tried to start it, the virus said ...
- Kali said: I already have Malwarebytes' Anti-Malware, but I c...
- my_virtual_c facebook application. Self propagating spam/worm?
- IOBit accused of stealing proprietary Malwarebytes database
- How to remove/delete Secure Keeper virus/malware
- How to remove/delete Security Tool virus/malware
Hello there,
I look after the PR for Symantec and just wanted to let you know what happened, and how Symantec has resolved the issue.
The issue was not a breach and did not expose a vulnerability, simply an error message. We’re grateful to “Unu” for highlighting this to us.
Upon notification of the potential vulnerability, Symantec immediately took the site down, conducted comprehensive testing and determined that the issue is not a security vulnerability. It appears that the individual who reported it based the report on an error message. Symantec has addressed this issue and the web page is back up and running. Symantec can confirm that no company or customer information was exposed.
Many thanks
Emma