The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Special Forums > Security > IT Security RSS
Injecting the Common into Security Injecting the Common into Security
.
google unix.com

Forums Register Forum RulesLinksAlbums FAQ Members List Calendar Search Today's Posts Mark Forums Read


More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Common uses for Unix rcengland UNIX for Dummies Questions & Answers 4 04-11-2008 07:37 AM
Microsoft Security Advisory (910550): Macromedia Security Bulletin: MPSB05-07 Flash P iBot Security Advisories (RSS) - Microsoft 0 04-06-2008 05:50 AM
What kind of security applications UNIX and Windows have in common? austintham UNIX for Dummies Questions & Answers 0 11-11-2006 04:36 AM
is this a common problem in X? 3bumbs plumming UNIX for Dummies Questions & Answers 3 12-06-2003 07:09 PM

 
English Japanese Spanish French German Portuguese Italian Dutch Swedish Russian Norwegian Hungarian Hebrew Danish Bulgarian Greek Powered by Powered by Google
 
LinkBack Thread Tools Search this Thread Rate Thread Display Modes
Prev Previous Post   Next Post Next
  #1 (permalink)  
Old 02-23-2009
iBot's Avatar
iBot iBot is offline
Forum Robot Girl
  
 

Join Date: Sep 2000
Posts: 22,213
Injecting the Common into Security
According to several news articles Friday, February 20th, and documented on hackersblog.org by the hacker named Unu, the Security and A/V "giant" Symantec had a bit of a website face lift as a result of a SQL-injection vulnerability within the website.

The website was defaced as can be seen in the following image:



The stories and associated blog references can be found at the following links:

http://www.itp.net

http://news.softpedia.com

http://www.hackersblog.org

Granted, based on the articles and information so far, the "ethical hacker" Unu used this method of notification to "help" alert Symantec to the problem. Outside of the ethical issues surrounding the hack, the bigger issue is that this type of vulnerability should be the first thing that a web programmer and a security "giant" identifies. In fact, SQL-injection is one of the OWASP (Open Web Application Security Project) Top 10.  It will be interesting to see if Symantec experiences any backlash as a result of this incident.

This should truly be a wake up call to companies and security providers that they cannot be lax with regards to secure coding principles and practices. As security professionals, we should be held to the same level of observation and quality that we promote to others.We can all make mistakes and become "comfortable" in what we do, but incidents like this should remind us that security is not comfortable and the common can be even more detrimental than the rare.




More...
 

Bookmarks

« How to spot the next big thing that spots next big things | Resources and references »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Threaded Mode Threaded Mode
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -4. The time now is 12:30 AM.

The UNIX and Linux Forums - Learn UNIX and UNIX Commands RSS Feeds - Contact Us - The UNIX and Linux Forums - Learn UNIX and UNIX Commands - Archive - Top

Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited. Language Translations Powered by .
vBCredits v1.4 Copyright ©2007 - 2008, PixelFX Studios
The UNIX and Linux Forums Content Copyright ©1993-2009. All Rights Reserved.Ad Management by RedTyger

Content Relevant URLs by vBSEO 3.2.0