[ISN] Hackers: BitDefender site exposes private data (yet again)

From: InfoSec News <alerts_at_private>
Date: Tue, 17 Feb 2009 04:27:23 -0600 (CST)
http://www.theregister.co.uk/2009/02/16/bitdefender_website_breach/

By Dan Goodin in San Francisco
The Register
16th February 2009

Updated - Romanian hackers have discovered a security flaw in the 
website of anti-virus provider BitDefender. They said it was the second 
time in a week the company has inadvertently exposed a database that is 
supposed to remain private.

According to an item posted to HackersBlog, BitDefender's main website 
can be tricked into disclosing database contents by embedding commands 
into the BitDefender.com URL.

"This parameter gives access to the DB," a hacker by the name of Unu 
reported. "I will not publish too much now as I am waiting for the 
problem to be solved."

Unu went on to say he had reported the vulnerability to the site's 
webmaster but had received no reply. "Therefore, knowing they read our 
articles, I will let them know here that they have a vulnerable 
parameter," he wrote.

[...]


_______________________________________________      
Best Selling Security Books &amp; More!
http://www.shopinfosecnews.org/
Received on Tue Feb 17 2009 - 02:27:23 PST

This archive was generated by hypermail 2.2.0 : Tue Feb 17 2009 - 02:35:56 PST