Comments on: Response for theregister.co.uk

By: Terence M.

Terence M. — Fri, 15 Jan 2010 15:50:45 +0000

I admit, I have not been on this your blog in a long time… though it was another enjoy to see It is such great subject and to avoided by so many, even specialist. I thank you to help making people more aware of possible issues.

By: Kaspersky breach exposes sensitive database, says hacker • The Register « InfoSec Musings

Thu, 26 Feb 2009 20:01:48 +0000

[...] The original post appeared on Hackersblog with follow on discussion here. [...]

By: medjugorje

medjugorje — Sat, 21 Feb 2009 23:03:15 +0000

Damn I use Kaspersky too ……..

By: Protect us from the Protectors: Kaspersky Customers Exposed | geekEleet

Protect us from the Protectors: Kaspersky Customers Exposed | geekEleet — Wed, 11 Feb 2009 12:21:46 +0000

[...] a later update, the same hacker purportedly indicated that no data would be exposed by him/her and his/her [...]

By: IT News » Blog Archive » Kaspersky’s website hacked

IT News » Blog Archive » Kaspersky’s website hacked — Wed, 11 Feb 2009 06:08:07 +0000

[...] posting on Hackers Blog said the SQL injection vulnerability in usa.kaspersky.com is very real, but [...]

By: Oprea Matei

Oprea Matei — Tue, 10 Feb 2009 21:42:23 +0000

felicitari ma. va citesc de cand erati la inceput si nu credeam ca o sa ajungeti aici. Si ma rog, presimt mult mai mult…faceti treaba buna … Aveti grija. P.S. : Unu ce mai face ? ca n-am mai vb de o tona de timp cu el

By: Virgil Vaduva

Virgil Vaduva — Tue, 10 Feb 2009 20:52:13 +0000

Tocsixule mersi pentru raspunsurile de la intrebari. O sa discutam interviul cu tipii de la Ohio Infosec in citeva zile cind ne intilnim…o sa fie un topic interesant.

Daca poti si vrei sa-mi trimiti un email cu detalii despre hack, cred ca multi ti-ar multumi pentru educatie.

By: 2fingers

2fingers — Mon, 09 Feb 2009 17:32:43 +0000

@theStick – Ba da.

By: theStick

theStick — Mon, 09 Feb 2009 17:15:57 +0000

ma si rezistati voi la slashdot?n-au sarit unii cu ddos-ul?

By: Shocker

Shocker — Mon, 09 Feb 2009 15:12:06 +0000

Second response

OK, this is really helpful. Thanks so much. There is one small thing, though. How do I know that you're the Tocsixu who is connected to Hackersblog? Anyone could have registered that address. Is there a way I can confirm you're the real deal?

Sorry for the late responses, in Romania we have a different timezone obviously. I will post a comment on hackersblog from my user as proof.

Also, Please provide details about exactly what software was exploited. MySQL, by any chance? Are there others? Was Kaspersky using unpatched software, by any chance?

The website itself was exploited. This was the web programmer's fault. They are using recent versions of MySQL and PHP.

One other question: -- Did Kaspersky store passwords in the clear? Hope to hear from you ASAP!

Unu asked me to state for him that he did NOT access the users table thus protecting users privacy.