Kaspersky Hires Expert to Analyze Website Hack
Elinor Mills writes on C|Net News:
Moscow-based security firm Kaspersky has hired a security expert to investigate the weekend breach of its U.S. site, the company said on Monday.More here.
Meanwhile, the hacker site claiming credit for the breach said on Monday that it had done the same compromise on the Portuguese Web site of antivirus provider BitDefender. A BitDefender spokesperson did not immediately respond to an e-mail seeking comment.
No sensitive or customer data was compromised in the Kaspersky breach, which was discovered on Saturday, Roel Schouwenberg, a senior antivirus researcher for Kaspersky, said on a conference call with reporters. But to allay concerns about the severity of the problem, Kaspersky has hired David Litchfield, an expert in database security, to conduct an independent audit of the systems involved, he said.
A section of Kaspersky's new U.S. support site was breached by someone using a SQL injection attack, in which a small malicious script is inserted into a database that feeds information to the Web site, according to Schouwenberg.
The portion of the site breached had been developed by an unnamed third-party and was not subjected to an internal code review process as it should have been, he said. "Obviously we are not happy about that and are in the process of making the review process stricter than it currently is," he added.