Symantec falls as Romanian hacker strikes again

By Phil Muncaster on Nov 24, 2009 8:28AM
Symantec falls as Romanian hacker strikes again

The Romanian hacker who successfully broke into a web site owned by security vendor Kaspersky Lab has struck again, this time exposing shortcomings in a Symantec web server.

The hacker, known only as Unu, said in a blog post today that he was able to access a server belonging to the security giant using a blind SQL injection attack.

Once in, he accessed sensitive information including customer address data and catalogue keys on the Symantec Store database.

The hacker also expressed outrage that user passwords were displayed in plain text and had not been encrypted.

"A secured bad parameter allows full access to Symantec servers, allows access to many sensitive data stored on this server," wrote Unu.

"So, it seems quite strange how a company like Symantec, which sells software and security solutions, the famous Norton for example, wants to protect ourselves. Instead, it is not able to protect its own database."

Symantec has confirmed the vulnerability at pcd.symantec.com, a Norton support web site for customers in Japan and South Korea only.

"This incident impacts customer support in Japan and South Korea but does not affect the safety and usage of Symantec's Norton-branded consumer products," the firm said in a statement.

"Symantec is currently in the process of updating the web site with appropriate security measures, and will bring it back online as soon as possible. Symantec is still investigating the incident, and has no further details to share at this time."

Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
access customer hacker security symantec web

Partner Content

Why Australia’s Industrial Leaders Are Turning to Dynamic Aspect for Dynamics 365 Business Central
Why Australia’s Industrial Leaders Are Turning to Dynamic Aspect for Dynamics 365 Business Central
Why Most MSPs Are Invisible (And What the Smart Ones Are Doing Instead)
Why Most MSPs Are Invisible (And What the Smart Ones Are Doing Instead)
Think Technology Australia deliver massive ROI to a Toyota dealership through SharePoint-powered, automated document management
Think Technology Australia deliver massive ROI to a Toyota dealership through SharePoint-powered, automated document management
Easily turn small, low-tech rooms into future-ready collaboration hubs
Easily turn small, low-tech rooms into future-ready collaboration hubs
Shortfalls in cyber expertise deepen the cost and complexity of security incidents
Shortfalls in cyber expertise deepen the cost and complexity of security incidents

Sponsored Whitepapers

Protect the data your business relies on
Protect the data your business relies on
Cut through the SASE confusion
Cut through the SASE confusion
Stay protected as cyber threats evolve
Stay protected as cyber threats evolve
Defend Your Network from the Next Generation of AI Threats
Defend Your Network from the Next Generation of AI Threats
The race to AI advantage is on. Don’t let slow consulting projects hold you back.
The race to AI advantage is on. Don’t let slow consulting projects hold you back.

Events

techpartner.news MSP index - Melbourne
techpartner.news MSP index - Melbourne
Pipeline 2026: Game Changers
Pipeline 2026: Game Changers

Most read articles

SentinelOne signs distribution agreement with Sektor

SentinelOne signs distribution agreement with Sektor
HamiltonJet partners with digital services provider Fortude

HamiltonJet partners with digital services provider Fortude
Why Kat McCrabb started with the hard stuff

Why Kat McCrabb started with the hard stuff
Rapid7’s new SIEM combines exposure management with threat detection

Rapid7’s new SIEM combines exposure management with threat detection

Log in

Email:
Password:
  |  Forgot your password?