In a post on the same blog that revealed the Kaspersky SQL injection vulnerability, it is now revealed that the BitDefender site suffers from the same vulnerability. The post shows a successful SQL injection exploit against the BitDefender site, complete with screenshots of customer names, email addresses, postal addresses and phone numbers.
http://hackersblog.org/2009/02/09/hackedbitdefender-portugal-exposes-sensitive-customer-data/
Looks like the US Kaspersky site has been hacked through an SQL injection vulnerability. The initial blog post describing this lists several hundred SQL tables associated with the Kaspersky database. It looks like some of the tables contain customer and sales information. There are also screenshots showing which part of the web site was exploited to gain access to the database - from the looks of it the hacker used the US help portal pages to gain access.
“I hope that Kaspersky administrators fix this vulnerability rather quickly as they no doubt have a large customer base, and it would appear that all those customers are now exposed”
– Gunter Ollmann, chief security strategist at IBM’s Internet Security Systems (from his blog post)
The Register has an article about this.
If you have a web site with a reasonable amount of traffic and are concerned about it going down or becoming unavailable without you knowing about it, then this post is for you. Alertra allows you to monitor your web sites and get notified if they become unavailable. Alertra has numerous servers around the globe that the company uses to connect to your server. If it notices that one of your servers has gone down you can receive an email, text (SMS) message or an alert to a pager. You can even get an automated voice phone call if a service goes down. (Alertra allows you monitor other services such as SMTP servers as well.)
And no, we’re not affiliated to the company in any way. We do however use their services to monitor www.misec.net and www.trojanhunter.com. So far this has worked flawlessly, and allows us to correct any problems with the web site very rapidly. The service is very reasonably priced with the monthly charge depending on how often you want Alertra to check up on your servers. As an example, an twice-hourly check of your web server costs $1.95 per month with a charge of $0.19 for each text message sent out if your service goes down. Email alerts are free of charge. You can see the complete pricing here.
A new article published at Heise Security dissects a hardware disk encryption scheme. The results are surprising and almost somewhat surreal. Read the article for yourself and see if you’d want this kind of device to secure your data: http://www.heise-online.co.uk/security/Cracking-budget-encryption-/features/112548
If you enjoy reading about low-level software and hardware implementations such as virtual memory, processor throughput and x86 memory architecture (and in all honesty, who doesn’t?) then you’ll definitely want to subscribe to Gustavo Duarte’s blog immediately at http://duartes.org/gustavo/blog/. It comes complete with pretty graphics created in Microsoft Visio.
Google apparently ran a test where they increased the number of search results on a page from 10 to 30. Because that’s what users wanted. The result? A 20% drop in clickthroughs and ad revenue. The reason? Fetching those extra twenty results increased the load time of the search results page from 0.4 seconds to 0.9 seconds. So that is something very interesting to keep in mind - half a second delay will cost you 20% in lost revenue! If there’s interest, I might do a post on increasing your Apache web server speed in the future.
Today I logged onto upload.com to cancel a paid listing for Internet Password Manager which was about to be renewed. Lo and behold, there was no way to cancel the subscription. The “subscription management” page said “Click the Edit button at the bottom of the page to edit your subscription preferences.” Unfortunately, there was no Edit button anywhere to be seen. A well thought-out tactic to make it as difficult as possible to cancel your subscription or just an oversight on the part of CNet? You be the judge.
I sent them a message through the online form asking them to cancel the subscription. The auto-reply I received contained this wonderful nugget:
This e-mail is to acknowledge receipt of your message. We make every effort to respond to all inquiries received within 5 business days.
Five business days!? What planet are these people living on? All in all, stay away from Upload.com. They managed to get us all of 386 downloads for Internet Password Manager last year. That’s about one per day. I could get more installations than that by buying a lot of USB thumb drives wholesale, copy the IPM setup file to them and scatter them around the London underground.
Some info posted on a Microsoft Sweden blog indicates that Windows 7 might be released as early as Q3 2009 - in other words between July and September. There will apparently be no more betas and perhaps only one release candidate.
Here’s an interesting quote from a user on reddit regarding programming. It vibes well with me:
I have the right kind of mindset for programming - I’m analytical, logical, and I have a good eye for minute detail and errors. It may not be the most beneficial in other areas of life, but when it comes to programming, I am set. I can learn new languages in a few days (most languages are one of only a few syntax sets with some minor differences). I have never considered programming not to be fun… but I am also an exception to the human ‘norm.’
There’s an interesting new Firefox plug-in called TrackMeNot available. It addresses the concern that your search data could be used to build a profile on you, whether by the search engine company, ISPs or anyone else “listening in”. I’ll let the creator describe the plugin:
TrackMeNot is a lightweight browser extension that helps protect web searchers from surveillance and data-profiling by search engines. It does so not by means of concealment or encryption (i.e. covering one’s tracks), but instead, paradoxically, by the opposite strategy: noise and obfuscation. With TrackMeNot, actual web searches, lost in a cloud of false leads, are essentially hidden in plain view. User-installed TrackMeNot works with the Firefox Browser and popular search engines (AOL, Yahoo!, Google, and MSN) and requires no 3rd-party servers or services.
