injection

Helsinki-based security firm F-Secure said on Thursday that a breach of its Web site earlier in the week by a Romanian hacker site was limited in scope and impact.

On Wednesday the HackersBlog site said it had used a SQL injection and cross-site scripting attack to get access to data on an F-Secure Web site. Earlier, the site had launched similar attacks on a site of security firm Kaspersky and one belonging to a partner of BitDefender.

F-Secure said the problem with its site was due to a bug in a Web application and not related to an unpatched system.… Read more

A Romanian hacker site said on Wednesday it was able to breach the Web site of Helsinki-based security firm F-Secure just as it had gained access to the sites of two other security companies earlier in the week.

F-Secure is "vulnerable to SQL Injection plus Cross Site Scripting," an entry on the HackersBlog site said. "Fortunately, F-Secure doesn't leak sensitive data, just some statistics regarding past virus activity."

An F-Secure spokesman said the company had taken the affected server down and that it was a low-level server that was not critical to the company and … Read more

Updated 3:10 p.m. PST with comment from BitDefender.

Moscow-based security firm Kaspersky has hired a security expert to investigate the weekend breach of its U.S. site, the company said Monday.

Meanwhile, the hacker site claiming credit for the breach said on Monday that it had done the same compromise on the Portuguese Web site of antivirus provider BitDefender.

In a statement, BitDefender said an unnamed partner site was compromised and that the company was investigating the incident to help the partner prevent it from happening again. "This was an unfortunate event and while we sympathize with … Read more

The U.S. Web site of Russian antivirus vendor Kaspersky Lab was hacked over the weekend, exposing the company's customer database. But Kaspersky denies any data was compromised and says the vulnerability wasn't critical.

An unidentified hacker reported over the weekend that he was able to access a complete profile of the company's databases, revealing its clients' names, activation codes, list of bugs the company tracks, and client e-mail addresses.

The hacker claims to have hacked Kaspersky's databases using an SQL injection attack, which exploits a vulnerability in an application's database layer.

The method has … Read more

More than half of the security vulnerabilities disclosed during 2008 had no patches available from the vendor by the end of the year, according to a report released on Monday by IBM's X-Force research group.

Meanwhile, 46 percent of vulnerabilities from 2006 and 44 percent from 2007 still had no patch by the end of 2008, the 2008 X-Force Trend and Risk report said. X-Force documented a record number of 7,406 new vulnerabilities last year.

Overall, Microsoft is the vendor that tops the list in percentage of vulnerabilities disclosed, the report said. The Macintosh and base Linux kernel … Read more

The use of malware on Web sites to steal passwords and other sensitive information is skyrocketing, according to a new report from the Anti-Phishing Working Group.

The number of URLs with hidden code for stealing passwords nearly tripled between July 2007 and July 2008, to a record high of 9,529, while the number of malicious-application variants hit a high of 442 this May, the APWG reports in its quarterly report (PDF) issued this week.

The increase is primarily due to malicious code being used in SQL injection attacks, in which a small malicious script is inserted into a database … Read more

The gamut of models spanned by the Mercedes C-class just got a little wider. On one end, you have the CNET Editors' Choice C63 AMG, a rip snorting beast with a 405 horsepower 6.2-liter V-8 that chugs gasoline at a rate of 16.2 mpg. Way down on the other end is the newly announced C250 CDI BlueEfficiency Prime Edition, a 204 horsepower four-cylinder that gingerly sips diesel at a rate of 45 mpg. It's hard to believe these two vehicles are cut from the same cloth, but they are.

The heart of the C250 is Mercedes' new … Read more

We haven't been too excited about Ford's Ecoboost tech, simply because it's not really new tech. However, Ford's next evolution of Ecoboost, code-named Bobcat, might be worth getting worked up about.

According to sources at PickupTrucks.com, the Bobcat is essentially a turbocharged engine running at a high compression ratio. Typically, this combination results in disaster, but Ford's system has a trick up its sleeve in the form of ethanol injection.

The Bobcat builds on Ford's Ecoboost engines by including a direct injected ethanol nozzle that adds small amounts of ethanol to the standard … Read more

Looking at the 5 1/4-inch blade on the Wasp Injector Knife, it quickly becomes apparent that despite its name, this tool is not made for stabbing pesky insects. No, it's for much, much peskier creatures.

The $379.95 weapon--which would most logically be used for diving, hunting, or self defense--instantly injects a freezing-cold ball of compressed gas, approximately the size of a basketball, into the unlucky recipient.

The injection freezes all tissues and organs surrounding the point of entry and will drop many of the world's largest land predators, according to Wasp Injection Systems, creator of the … Read more