Romanian hacker Unu posted on his blog that he had located a critical SQL injection vulnerability in a website belonging to security company Symantec.
If you remember, in February, Kaspersky faced with a sql injection. Then they had the courage to admit vulnerability, why have my admiration. There was fair play, they quickly secured vulnerable parameter, and even if at first they were very angry at me, finally understood that I did not extract, I saved nothing, I have not abused in any way by the data found. My goal was, what is still, to warn. To call attention.
Softpedia
In an e-mail to Softpedia, Symantec has confirmed the existence of a vulnerabiliy in the pcd.symantec.com. Here is the full statement we received:
“A SQL injection vulnerability has been identified at pcd.symantec.com. The Web site facilitates customer support for users of Symantec’s Norton-branded products in Japan and South Korea only. This incident does not affect Symantec customers anywhere else in the world.
“This incident impacts customer support in Japan and South Korea but does not affect the safety and usage of Symantec’s Norton-branded consumer products. Symantec is currently in the process of updating the Web site with appropriate security measures and will bring it back online as soon as possible. Symantec is still investigating the incident has no further details to share at this time.”
http://news.softpedia.com/news/Symantec-Online-Store-Hacked-127726.shtml
