By Dan Goodin in San Francisco
16th February 2009
Updated - Romanian hackers have discovered a security flaw in the
website of anti-virus provider BitDefender. They said it was the second
time in a week the company has inadvertently exposed a database that is
supposed to remain private.
According to an item posted to HackersBlog, BitDefender's main website
can be tricked into disclosing database contents by embedding commands
into the BitDefender.com URL.
"This parameter gives access to the DB," a hacker by the name of Unu
reported. "I will not publish too much now as I am waiting for the
problem to be solved."
Unu went on to say he had reported the vulnerability to the site's
webmaster but had received no reply. "Therefore, knowing they read our
articles, I will let them know here that they have a vulnerable
parameter," he wrote.
Best Selling Security Books & More!