

Usa.Kaspersky.com hacked - mindplunge
http://hackersblog.org/2009/02/07/usakasperskycom-hacked-full-database-acces-sql-injection/

======
jacquesm
Ouch. For a company like Kaspersky this is about as damaging as it gets. The
screenshots suggest the author really 'did it', though I wonder why he chose
to write about it instead of alerting Kaspersky.

One more reason to make sure you check each and every avenue of user supplied
data for SQL injection. What really surprises me is that they don't use
prepared statements.

~~~
RossM
> though I wonder why he chose to write about it instead of alerting
> Kaspersky.

Probably for the "fame". I have to say I'm hardly impressed by the recent
exploits that I've seen, the phpBB.com one for example.

~~~
omouse
It is hardly impressive because the hard work was already done by someone else
:/

