A Symantec-run website was vulnerable to Blind SQL Injection problems that reportedly exposes a wealth of potentially sensitive information.http://www.theregister.co.uk/2009/11/23/symantec_website_security_snafu/
Back in February of this year, the Romanian hacker Unu found a SQL injection vulnerability in a Kaspersky tech support portal server based in the USA. That vulnerability when exploited allowed full access to all the database tables, exposing things such as usernames and activation codes.http://countermeasures.trendmicro.eu/symantec-hacked-full-disk-and-databse-accessWell, Unu strikes again and this time Symantec is the unlucky recipient of his attentions, and certainly at first glance it looks worse than the Kaspersky breach. In a new posting on Unu’s blog he details a blind SQL injection-based attack against a Symantec server, the server appears to be responsible for tech support through “Norton PC Expert from PC-Doctor Co Ltd” in Japan.