Posts Tagged ‘Endpoint encryption for files and folders’

It’s been a funny week for the . As those who follow the Hall-of-shame know, there’s a pretty steady trickle of new incidents published regarding SQLi. It’s usually a few every month, not as many as are currently going into my new but still very regular.

So I was surprised that this week we have two new entries and they’re both cybersecurity companies. It’s partially funny, partially sad and partially scary.

First up is . They’re a DDoS protection company and seem to have a very good product. I spend more time on the SwSec and AppSec side of things but the kind of work they do is also important. However when you’re a security company, it’s just funny to people when you .

In this case Staminus was not only vulnerable to sql injection, but they were also doing other bad cybersecurity practices. In particular they seem to be storing customer credit card data unencrypted. One tenet of security is that you can never stop all attacks. You have to prepare for the inevitable day when someone breaches your system. That’s why it’s important that we have strong encryption, notwithstanding.

Following the attack the hackers actually left a funny message. The published a document called and detailed all the weaknesses they discovered due to bad security practices. In their defense, security expert Brian Krebs for attackers.

Also this week was well-known computer security company . They have a large share of the enterprise computer security market with their Symantec Endpoint Protection () product. SEP allows companies to manage the security software for all of their computers from a central management console () and this was the tool that .

As it turns out there are two vulnerabilities in SEPM, one is cross-site request forgery and one is SQL injection. While Symantec has called this a , it was serious enough for to telling people to patch their SEPM software. US-CERT (United States Computer Emergency Readiness Team) is the government body in the US that keeps track of cybersecurity issues.

Yes, cybersecurity issues can and do happen to everyone. But we can all get at least a bit of a laugh when companies who’s only job is security are the targets. This is especially true when the issues involved are like SQL injection.