AVG and Avira websites hacked

[hazelnut]

Latest info

 

http://news.softpedia.com/news/Avira-Confirms-Network-Solutions-Has-Been-Hacked-389422.shtml

[MikeW]

Doesn't say much for their security software

[hazelnut]

Well to be fair to AVG and Avira, it's actually the company Network Solutions who is the Internet Service Provider for them (and others) who apparently allowed a third party to use a fake password reset (DNS hijack)

[Derek891]

Doesn't say much for their security software

 

Keep in mind that only about 30% or so of all the internet servers in the world run Microsoft based software. The other 70% is split between BSD, SUSE, Red Hat, Oracle, Solaris, Unix, and others. And remember that security on your personal computer and security on a server system are two entirely different concepts: On your personal computer, you're trying to keep people out of your system, period. On a server system, you're inviting people in, but trying to strictly control what they can or cannot do once they're inside. A much more complex and difficult task.

[MikeW]

Keep in mind that only about 30% or so of all the internet servers in the world run Microsoft based software. The other 70% is split between BSD, SUSE, Red Hat, Oracle, Solaris, Unix, and others. And remember that security on your personal computer and security on a server system are two entirely different concepts: On your personal computer, you're trying to keep people out of your system, period. On a server system, you're inviting people in, but trying to strictly control what they can or cannot do once they're inside. A much more complex and difficult task.

 

As I came from a company using servers I am well aware of the differences. My comment stands. Perhaps those two av companies will ensure in future that there suppliers are properly protected in future, regardless of their operating systems.

[Winapp2.ini]

Relevant xkcd: http://xkcd.com/932/

[Derek891]

Doesn't say much for their security software

 

I was only going by your original statement Mike. And it was not very specific. You implied that their security software is lacking to some degree. If you do work with servers, then you already know that that the software they offer to the public, for free I might add, is entirely different than the software and hardware used to protect their servers. To me that's irresponsible. People who don't know any better read a statement like that and come away with a bad impression. Besides, how can you criticize either company when they offer the public a decent piece of security software and do it for free?

[Alan_B]

Is this the result of AVG etc choosing a simple password like "123456" ?

[hazelnut]

No Alan. It's because Avira and AVG's Internet Service Provider allowed a 3rd party to reset their master password with a fake one.

 

It appears that our account used to manage the DNS records registered at Network Solutions has received a fake password-reset request not being initiated by anyone at Avira,” the expert explained.

 

“Network Solutions appears to have honored this request and allowed a 3rd party to assume control of our DNS. Using the new credentials the cybercriminals have been able to change the entries to point to their DNS servers.”

 

Also affected were AVG and WhatsApp websites.

[mta]

no-one's security is ever going to be 100% bullet-proof.

multi-national companies and government agencies, both with as close to endless budgets as anyone can get, still get hacked.

2 minor (in the grand scheme of organisations) AV companies wouldn't stand much of a chance against a sustained attack.

even this Forum has been on the wrong end of a breach.

 

these sort of stories only make the news because of the irony with the company effected.

if every breach was reported, it would make a long and boring news article.