To address a large number of security concerns, it is often recommended that web applications make effective use of “the principle of least privilege“. The idea is that one should only grant the privileges on the basis that they are needed. In a previous post, I suggested that Kaspersky’s database compromise would not have been […]
The recent compromise of Kaspersky’s support database left the company with a bit of explaining to do. The hacker published a blog post on hackersblog detailing stunts with Kaspersky’s USA support website. Kaspersky also published their own account based on their log files and the hacker’s (nicknamed unu) blog post. The following is a summary of what happened and how such attacks can be prevented.