Web blog d'un ingénieur en sécurité informatique.
IT Security watcher's blog: news, threats analysis, AV issues, PoC, IT security, bugs...
Contact: philippe.vialle@wanadoo.fr
Hey as people say: never say never, or never say "it'll never happen to them".
Nonetheless, even an AV vendor may not apply the basics of web server security: non-disclosure of versions information.
This URL comes from the virus sginatures added and listed in a daily update description. Therefore, anybody could access it, I did not have to try anything of hack in any way the ESET HTTP server.
I told my contacts at ESET about that. 72h later, it was fixed.
Though, I would point out a few details: - apache 2.2.9 is obsolete (cf. http.apache.org) - PHP 5.2.6 is also obsolete...
Well, the guys at ESET still some work to get done before they can affirm their server is really secured...