After yesterday he proved that he gained unauthorized access to websites that belong to the United Nations, Skype and Oracle, today D35m0nd142 showed that even the best in the business can have vulnerable sites. The grey hat identified an SQL Injection vulnerability in the official Sophos site and provided a screenshot to prove it.
The hacker told us that no damage was caused and the site’s administrators have been notified immediately.
“It is a great computer security agency and I decided to see if they were protected,” he said.
Hopefully, Sophos will patch up the security holes before other hackers find them and leverage them for wrongdoings.
This is not the first site managed by a security solutions provider that was appointed as being vulnerable. The website of Symantec’s Norton was found to be weak by Zer0Freak, a hacker part of Team Intra.
Symantec rushed to address the issues even before the hacker published his finds.