CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
February 27th, 2009

Camelot Denies SQL Injection Vulnerability On UK National Lottery Website National-Lottery.Co.Uk

Camelot, the operator of UK National Lottery, claims the website it runs is secure, following the publication of a supposed breach on an underground hacking forum. A Romanian group has recently posted screen shots of supposed flaws on the national-lottery.co.uk site.

According to a member of the hacker group, “an unsecured parameter allows access to the database” behind the website. Screenshots appear to illustrate partially redacted listings from a database table and partial login credentials for an admin account.

Camelot, the firm that runs the UK’s National Lottery online version, said it was confident its systems are secure. “Camelot can confirm that the main player site at www.national-lottery.co.uk has not been compromised, as outlined on softpedia.com,” it said in a statement. “As a result, there is no risk to company or player information. We do our utmost to continually ensure that our interactive systems are as secure as possible, and regularly review the extensive measures in place to safeguard our players. We have implemented industry standard technical solutions to protect our systems and to ensure that player information is kept secure at all times.”

Despite Camelot’s assurance, security watchers think there is a reason for concern. Gareth Catterall, a security analyst at Sophos said SQL injection attacks are nearly always significant. “This is obviously a vulnerability that would need to be cleaned up. In my personal opinion, with an information-revealing vulnerability such as this it can be only a matter of time before full penetration can occur,” he said.

Credit: The Register

Share this item with others:

More on CyberInsecure:
  • Texas National Guard Website Remains Unavailable After Malware Infection
  • New Lateral SQL Injection Method To Hack Oracle Database
  • MySQL.com Database Compromised Through SQL Injection, Localized Website Versions Also Affected
  • SQL Attacks Still Inject Websites Including Government Sites In US, UK
  • Intel Website Hacked, Personal Data Exposed Through SQL Injection

    • Posted in Breaches And Incidents, Data Theft, SQL Injections, Vulnerabilities | Print This Post Print This Post

    This entry was posted on Friday, February 27th, 2009 at 4:01 pm and is filed under Breaches And Incidents, Data Theft, SQL Injections, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Camelot Denies SQL Injection Vulnerability On UK National Lottery Website National-Lottery.Co.Uk

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »