CONFIRMED: Unu back with a bang: Symantec pwned

Some love him, some hate him: Brazen blogger is back.

"Unu's blog" is back online and has claimed the high-profile scalp of a Symantec website.

The anonymous blogger, who goes by the pseudonym Unu, successfully extracted customer data including license keys, usernames and passwords from a Symantec website that "facilitates customer support for users of Symantec’s Norton-branded products in Japan and South Korea," the company acknowledged in a statement.

He or she published their findings overnight on the resurrected blog.

Overnight, Risky.Biz received an e-mail from someone claiming to be Unu. "My blog is back on Baywords," the e-mail reads. "With [a] new address and with a big article: Symantec, the creator of the famous Norton hacked with SQL injection."

Unu's blog has developed a cult following among security professionals, some of whom admire his brazen attacks and others who loathe his tactics.

The site mostly consists of a series of screen captures showing Web applications allegedly compromised by Unu.

The blog's victims have so far included bank and other high profile websites, including the Royal Bank of Scotland, HSBC France, the Italian Postal Service, Facebook and more.

Unu has already claimed the scalp of another computer security software maker, Kaspersky, publishing details of vulnerabilities in its websites.

In his or her latest posting, Unu praised Kasperky's reaction to his attack. "They quickly secured [the] vulnerable parameter, and even if at first they were very angry at me, [they] finally understood that I... saved nothing," Unu writes. "I have not abused in any way... the data found. My goal was, [and] is still, to warn. To call attention."

In the latest attack Unu says Symantec was storing user passwords in clear text.

"I was outraged when I saw... these users passwords are stored in CLEAR TEXT," the blog posting reads. "It seems quite strange how a company like Symantec, which sells software and security solutions... is not able to protect its own database."

A statement issued by Symantec says the company is "currently in the process of ensuring that the Web site is appropriately secured and will bring it back online as soon as possible".

The company did not offer further comment.

DISCLOSURE: Symantec is a sponsor of the RB2 podcast on Risky.Biz and Kaspersky has signed on as a sponsor of the Risky Business podcast, commencing in 2010.

Follow Risky Business on Twitter here.

Sign up for our weekly newsletter here.

RSS/iTunes podcast feeds are here.

SUBSCRIBE NOW:
Risky Business main podcast feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Our extra podcasts feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Subscribe to our newsletters: