Bugtraq mailing list archives
Recent Web Hacks: WHID update for Janury 30th 2008
From: Ofer Shezaf <ofers () Breach com>
Date: Wed, 30 Jan 2008 15:31:16 +0200
Here is the latest bunch of hacking incidents added to WHID, the Web Hacking Incident Database (http://www.webappsec.org/projects/whid) + A particularly juicy one was an SQL injection at the site of RIAA (Recording Industry Association of America), one of the most hated organizations on the planet (http://www.webappsec.org/projects/whid/byid_id_2008-04.shtml) + Yet another state government site (Pennsylvania, http://www.webappsec.org/projects/whid/byid_id_2008-06.shtml) and another University (MSU, http://www.webappsec.org/projects/whid/byid_id_2007-83.shtml) suffered serious hacking. + Hackers are actively exploiting CSRF to hack home ADSL routers in Mexico (http://www.webappsec.org/projects/whid/byid_id_2008-05.shtml). This incident also prompted me to write a blog entry about "client side web hacking" (http://www.xiom.com/?p=12) + For a second year in a row Kurt Grutzmacher was able to get a free MacWorld pass by cracking the conference web site (http://www.webappsec.org/projects/whid/byid_id_2008-07.shtml) + and lastly the FTC settles with retailer "life is good" over lack of reasonable and appropriate security, forcing the retailer to spend much more money on info sec. (http://www.webappsec.org/projects/whid/byid_id_2008-03.shtml) ~ Ofer Ofer Shezaf Work: ofers () breach com, +972-9-9560036 #212 Personal: ofer () shezaf com, +972-54-4431119 VP Security Research, Breach Security Chair, OWASP Israel Leader, ModSecurity Core Rule Set Project Leader, WASC Web Hacking Incidents Database Project
Current thread:
- Recent Web Hacks: WHID update for Janury 30th 2008 Ofer Shezaf (Jan 30)
- RE: Recent Web Hacks: WHID update for Janury 30th 2008 Michael Wojcik (Jan 30)