| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 9 Jan 2008 15:57:37 +0200 From: Ofer Shezaf <ofers@...ach.com> To: "Bugtraq" <bugtraq@...urityfocus.com> Subject: First (Major) web hacking incidents for 2008. Sign of the year to come? I meant to keep the Web Hackings update as a weekly update, but it seems that events are much more frequent. We have three new very interesting web hacking incidents in just two days as a preview into how 2008 might look like: WHID 2007-82, An SQL injection Mass Robot - a very massive attack (>100,000 sites) using SQL injection to add malware distributing code to web site (http://www.webappsec.org/projects/whid/byid_id_2007-82.shtml) WHID 2008-02: Italian Bank's XSS Opportunity Seized by Fraudsters - Active exploit of an XSS vulnerability for rewrite style phishing (http://www.webappsec.org/projects/whid/byid_id_2008-02.shtml) WHID 2008-01: Information stolen from geeks.com - A data breach leaking to information leakage in a site that has Hacker Safe certificate (http://www.webappsec.org/projects/whid/byid_id_2008-01.shtml) Further information about the Web Hacking Incident Database at http://www.webappsec.org/projects/whid. ~ Ofer Ofer Shezaf Work: ofers@...ach.com, +972-9-9560036 #212 Personal: ofer@...zaf.com, +972-54-4431119 VP Security Research, Breach Security Chair, OWASP Israel Leader, ModSecurity Core Rule Set Project Leader, WASC Web Hacking Incidents Database Project
Powered by blists - more mailing lists