lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 20 Feb 2008 14:18:40 +0200
From: Ofer Shezaf <ofer@...zaf.com>
To: "Bugtraq" <bugtraq@...urityfocus.com>
Subject: Web Hacking Incidents Database Update for Feb 20th

The latest bunch of events added to the Web Hacking Incidents Database
include many international incidents. Enjoy. And if you still haven't had a
chance to read our 2007 annual report, it is quite fascinating. you can find
it at http://www.webappsec.org/projects/whid/statistics.shtml.

* In Korea, a Chinese hacker stole 18 Million(!) customers' records from an
auction site: http://www.webappsec.org/projects/whid/byid_id_2008-10.shtml. 

* In Greece and Ecuador government web sites where defaced
(http://www.webappsec.org/projects/whid/byid_id_2008-12.shtml,
http://www.webappsec.org/projects/whid/byid_id_2008-11.shtml). 

* In the US a small financial firm in Montana lost the information of all
its 226,000 customers
(http://www.webappsec.org/projects/whid/byid_id_2008-08.shtml)

But the incident I want to focus on this week is one I just added from late
last year: In India a large newspaper site was broken into and malware was
planted on it
(http://www.webappsec.org/projects/whid/byid_id_2007-85.shtml). Why is it
important? based on a recent report by WebSense, 51% of the sites hosing
malware are legitimate sites that have been broken into. This is a major
shift in web based threats. For end users, it is not sufficient anymore to
keep to web sites they trust. For site owners it means that protecting their
sensitive applications is no longer sufficient. Hackers have a financial
incentive to attack any popular page. The direct damage of such an attack,
even though invisible, is less visitors as more and more browser add-ons
block access to sites hosting malware. The indirect damage is of course a
branding and marketing damage.


~ Ofer

Ofer Shezaf
Work: ofers@...ach.com, +972-9-9560036 #212 
Personal: ofer@...zaf.com, +972-54-4431119

VP Security Research, Breach Security
Chair, OWASP Israel 
Leader, ModSecurity Core Rule Set Project
Leader, WASC Web Hacking Incidents Database Project

Powered by blists - more mailing lists