| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 19 Jan 2009 14:41:54 +0200 From: Ofer Shezaf <ofer@...zaf.com> To: Bugtraq <bugtraq@...urityfocus.com> Subject: Web Hacking Incidents update for Jan 19th The incidents reported on WHID (the web hacking incidents database) last week where: * WHID 2009-3: Google Trends Falls Victim to a Stunt (http://whid.xiom.com/whid-2009-3) A very good example of why insufficient anti-automation is becoming a major threat to web applications. * WHID 2009-4: Twitter Personal Info CSRF (http://whid.xiom.com/whid-2009-4) If you thought Web 2.0 was dangerous, but didn't know just how (or what Web 2.0 is...), this incident is your answer. * WHID 2009-5: School data hacked, grades altered (http://whid.xiom.com/whid-2009-5) Every student's dream comes true. * WHID 2009-6: InfoGov switch hosting due to lack of security (http://whid.xiom.com/whid-2009-6) * WHID 2009-7: China's Yeepay.com Suffers Internet Payment Hacker Attack (http://whid.xiom.com/whid-2009-7_Chinas_Yeepay_Suffers_Internet_Payment_Hac ker_Attack) An interesting 2008 incident added recently is WHID 2008-53: "SQL by Design" leaks Thousands of SSNs at an Oklahoma Gov site (http://whid.xiom.com/whid-2009-53_Oklahoma_Leaks_Tens_of_Thousands_of_Socia l_Security_Numbers). This one demonstrates a too common variant of SQL injection, which I labeled "SQL by design". ~ Ofer Ofer Shezaf shezaf@...m.com, +972-54-4431119 Founder, Xiom.com, Proactive Web Application Security, http://www.xiom.com Chairman, OWASP Israel Leader, WASC Web Hacking Incidents Database Project
Powered by blists - more mailing lists