I meant to keep the Web Hackings update as a weekly update, but it seems
that events are much more frequent. We have three new very interesting web
hacking incidents in just two days as a preview into how 2008 might look
like:
WHID 2007-82, An SQL injection Mass Robot - a very massive attack (>100,000
sites) using SQL injection to add malware distributing code to web site
(http://www.webappsec.org/projects/whid/byid_id_2007-82.shtml)
WHID 2008-02: Italian Bank's XSS Opportunity Seized by Fraudsters - Active
exploit of an XSS vulnerability for rewrite style phishing
(http://www.webappsec.org/projects/whid/byid_id_2008-02.shtml)
WHID 2008-01: Information stolen from geeks.com - A data breach leaking to
information leakage in a site that has Hacker Safe certificate
(http://www.webappsec.org/projects/whid/byid_id_2008-01.shtml)
Further information about the Web Hacking Incident Database at
http://www.webappsec.org/projects/whid.
~ Ofer
Ofer Shezaf
Work: ofers@breach.com, +972-9-9560036 #212
Personal: ofer@shezaf.com, +972-54-4431119
VP Security Research, Breach Security
Chair, OWASP Israel
Leader, ModSecurity Core Rule Set Project
Leader, WASC Web Hacking Incidents Database Project
that events are much more frequent. We have three new very interesting web
hacking incidents in just two days as a preview into how 2008 might look
like:
WHID 2007-82, An SQL injection Mass Robot - a very massive attack (>100,000
sites) using SQL injection to add malware distributing code to web site
(http://www.webappsec.org/projects/whid/byid_id_2007-82.shtml)
WHID 2008-02: Italian Bank's XSS Opportunity Seized by Fraudsters - Active
exploit of an XSS vulnerability for rewrite style phishing
(http://www.webappsec.org/projects/whid/byid_id_2008-02.shtml)
WHID 2008-01: Information stolen from geeks.com - A data breach leaking to
information leakage in a site that has Hacker Safe certificate
(http://www.webappsec.org/projects/whid/byid_id_2008-01.shtml)
Further information about the Web Hacking Incident Database at
http://www.webappsec.org/projects/whid.
~ Ofer
Ofer Shezaf
Work: ofers@breach.com, +972-9-9560036 #212
Personal: ofer@shezaf.com, +972-54-4431119
VP Security Research, Breach Security
Chair, OWASP Israel
Leader, ModSecurity Core Rule Set Project
Leader, WASC Web Hacking Incidents Database Project