Here is the latest bunch of hacking incidents added to WHID, the Web Hacking
Incident Database (http://www.webappsec.org/projects/whid)
+ A particularly juicy one was an SQL injection at the site of RIAA
(Recording Industry Association of America), one of the most hated
organizations on the planet
(http://www.webappsec.org/projects/whid/byid_id_2008-04.shtml)
+ Yet another state government site (Pennsylvania,
http://www.webappsec.org/projects/whid/byid_id_2008-06.shtml) and another
University (MSU,
http://www.webappsec.org/projects/whid/byid_id_2007-83.shtml) suffered
serious hacking.
+ Hackers are actively exploiting CSRF to hack home ADSL routers in Mexico
(http://www.webappsec.org/projects/whid/byid_id_2008-05.shtml). This
incident also prompted me to write a blog entry about "client side web
hacking" (http://www.xiom.com/?p=12)
+ For a second year in a row Kurt Grutzmacher was able to get a free
MacWorld pass by cracking the conference web site
(http://www.webappsec.org/projects/whid/byid_id_2008-07.shtml)
+ and lastly the FTC settles with retailer "life is good" over lack of
reasonable and appropriate security, forcing the retailer to spend much more
money on info sec.
(http://www.webappsec.org/projects/whid/byid_id_2008-03.shtml)
Here is the latest bunch of hacking incidents added to WHID, the Web Hacking
Incident Database (http://www.webappsec.org/projects/whid)
+ A particularly juicy one was an SQL injection at the site of RIAA
(Recording Industry Association of America), one of the most hated
organizations on the planet
(http://www.webappsec.org/projects/whid/byid_id_2008-04.shtml)
+ Yet another state government site (Pennsylvania,
http://www.webappsec.org/projects/whid/byid_id_2008-06.shtml) and another
University (MSU,
http://www.webappsec.org/projects/whid/byid_id_2007-83.shtml) suffered
serious hacking.
+ Hackers are actively exploiting CSRF to hack home ADSL routers in Mexico
(http://www.webappsec.org/projects/whid/byid_id_2008-05.shtml). This
incident also prompted me to write a blog entry about "client side web
hacking" (http://www.xiom.com/?p=12)
+ For a second year in a row Kurt Grutzmacher was able to get a free
MacWorld pass by cracking the conference web site
(http://www.webappsec.org/projects/whid/byid_id_2008-07.shtml)
+ and lastly the FTC settles with retailer "life is good" over lack of
reasonable and appropriate security, forcing the retailer to spend much more
money on info sec.
(http://www.webappsec.org/projects/whid/byid_id_2008-03.shtml)
~ Ofer
Ofer Shezaf
Work: ofers (at) breach (dot) com [email concealed], +972-9-9560036 #212
Personal: ofer (at) shezaf (dot) com [email concealed], +972-54-4431119
VP Security Research, Breach Security
Chair, OWASP Israel
Leader, ModSecurity Core Rule Set Project
Leader, WASC Web Hacking Incidents Database Project
[ reply ]