[Owasp-delhi] Web Hacking Incidents Database Update for Feb 20th

Soi, Dhruv dhruv.soi at torridnet.com
Wed Feb 20 07:31:44 EST 2008


The latest bunch of events added to the Web Hacking Incidents Database
include many international incidents. Enjoy. And if you still haven't had a
chance to read our 2007 annual report, it is quite fascinating. you can find
it at http://www.webappsec.org/projects/whid/statistics.shtml.

* In Korea, a Chinese hacker stole 18 Million(!) customers' records from an
auction site: http://www.webappsec.org/projects/whid/byid_id_2008-10.shtml. 

* In Greece and Ecuador government web sites where defaced
(http://www.webappsec.org/projects/whid/byid_id_2008-12.shtml,
http://www.webappsec.org/projects/whid/byid_id_2008-11.shtml). 

* In the US a small financial firm in Montana lost the information of all
its 226,000 customers
(http://www.webappsec.org/projects/whid/byid_id_2008-08.shtml)

But the incident I want to focus on this week is one I just added from late
last year: In India a large newspaper site was broken into and malware was
planted on it
(http://www.webappsec.org/projects/whid/byid_id_2007-85.shtml). Why is it
important? based on a recent report by WebSense, 51% of the sites hosing
malware are legitimate sites that have been broken into. This is a major
shift in web based threats. For end users, it is not sufficient anymore to
keep to web sites they trust. For site owners it means that protecting their
sensitive applications is no longer sufficient. Hackers have a financial
incentive to attack any popular page. The direct damage of such an attack,
even though invisible, is less visitors as more and more browser add-ons
block access to sites hosting malware. The indirect damage is of course a
branding and marketing damage.


~ Ofer

Ofer Shezaf
Work: ofers at breach.com, +972-9-9560036 #212 
Personal: ofer at shezaf.com, +972-54-4431119

VP Security Research, Breach Security
Chair, OWASP Israel 
Leader, ModSecurity Core Rule Set Project
Leader, WASC Web Hacking Incidents Database Project


_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders



More information about the Owasp-delhi mailing list