[Owasp-ibwas09] Is there a IBWAS play?

Fabio Cerullo fcerullo at gmail.com
Fri Jan 8 07:40:56 EST 2010


hi Lorna,

thanks for the article... what do you mean by IBWAS play?

F

On Wed, Jan 6, 2010 at 5:58 PM, Lorna Alamri <lorna.alamri at owasp.org> wrote:
> January 5, SC Magazine – (International) Cross-site scripting
> vulnerabilities see two political websites hacked. Political websites were
> hacked January 5, leaving leaders embarrassed. A report on BBC News said
> that visitors to Spain’s EU presidency website were greeted by an image of
> comedy character instead of the Spanish Prime Minister. The government said
> that the site - www.eu2010.es - had not been attacked and that a hacker had
> taken a screenshot of the homepage to make a photo montage using a
> cross-site scripting (XSS) vulnerability. A senior security advisor at Trend
> Micro, said that the compromise only lasted a few hours until the original
> content was restored and site administrators were reportedly working on a
> fix. He said: “In this instance there does not appear to have been any
> malicious intent, but the dangers of XSS vulnerabilities should not be
> underestimated. Cross-site scripting vulnerabilities allow attackers to
> inject code into innocent web pages in which it would not otherwise appear.
> The security expert also flagged a compromise on the official website of the
> president of Iran. Source:
> http://www.scmagazineuk.com/cross-site-scripting-vulnerabilities-see-twopolitical-
> websites-hacked/article/160597/
>
> --
> Lorna Alamri
>
> OWASP Connections
> skype: lorna.alamri
> lorna.alamri at owasp.org
>
> _______________________________________________
> Owasp-ibwas09 mailing list
> Owasp-ibwas09 at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-ibwas09
>
>


More information about the Owasp-ibwas09 mailing list