[Owasp-ireland] First (Major) web hacking incidents for 2008. Sign of the year to come?

Eoin eoin.keary at owasp.org
Fri Jan 18 09:16:13 EST 2008

So early in the year and we have a number of exploits in the
application security domain already.
Don't you just love those guys for keeping the likes of us busy ??
This is from the Web Application Security consortium (sort of like
OWASP but commercially sponsored).
We have three new very interesting web hacking incidents in just two
days as a preview into how 2008 might look

Particular note is the "Hacker Safe" site which was hacked.

WHID 2007-82, An SQL injection Mass Robot - a very massive attack (>100,000
sites) using SQL injection to add malware distributing code to web site

WHID 2008-02: Italian Bank's XSS Opportunity Seized by Fraudsters - Active
exploit of an XSS vulnerability for rewrite style phishing

WHID 2008-01: Information stolen from geeks.com - A data breach leaking to
information leakage in a site that has Hacker Safe certificate

Further information about the Web Hacking Incident Database at

Eoin Keary OWASP - Ireland

More information about the Owasp-ireland mailing list