[Owasp-ireland] First (Major) web hacking incidents for 2008. Sign of the year to come?
eoin.keary at owasp.org
Fri Jan 18 09:16:13 EST 2008
So early in the year and we have a number of exploits in the
application security domain already.
Don't you just love those guys for keeping the likes of us busy ??
This is from the Web Application Security consortium (sort of like
OWASP but commercially sponsored).
We have three new very interesting web hacking incidents in just two
days as a preview into how 2008 might look
Particular note is the "Hacker Safe" site which was hacked.
WHID 2007-82, An SQL injection Mass Robot - a very massive attack (>100,000
sites) using SQL injection to add malware distributing code to web site
WHID 2008-02: Italian Bank's XSS Opportunity Seized by Fraudsters - Active
exploit of an XSS vulnerability for rewrite style phishing
WHID 2008-01: Information stolen from geeks.com - A data breach leaking to
information leakage in a site that has Hacker Safe certificate
Further information about the Web Hacking Incident Database at
Eoin Keary OWASP - Ireland
More information about the Owasp-ireland