[Owasp-ireland] First (Major) web hacking incidents for 2008. Sign of the year to come?

Eoin eoin.keary at owasp.org
Fri Jan 18 09:16:13 EST 2008


So early in the year and we have a number of exploits in the
application security domain already.
Don't you just love those guys for keeping the likes of us busy ??
This is from the Web Application Security consortium (sort of like
OWASP but commercially sponsored).
We have three new very interesting web hacking incidents in just two
days as a preview into how 2008 might look

Particular note is the "Hacker Safe" site which was hacked.

WHID 2007-82, An SQL injection Mass Robot - a very massive attack (>100,000
sites) using SQL injection to add malware distributing code to web site
http://www.webappsec.org/projects/whid/byid_id_2007-82.shtml

WHID 2008-02: Italian Bank's XSS Opportunity Seized by Fraudsters - Active
exploit of an XSS vulnerability for rewrite style phishing
http://www.webappsec.org/projects/whid/byid_id_2008-02.shtml

WHID 2008-01: Information stolen from geeks.com - A data breach leaking to
information leakage in a site that has Hacker Safe certificate
http://www.webappsec.org/projects/whid/byid_id_2008-01.shtml

Further information about the Web Hacking Incident Database at
http://www.webappsec.org/projects/whid.

-- 
Eoin Keary OWASP - Ireland
http://www.owasp.org/local/ireland.html
http://www.owasp.org/index.php/OWASP_Testing_Project
http://www.owasp.org/index.php/OWASP_Code_Review_Project


More information about the Owasp-ireland mailing list