[Owasp-testing] [Owasp-leaders] Phishing rises by 8000%, Breach in UCLA

Ofer Shezaf OferS at Breach.com
Thu Dec 14 09:14:08 EST 2006


 

The UCLA incident is a good example to discuss Dinis mail about
collaborating with the Web Hacking Incidents Database Project (WHID,
http://www.webappsec.org/projects/whid) which I lead. 

 

This is a very high profile incident, but we only have tiniest of clues
as to how it was done (from the article Eoin sent: "the hacker used an
unspecified (and as yet undetermined) application vulnerability to gain
access to systems"). In many cases we don't even get this much
information. 

 

WHID lists only incidents that are certain to have occurred due to web
application vulnerabilities, as the goal is to show that these are a
real problem. Others track security incidents in general, defacements,
or information leakage incidents. 

 

I could use your help to get information (just publicly available
please) that ties security incidents to web applications
vulnerabilities.

 

Thanks

~ Ofer

 

OWASP IL chapter leader

 

________________________________

From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Eoin
Sent: Thursday, December 14, 2006 1:15 PM
To: owasp-testing at lists.owasp.org; owasp-ireland at lists.owasp.org
Subject: [Owasp-leaders] Phishing rises by 8000%, Breach in UCLA

 

http://www.theregister.co.uk/2006/12/13/ucla_hacker_breach/

 

http://news.bbc.co.uk/2/hi/uk_news/politics/6177555.stm 

 

- are we really winning the war?

 

-ek



-- 
Eoin Keary OWASP - Ireland
http://www.owasp.org/local/ireland.html
http://www.owasp.org/index.php/OWASP_Testing_Project
http://www.owasp.org/index.php/OWASP_Code_Review_Project 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-testing/attachments/20061214/99b5e805/attachment.html 


More information about the Owasp-testing mailing list