[Owasp-testing] [Owasp-leaders] Phishing rises by 8000%, Breach in UCLA

Ofer Shezaf OferS at Breach.com
Thu Dec 14 09:14:08 EST 2006


The UCLA incident is a good example to discuss Dinis mail about
collaborating with the Web Hacking Incidents Database Project (WHID,
http://www.webappsec.org/projects/whid) which I lead. 


This is a very high profile incident, but we only have tiniest of clues
as to how it was done (from the article Eoin sent: "the hacker used an
unspecified (and as yet undetermined) application vulnerability to gain
access to systems"). In many cases we don't even get this much


WHID lists only incidents that are certain to have occurred due to web
application vulnerabilities, as the goal is to show that these are a
real problem. Others track security incidents in general, defacements,
or information leakage incidents. 


I could use your help to get information (just publicly available
please) that ties security incidents to web applications



~ Ofer


OWASP IL chapter leader



From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Eoin
Sent: Thursday, December 14, 2006 1:15 PM
To: owasp-testing at lists.owasp.org; owasp-ireland at lists.owasp.org
Subject: [Owasp-leaders] Phishing rises by 8000%, Breach in UCLA






- are we really winning the war?



Eoin Keary OWASP - Ireland

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-testing/attachments/20061214/99b5e805/attachment.html 

More information about the Owasp-testing mailing list