<<< Date Index >>>     <<< Thread Index >>>

Recent Web Hacks: WHID update for Janury 30th 2008



Here is the latest bunch of hacking incidents added to WHID, the Web Hacking
Incident Database (http://www.webappsec.org/projects/whid)

+ A particularly juicy one was an SQL injection at the site of RIAA
(Recording Industry Association of America), one of the most hated
organizations on the planet
(http://www.webappsec.org/projects/whid/byid_id_2008-04.shtml)

+ Yet another state government site (Pennsylvania,
http://www.webappsec.org/projects/whid/byid_id_2008-06.shtml) and another
University (MSU,
http://www.webappsec.org/projects/whid/byid_id_2007-83.shtml) suffered
serious hacking.

+ Hackers are actively exploiting CSRF to hack home ADSL routers in Mexico
(http://www.webappsec.org/projects/whid/byid_id_2008-05.shtml). This
incident also prompted me to write a blog entry about "client side web
hacking" (http://www.xiom.com/?p=12)

+ For a second year in a row Kurt Grutzmacher was able to get a free
MacWorld pass by cracking the conference web site
(http://www.webappsec.org/projects/whid/byid_id_2008-07.shtml)

+ and lastly the FTC settles with retailer "life is good" over lack of
reasonable and appropriate security, forcing the retailer to spend much more
money on info sec.
(http://www.webappsec.org/projects/whid/byid_id_2008-03.shtml)

~ Ofer

Ofer Shezaf
Work: ofers@xxxxxxxxxx, +972-9-9560036 #212 
Personal: ofer@xxxxxxxxxx, +972-54-4431119

VP Security Research, Breach Security
Chair, OWASP Israel 
Leader, ModSecurity Core Rule Set Project
Leader, WASC Web Hacking Incidents Database Project