[WEB SECURITY] collecting real world web hacking url's

Jay D. Dyson jdyson at treachery.net
Tue May 24 12:24:48 EDT 2005

Hash: SHA1

On Tue, 24 May 2005, Jeremiah Grossman wrote:

> In the recent past we've read about some high-profile security incidents 
> where web application security played a role.
> I'm going to compile a list of news stories, articles, papers, etc 
> specific to real world web application security incidents.

 	I wish you good luck and godspeed, but consider well that your 
undertaking may be difficult for a few glaring reasons:

 	1.	Admins are typically ordered not to release details (and
 		few do since it would expose their incompetence).

 	2.	Law Enforcement Officers typically don't grok technical
 		issues of this caliber (there are a few merciful
 		exceptions to this rule), and they are not disposed to
 		discussing details of an open investigation.

 	3.	Articles based on the bragging of the intruder are suspect
 		since the intruder will rarely tell the full truth.
 		Either they'll pump up their vector of intrusion to preen
 		over their l337 t3kn1k4l sk1llz, or they'll leave out key
 		information for fear of being seen as a scriptkiddy.

 	Sadly, discussions of high-profile security incidents are much 
like discussions of wealth and sex: those who have the most talk the 
least...and vice-versa.

- -Jay

    (    (                                                      _______
    ))   ))  .-"There's always time for a good cup of coffee"-.  >====<--.
  C|~~|C|~~| \----- Jay D. Dyson -- jdyson at treachery.net -----/ |    = |-'
   `--' `--'  `-- Pardon me, but am I on the right planet? --'  `------'

Version: GnuPG v1.4.1 (TreacherOS)
Comment: See http://www.treachery.net/~jdyson/ for current keys.


The Web Security Mailing List

The Web Security Mailing List Archives

More information about the websecurity mailing list