[WEB SECURITY] (RESULTS) collecting real world web hacking url's

Jeremiah Grossman jeremiah at whitehatsec.com
Wed May 25 12:23:21 EDT 2005


Thank you everyone who helped out, the turn around time was speedy.

Below is the compiled list of links where the article described a web  
application security hack of a real-world website. As Jay Dyson eluded  
to, the details are sketchy at best, so I did my best to sanity-check  
and organize them accordingly (there are likely inaccuracies). The  
links are separated into two groups, "Disclosure" and  
"Incident/Compromise", and also organized by date (oldest-to-newest).

Disclosure:
The vulnerability was disclosed and the website was not 'necessarily'  
compromised.

Incident/Compromise:
The vulnerability was exploited to compromise the website and/or its  
data.

Its unclear if, when, or how this data will appear on Wiki as  
discussed. It seems like the data should be part of a larger collection  
of data rather than appearing on its own. So if someone wants to use  
the data now in some way, please feel free to do so. Again, if you find  
something not on the list, please let me know.


Enjoy!


Disclosure
=============

Gaffe at Amazon leaves email addresses exposed
September 6, 2000
http://news.com.com/2100-1017-245387.html?legacy=cnet

IKEA exposes customer information on catalog site
September 6, 2000
http://news.com.com/2100-1017-245372.html?legacy=cnet

Eve.com scrambles to assess security breach
September 13, 2000
http://news.com.com/2100-1017-245700.html?legacy=cnet

Travelocity exposes customer information
January 22, 2001
http://news.com.com/2100-1017-251344.html?legacy=cnet

Computer E-Retailer Exposes Credit Card Numbers
June 18, 2001
http://www.extremetech.com/article2/0,3973,103782,00.asp

Poking Holes in Microsoft's Passport
November 05, 2001
http://www.pcworld.com/news/article/0,aid,69543,00.asp

BarnesAndNoble.com Security Flaw
July 09, 2002
http://www.marktaw.com/technology/HackingBarnesAndNoble.com.html

BN.com: The Hole Story
July 19, 2002
http://wired-vig.wired.com/news/ebiz/0,1272,53942,00.html

Microsoft Ordered to Fix Passport Problems
August 08, 2002
http://www.pcworld.com/news/article/0,aid,103712,00.asp

FTD.com hole leaks personal information
February 13, 2003
http://news.com.com/2100-1017-984585.html

Microsoft Patches .NET Passport Hole
May 8, 2003
http://www.atnewyork.com/news/article.php/2203651

Microsoft faces huge fine over security
May 09, 2003
http://news.zdnet.co.uk/business/0,39020645,2134469,00.htm

Guess Settles FTC Security Charges; Third FTC Case Targets False Claims  
about Information Security
June 18, 2003
http://www.ftc.gov/opa/2003/06/guess.htm

Car shoppers' credit details exposed in bulk
September 25, 2003
http://www.securityfocus.com/news/7067

Victoria's Secret Reveals Too Much
October 22, 2003
http://www.cbsnews.com/stories/2003/10/22/tech/main579547.shtml

Victoria's Secret reveals far too much
October 24, 2003
http://cooltech.iafrica.com/technews/280300.htm

FTC investigates PetCo.com security hole
December 5, 2003
http://www.securityfocus.com/news/7581

Barnes & Noble.com Fined for Customer Data Leak
April 30, 2004
http://itmanagement.earthweb.com/secu/article.php/3347761

A security tale: From vulnerability discovery to disaster
June 14, 2004
http://searchsecurity.techtarget.com/originalContent/ 
0,289142,sid14_gci969836,00.html

Campaign Sites Lack Security
June 30, 2004
http://wired-vig.wired.com/news/infostructure/ 
0,1377,64036,00.html?tw=wn_tophead_3

Petco settles charge it left customer data exposed
November 17, 2004
http://www.infoworld.com/article/04/11/17/HNpetco_1.html

Petco settles with FTC over cyber security gaffe
November 17, 2004
http://www.securityfocus.com/news/9957

Web hosting suppliers should act faster when customers are hacked
December 15, 2004
http://www.networkworld.com/newsletters/asp/2004/1213out1.html?nl

Think Discovers Critical Flaws in U.S. Transportation Security
February 1, 2005
http://www.thinkcomputer.com/corporate/news/pressreleases.html?id=17

Payroll site closes on security worries
February 23, 2005
http://news.com.com/Payroll+site+closes+on+security+worries/2100- 
1029_3-5587859.html?tag=cd.hed

Think Finds Flaw Revealing Up To 100,000 Social Security Numbers
February 23, 2005
http://www.thinkcomputer.com/corporate/news/pressreleases.html?id=18

Insurer's website breach reveals data on drivers
May 5, 2005
http://www.boston.com/business/technology/articles/2005/05/05/ 
insurers_website_error_reveals_data_on_drivers/?rss_id=Boston+Globe+



Incident/Compromise
=============

Western Union Web site hacked
September 10, 2000
http://news.com.com/2100-1023-245525.html?legacy=cnet

Hacked Web site damaged PCs in Japan
August 21, 2001
http://iwsun4.infoworld.com/articles/hn/xml/01/08/21/ 
010821hnjapmal.html?&_ref=1024727153

Tower Records site exposes data
December 5, 2002
http://news.com.com/2100-1017-976271.html

Defenses lacking at social network sites
December 31, 2003
http://www.securityfocus.com/news/7739

Pranksters bedevil TV weather announcment system
March 4, 2004
http://www.securityfocus.com/news/8191

Tower Records - Parameter Tampering
April 21, 2004
http://www.securityfocus.com/news/8508

Phishers Manipulate SunTrust Site to Steal Data
September 28, 2004
http://news.netcraft.com/archives/2004/09/28/ 
phishers_manipulate_suntrust_site_to_steal_data.html

Do Online Banks Facilitate Fraud?
December 8, 2004
http://www.fool.com/News/mft/2004/mft04120810.htm

Known Hole Aided T-Mobile Breach
February 28, 2005
http://www.wired.com/news/privacy/0,1848,66735,00.html

Hacker Tips Off B-School Applicants
March 03, 2005
http://www.thecrimson.com/article.aspx?ref=506140

Paris Hilton Hack Started With Old-Fashioned Con
May 19, 2005
http://www.washingtonpost.com/wp-dyn/content/article/2005/05/19/ 
AR2005051900711.html





---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list