[WEB SECURITY] Web Hacking Incidents update for Jan 19th

Ofer Shezaf ofer at shezaf.com
Mon Jan 19 07:42:51 EST 2009


The incidents reported on WHID (the web hacking incidents database) last
week where:

* WHID 2009-3: Google Trends Falls Victim to a Stunt
(http://whid.xiom.com/whid-2009-3)
	A very good example of why insufficient anti-automation is becoming
a major threat to web applications.

* WHID 2009-4: Twitter Personal Info CSRF (http://whid.xiom.com/whid-2009-4)
	If you thought Web 2.0 was dangerous, but didn't know just how (or
what Web 2.0 is...), this incident is your answer.

* WHID 2009-5: School data hacked, grades altered
(http://whid.xiom.com/whid-2009-5)
	Every student's dream comes true.

* WHID 2009-6: InfoGov switch hosting due to lack of security
(http://whid.xiom.com/whid-2009-6)

* WHID 2009-7: China's Yeepay.com Suffers Internet Payment Hacker Attack
(http://whid.xiom.com/whid-2009-7_Chinas_Yeepay_Suffers_Internet_Payment_Hac
ker_Attack)


An interesting 2008 incident added recently is WHID 2008-53: "SQL by Design"
leaks Thousands of SSNs at an Oklahoma Gov site
(http://whid.xiom.com/whid-2009-53_Oklahoma_Leaks_Tens_of_Thousands_of_Socia
l_Security_Numbers). This one demonstrates a too common variant of SQL
injection, which I labeled "SQL by design".

~ Ofer

Ofer Shezaf
shezaf at xiom.com, +972-54-4431119

Founder, Xiom.com, Proactive Web Application Security, http://www.xiom.com
Chairman, OWASP Israel 
Leader, WASC Web Hacking Incidents Database Project







----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list