[WEB SECURITY] Weekly Round-Up of Web Hacking Incident Database (WHID) Events

Ryan Barnett rcbarnett at gmail.com
Mon Apr 5 10:12:03 EDT 2010


The Web Hacking Incidents Database (http://projects.webappsec.org/Web-Hacking-Incident-Database), or WHID for
short, is a Web Application Security Consortium (http://www.webappsec.org)
project dedicated to maintaining a list of web applications related security
incidents. WHID goal is to serve as a tool for raising awareness of the web
application security problem and provide information for statistical
analysis of web applications security incidents.

The following incidents where added to WHID last week:
WHID 2010-46: Microsoft's Larry "Major Nelson" Hryb has online account hijacked through 
Xbox.com as part of underground group's publicity bid.
http://www.gamespot.com/news/6254330.html

WHID 2010-47: Court papers: JC Penney was hacking victim
http://www.msnbc.msn.com/id/36088614/ns/technology_and_science-security/

WHID 2010-48: Hackers brute force their way into galeton.com website containing names, 
credit card numbers
http://datalossdb.org/incidents/2692-hackers-brute-force-their-way-into-website-
containing-names-credit-card-numbers

WHID 2010-49: Hackers pluck 8,300 customer logins from bank server
http://www.theregister.co.uk/2010/01/12/bank_server_breached/

WHID 2010-50: Shared-password vulnerability may have exposed personal information in 
online account management system
http://www.darkreading.com/vulnerability_management/security/privacy/showArticle.jhtml?articleID=222301034

WHID 2010-51: Woman worms into D.C. taxpayer accounts
http://www.washingtonexaminer.com/local/Woman-worms-into-D_C_-taxpayer-
accounts-83589257.html

WHID 2010-52: 3000 Small Dog Electronics customers' credit card details compromised
http://www.infosecurity-us.com/view/7411/3000-small-dog-electronics-customers-credit-card-
details-compromised/

WHID 2010-53: Google says Vietnam political blogs hacked
http://news.yahoo.com/s/afp/20100331/tc_afp/vietnammediainternetrightsgooglemcafee&a=Technology 
News&x=1

WHID 2010-54: MyPilotStore.com hack results in false charges on customers’ cards
http://www.databreaches.net/?p=10990

WHID 2010-55: Drudge Report accused of serving malware, again
http://news.cnet.com/8301-27080_3-10466044-245.html

WHID 2010-56: Facebook Flub Leaks Private E-Mail Addresses
http://www.cio.com/article/589021/Facebook_Flub_Leaks_Private_E_Mail_Addresses

WHID 2010-57: Web security under attack from ads in prominent advertising programs
http://www.mxlogic.com/securitynews/web-security/web-security-under-attack-from-ads-in-
prominent-advertising-programs651.cfm

WHID 2010-58: China journalist club shuts website after attack
http://www.reuters.com/assets/print?aid=USTOE63101R20100402

--
Ryan C. Barnett
WASC Web Hacking Incident Database Project Leader
WASC Distributed Open Proxy Honeypot Project Leader
OWASP ModSecurity Core Rule Set Project Leader
Tactical Web Application Security
http://tacticalwebappsec.blogspot.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20100405/77825cbd/attachment.html>


More information about the websecurity mailing list