[WEB SECURITY] Announcing WASC Web Hacking Incident Database (WHID) Mail-list

Ryan Barnett rcbarnett at gmail.com
Tue Jan 25 10:59:57 EST 2011


Greetings everyone,
I wanted to let everyone know that we have setup a mail-list for those of
you who would like to keep track of the latest WASC WHID entries.  Link is
here - 
http://projects.webappsec.org/w/page/13246995/Web-Hacking-Incident-Database#
WHIDMaillist

Also, you can keep track of entries via RSS and Twitter.
http://projects.webappsec.org/w/page/13246995/Web-Hacking-Incident-Database#
KeepTrackoftheLatestWHIDEntries

Thanks,
Ryan Barnett
WASC WHID Project Leader

Here is quick listing of some of the latest entries from 2011 -

WHID 2011-20: Hackers Get Access to New Jersey School Data System

Entry Title: WHID 2011-20: Hackers Get Access to New Jersey School Data
System
WHID ID: 2011-20
Date Occurred: January 24, 2011
Attack Method: Brute Force
Application Weakness: Insufficient Anti-automation
Outcome: Session Hijacking
Attacked Entity Field: Education
Attacked Entity Geography: New Jersey
Incident Description: Users of the 4chan online message board managed to get
access to the online student information system used by a New Jersey school
district after the school's administrative password was posted to 4chan last
week.
Mass Attack: No
Reference: 
http://www.pcworld.com/businesscenter/article/217601/hackers_get_access_to_n
ew_jersey_school_data_system.html
Attack Source Geography:
 <http://wasc-whid.dabbledb.com/dabble/wasc-whid?view=62408&entry=64046>



WHID 2011-19: Living Social Hacked (Update)

Entry Title: WHID 2011-19: Living Social Hacked (Update)
WHID ID: 2011-19
Date Occurred: January 19, 2011
Attack Method: Hidden Parameter Manipulation
Application Weakness: Improper Input Handling
Outcome: Monetary Loss
Attacked Entity Field: Retail
Attacked Entity Geography:
Incident Description: Living Social doesn't do server side quantity
validation (at least they didn't yesterday). Who cares you say? Well
Amazon.com for one. Their latest offer of a $20 gift certificate for $10 has
the explicit restriction of ONE per customer and no gifts. You see, Amazon
actually only wants to discount their product for new customers or existing
customers only on $20 of merchandise. If Amazon knew there was a way to buy
say 100 vouchers and receive $2000 of Amazon merchandise for $1000, they
would probably blow a gasket.
Mass Attack: No
Reference: 
http://www.deepgreencrystals.com/archives/2011/01/living-social-h.html
Attack Source Geography:
 <http://wasc-whid.dabbledb.com/dabble/wasc-whid?view=62408&entry=64020>



WHID 2011-18: French president recovers from Facebook hack

Entry Title: WHID 2011-18: French president recovers from Facebook hack
WHID ID: 2011-18
Date Occurred: January 24, 2011
Attack Method: Stolen Credentials
Application Weakness: Insufficient Authentication
Outcome: Disinformation
Attacked Entity Field: Web 2.0
Attacked Entity Geography:
Incident Description: The Facebook account of Nicolas Sarkozy was hacked
over the weekend to post the false rumour that the French president would
not seek re-election next year.
Mass Attack: No
Reference: 
http://www.theregister.co.uk/2011/01/24/french_pres_facebook_hack/
Attack Source Geography:
Attacked System Technology: Facebook
 <http://wasc-whid.dabbledb.com/dabble/wasc-whid?view=62408&entry=64009>



WHID 2011-17: DNS Hack Brings Down Google Bangladesh For Many

Entry Title: WHID 2011-17: DNS Hack Brings Down Google Bangladesh For Many
WHID ID: 2011-17
Date Occurred: January 10, 2011
Attack Method: DNS Hijacking
Application Weakness: Application Misconfiguration
Outcome: Defacement
Attacked Entity Field: Search Engine
Attacked Entity Geography: Bangladesh
Incident Description: On Saturday, Google Bangladesh appeared to have been
hacked. When some users went to the Google site, they saw a message from the
TiGER-M at TE hacker group that the site was taken over.
Reports came in at the Google Webmaster Help forum where we learned the
issue was around DNS servers being taken over and some users who replied on
those DNS servers were being taken from Google.com.bd to this hacked
version.
Mass Attack: No
Reference: http://www.seroundtable.com/google-bangladesh-dns-hack-12773.html
Attack Source Geography:
 <http://wasc-whid.dabbledb.com/dabble/wasc-whid?view=62408&entry=63998>



WHID 2011-16: North Korea: South Korea Cyber Attack Accusation After Website
Hacked

Entry Title: WHID 2011-16: North Korea: South Korea Cyber Attack Accusation
After Website Hacked
WHID ID: 2011-16
Date Occurred: January 11, 2011
Attack Method: Unknown
Application Weakness: Unknown
Outcome: Defacement
Attacked Entity Field: Government
Attacked Entity Geography: North Korea
Incident Description: Political Hacktivism. North Korea is accusing South
Korean Internet users of hacking into one of its websites, calling the
behavior a provocation aimed at undermining its national dignity. The
North's government-run Uriminzokkiri website said Tuesday that South Korean
Internet users recently deleted articles on the site and posted messages
slandering the North's dignity.
Mass Attack: No
Reference: 
http://www.huffingtonpost.com/2011/01/11/north-korea-accuses-south_1_n_80743
6.html
Attack Source Geography: South Korea
 <http://wasc-whid.dabbledb.com/dabble/wasc-whid?view=62408&entry=63987>



WHID 2011-15: Hacker Code Lingered on Home Depot Website

Entry Title: WHID 2011-15: Hacker Code Lingered on Home Depot Website
WHID ID: 2011-15
Date Occurred: January 11, 2011
Attack Method: Unknown
Application Weakness: Improper Output Handling
Outcome: Planting of Malware
Attacked Entity Field: Retail
Attacked Entity Geography:
Incident Description: An IT analyst has uncovered the lingering remnants of
a 2009 breach of security on the website of the major retailer: secret code
hidden on the website that redirected the user's browser to a site that
served up malware.
"Somebody managed to deface the site and inject that code, so that anyone
visiting the site would have loaded the malicious code from this other
site," explained Mike Menefee, founder of security website Infosec Island,
which discovered the hack.
Mass Attack: No
Reference: 
http://www.foxnews.com/scitech/2011/01/11/home-depot-website-compromised/
Attack Source Geography:
 <http://wasc-whid.dabbledb.com/dabble/wasc-whid?view=62408&entry=63976>



WHID 2011-14: Hacker Hits FOX23 School Closings

Entry Title: WHID 2011-14: Hacker Hits FOX23 School Closings
WHID ID: 2011-14
Date Occurred: January 11, 2011
Attack Method: Unknown
Application Weakness: Unknown
Outcome: Disinformation
Attacked Entity Field: Media
Attacked Entity Geography: Oklahoma, USA
Incident Description: FOX23 distributes top secret information to school
districts so they can post school closings to our website. Tuesday morning,
that information fell into the wrong hands, and for five minutes students in
Broken Arrow thought they had a day off school.
This morning at 7:33 Broken Arrow mom Becki Santucci heard a ding in her
purse.
³I got a text message saying Broken Arrow schools are closed.²
The sender, ³FOX23. (It was) my email alert about school closings.²
But school was not closed. Someone logged on to FOX23.com and posted the
closing without anyone's permission.
Mass Attack: No
Reference: 
http://www.fox23.com/news/local/story/Hacker-Hits-FOX23-School-Closings/nJlT
wic8fEqLIhxpEs2Vow.cspx
Attack Source Geography:
 <http://wasc-whid.dabbledb.com/dabble/wasc-whid?view=62408&entry=63965>



WHID 2011-13: Hackers deface IBM DeveloperWorks website

Entry Title: WHID 2011-13: Hackers deface IBM DeveloperWorks website
WHID ID: 2011-13
Date Occurred: January 11, 2011
Attack Method: Unknown
Application Weakness: Unknown
Outcome: Defacement
Attacked Entity Field: Technology
Attacked Entity Geography: USA
Incident Description: An IBM site for developers was defaced over the
weekend, with attackers replacing some of the web pages on the site with
ones containing their own messages, IBM confirmed Monday.
Mass Attack: No
Reference: 
http://www.cio.co.uk/news/3256323/hackers-deface-ibm-developerworks-website/
Attack Source Geography:
 <http://wasc-whid.dabbledb.com/dabble/wasc-whid?view=62408&entry=63954>



WHID 2011-12: Cyber Criminals Attack A Hundred Online Casino Sites

Entry Title: WHID 2011-12: Cyber Criminals Attack A Hundred Online Casino
Sites
WHID ID: 2011-12
Date Occurred: January 13, 2011
Attack Method: Denial of Service
Application Weakness: Insufficient Anti-automation
Outcome: Monetary Loss
Attacked Entity Field: Entertainment
Attacked Entity Geography: South Korea
Incident Description: A South Korean web hosting company that allegedly
hosted an illegal gambling site is in trouble with authorities for
organising a series of ³cyber attacks² on competing illegal online casinos
in order to grab gambling business from rival gangsters.
Between November 21st and December 15th, 2010, Lee, 32, head of the computer
server company along with Park, 37, a hacker working for an Incheon based
crime gang which owned the gambling site, organised distributed
denial-of-service attacks (DDoS
Mass Attack: No
Reference: 
http://www.onlinepoker.net/poker-news/general-poker-news/cyber-criminals-att
ack-online-casino-sites/9141
Attack Source Geography: South Korea
 <http://wasc-whid.dabbledb.com/dabble/wasc-whid?view=62408&entry=63943>



WHID 2011-11: Educational, government and military sites hit by hackers

Entry Title: WHID 2011-11: Educational, government and military sites hit by
hackers
WHID ID: 2011-11
Date Occurred: January 17, 2011
Attack Method: Known Vulnerability
Application Weakness: Application Misconfiguration
Outcome: Link Spam
Attacked Entity Field: Hosting Providers
Attacked Entity Geography: Utah
Incident Description: A software security issue with a popular US-based web
hosting provider is reportedly allowing hackers to secretly add dozens of
web pages to military, educational, financial and government sites in a bid
to promote so-called pharma retailing sites.
Mass Attack: No
Reference: 
http://www.infosecurity-magazine.com/view/15209/educational-government-and-m
ilitary-sites-hit-by-hackers/
Attack Source Geography:
Attacked System Technology: cPanel
 <http://wasc-whid.dabbledb.com/dabble/wasc-whid?view=62408&entry=63922>




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110125/af6eafc0/attachment.html>


More information about the websecurity mailing list