WHID 2011-26: Tunisian government harvesting usernames and passwords

Entry Title: WHID 2011-26: Tunisian government harvesting usernames and
passwords
WHID ID: 2011-26
Date Occurred: January 4, 2011
Attack Method: Content Injection
Application Weakness: Insufficient Transport Layer Protection
Outcome: Stolen Credentials
Attacked Entity Field: Web 2.0
Attacked Entity Geography:
Incident Description: The Tunisian Internet Agency (Agence tunisienne
d'Internet or ATI) is being blamed for the presence of injected JavaScript
that captures usernames and passwords. The code has been discovered on login
pages for Gmail, Yahoo, and Facebook, and said to be the reason for the
recent rash of account hijackings reported by Tunisian protesters.
Mass Attack: No
Reference:
http://www.thetechherald.com/article.php/201101/6651/Tunisian-government-har
vesting-usernames-and-passwords
Attack Source Geography:
Attacked System Technology: GMail

For those of you who did not see my tweet ­ looks like DabbleDB has shut
down operations - http://www.dabbledb.com/.  We were using this for the WHID
DB data and for generating the Stats/Search interfaces on the project site.
I am currently trying to get a export of the DB and then will be migrating
it to another site.  I am currently looking at Google Fusion Charts -
http://www.google.com/fusiontables/Home.  This looks promising as we need a
site that has good capabilities for data search and visualization.

I will notify the community when we are back up and running.  In the
meantime, there will probably be a slowdown on WHID entries.

-Ryan Barnett
WASC Web Hacking Incident Database (WHID) Project Leader