[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Web Hacking Incidents update for Jan 19th
The incidents reported on WHID (the web hacking incidents database) last
* WHID 2009-3: Google Trends Falls Victim to a Stunt
A very good example of why insufficient anti-automation is becoming
a major threat to web applications.
* WHID 2009-4: Twitter Personal Info CSRF (http://whid.xiom.com/whid-2009-4)
If you thought Web 2.0 was dangerous, but didn't know just how (or
what Web 2.0 is...), this incident is your answer.
* WHID 2009-5: School data hacked, grades altered
Every student's dream comes true.
* WHID 2009-6: InfoGov switch hosting due to lack of security
* WHID 2009-7: China's Yeepay.com Suffers Internet Payment Hacker Attack
An interesting 2008 incident added recently is WHID 2008-53: "SQL by Design"
leaks Thousands of SSNs at an Oklahoma Gov site
l_Security_Numbers). This one demonstrates a too common variant of SQL
injection, which I labeled "SQL by design".
Founder, Xiom.com, Proactive Web Application Security, http://www.xiom.com
Chairman, OWASP Israel
Leader, WASC Web Hacking Incidents Database Project