[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [WEB SECURITY] Web Hacking Incidents update for Feb 10th

From: "Eric Rachner" <eric@xxxxxxxxxx>
Subject: RE: [WEB SECURITY] Web Hacking Incidents update for Feb 10th
Date: Wed, 11 Feb 2009 14:06:19 +0100

Maybe I just missed it, but what basis do we have to classify RBS as a *web*
hacking incident?

-----Original Message-----
From: Ofer Shezaf [mailto:ofer@xxxxxxxxxx] 
Sent: Wednesday, February 11, 2009 6:17 AM
To: WebSecurity
Subject: [WEB SECURITY] Web Hacking Incidents update for Feb 10th

The Web Hacking Incidents Database (http://whid.webappsec.org), or WHID for
short, is a Web Application Security Consortium (http://www.webappsec.org)
project dedicated to maintaining a list of web applications related security
incidents. WHID goal is to serve as a tool for raising awareness of the web
application security problem and provide information for statistical
analysis of web applications security incidents.

The following incidents where added to WHID last week:

* WHID 2009-19: Kaspersky site breached using SQL injection, sensitive data
exposed (http://whid.webappsec.org/whid/2009/19/kaspersky_site_breached)
* WHID 2009-18: phpBB web site hacked using LFI
(http://whid.webappsec.org/whid/2009/18/phpbb_web_site_hacked_using_lfi)
* WHID 2009-17: Passwords are optional at SpeedDate
(http://whid.webappsec.org/whid/2009/17/passwords_optional_at_speeddate)
* WHID 2009-16: Primary schools hit by smut hack
(http://whid.webappsec.org/whid/2009/16/primary_schools_hit_by_smut_hack)

We also continue to follow older incidents and the following incidents where
significantly updated this week:
* WHID 2008-36: RBS WorldPay Data Breach Hits 1.5 Million
(http://whid.webappsec.org/whid-2008-36) - scope of incident revealed.
* WHID 2008-01: Information stolen from geeks.com
(http://whid.webappsec.org/whid-2008-01) - FTC settlement documents shed
light on the incident.

~ Ofer

Ofer Shezaf [shezaf@xxxxxxxx, +972-54-4431119, www.xiom.com]

Founder, Xiom.com, Proactive Web Application Security, http://www.xiom.com
Chairman, OWASP Israel 
Leader, WASC Web Hacking Incidents Database Project

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

Follow-Ups:
- RE: [WEB SECURITY] Web Hacking Incidents update for Feb 10th
  - From: Ofer Shezaf

References:
- [WEB SECURITY] Web Hacking Incidents update for Feb 10th
  - From: Ofer Shezaf

Prev by Date: RE: [WEB SECURITY] Design and Logic Flaws
Next by Date: RE: [WEB SECURITY] Web Hacking Incidents update for Feb 10th
Previous by thread: [WEB SECURITY] Web Hacking Incidents update for Feb 10th
Next by thread: RE: [WEB SECURITY] Web Hacking Incidents update for Feb 10th
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site