|
The Web Hacking Incidents Database
Last update:17 February 2008
List of Incidents for a Classification
Please note that classifications are a new feature and not all entries in WHID are already classified, so when you get a certain number of entries for a classification, WHID might have more records matching that classification that we did not classify yet. We hope to complete the classification process soon.
Select classification:
Attack Method, Country, Location, Origin, Outcome, Software, Vertical Select criteria for classification "Vertical":
Education, Entertainment, Finance, Government, Health, Information Services, Internet, Marketing, Media, Politics, Retail, Security & Law Enforcement, Service Providers, Sports, Technology
List of incidents for which Vertical is Media
9 incidents listed
Reported: 17 February 2008Occurred: 09 November 2007
Classifications:
- Attack Method: Unknown
- Country: India
- Outcome: Planting of Malware
- Vertical: Media
The web site of a leading Indian newspaper is swamped with malware. A recent survey by WebSense cites by the Register found that of the sites hosing malware, 51% where legitimate sites that have been broken into. This is a major shift in the threat landscape, since keeping to web sites that you know is no longer a good protection strategy. Anecdotally undermining WebSense own web site classification technology as a security solution.
References:
Reported: 01 January 2008Occurred: 06 November 2007
Classifications:
- Attack Method: SQL Injection
- Country: Turkey
- Outcome: Planting of Malware
- Vertical: Media
Another Malware defacement, but this time at a very prominent web site: MSNBC Turkish edition. There are indications that this is an application layer attack.
References:
Reported: 19 December 2007Occurred: 17 December 2007
Classifications:
- Attack Method: Known Vulnerability
- Country: UK
- Outcome: Link Spam
- Software: WordPress
- Vertical: Media
In an incident very similar to the Al Gore Hack, the personal blog of IT journalist Tim Anderson was also hacked. Unlike Mr. Gore, Tim discusses the breach and its origins.
References:
Reported: 07 November 2007Occurred: 03 October 2007
Classifications:
- Attack Method: unknown
- Country: China
- Outcome: Planting Of Malware
- Vertical: Media
Defacement are a dime a dozen this days, and are not normally reported by WHID. Even invisible defacements in which sites are changed in order to infect their clients with malicious code are becoming too common. But this time it is the site of a security organization, and not just any one, but China's internet security organization. So in the light of the hot debate about china as the source of all hacking, we think that this story has a value.
References:
Reported: 07 November 2007Occurred: 18 September 2007
Classifications:
- Attack Method: Unknown
- Country: USA
- Outcome: Leakage of Information
- Vertical: Media
Vertical Web Media, publisher of Internet Retailer magazine, suffered a security http://www.theregister.co.uk/2007/08/17/gentoo_disconnects_vulnerable_server/breach and credit card information of readers had been stolen. The Irony is that Internet Retailed magazine is covering the risks of e-commerce. While the actual technique used is not known, signs are that it was a web hack as it was done by a distributed network of bots all over the world and since the information stolen belonged to customers who paid online. The information stolen includes names, addresses, e-mail addresses, phone numbers, credit card account numbers and card expiration dates. The number of records stolen is unknown.
References:
Reported: 02 September 2007Occurred: 29 August 2007
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Country: New Zealand
- Country: New Zealand
- Outcome: Defacement
- Vertical: Media
Still defacement but this time with a twist. This was a genuine XSS rewriting attack, and was carried out by well known people as a stunt. No information is provided on how the XSS vector found its way to the victim computers.
References:
Reported: 25 July 2007Occurred: 23 July 2007
Classifications:
- Attack Method: Unintentional Information Disclosure
- Country: USA
- Outcome: Leakage of Information
- Vertical: Media
Fox News left non public files on a directory accessible to everyone on their web server.
References:
Reported: 12 June 2007Occurred: 11 June 2007
Classifications:
- Attack Method: Insufficient Anti-automation
- Attack Method: Insufficient Session Expiration
- Country: USA
- Outcome: Deceit
- Vertical: Media
The CNBC stock trading reality TV show was even more real than contenders thought it would be. It seems that players learned to cheat the game by opening a browser form to by a stock before closing and issuing the transaction, at the set price, only after closing, when more information is already available.
The interesting anecdote is that the person who discovered the issue has used a different, but also questionable technique of maintaining a very large number of portfolios automatically managed by automated programs using the fact that the game allowed a user to have any number of portfolios but only the best one is counted. Kosher, but stinks.
This story remind an older story about a predictable delay in a poker game that enabled gamblers to beat the house.
References:
Reported: 26 April 2007Occurred: 23 April 2007
Classifications:
- Attack Method: Credential/Session Prediction
- Country: Australia
- Outcome: Leakage of Information
- Vertical: Media
The site of "Big Brother", a reality show in Australia issued duplicate session IDs to different users since the session ID pool was exhausted. Naturally, the 2nd person to get the same session ID got to see all the details of the 1st one!
References:
This work is licensed under the Creative Commons Attribution License. To view a copy of this license, visit http://creativecommons.org/licenses/by/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
|
