I meant to keep the Web Hackings update as a weekly update, but it seems that events are much more frequent. We have three new very interesting web hacking incidents in just two days as a preview into how 2008 might look like: WHID 2007-82, An SQL injection Mass Robot - a very massive attack (>100,000 sites) using SQL injection to add malware distributing code to web site (http://www.webappsec.org/projects/whid/byid_id_2007-82.shtml) WHID 2008-02: Italian Bank's XSS Opportunity Seized by Fraudsters - Active exploit of an XSS vulnerability for rewrite style phishing (http://www.webappsec.org/projects/whid/byid_id_2008-02.shtml) WHID 2008-01: Information stolen from geeks.com - A data breach leaking to information leakage in a site that has Hacker Safe certificate (http://www.webappsec.org/projects/whid/byid_id_2008-01.shtml) Further information about the Web Hacking Incident Database at http://www.webappsec.org/projects/whid. ~ Ofer Ofer Shezaf Work: ofers@xxxxxxxxxx, +972-9-9560036 #212 Personal: ofer@xxxxxxxxxx, +972-54-4431119 VP Security Research, Breach Security Chair, OWASP Israel Leader, ModSecurity Core Rule Set Project Leader, WASC Web Hacking Incidents Database Project
