Here is the latest bunch of hacking incidents added to WHID, the Web Hacking Incident Database (http://www.webappsec.org/projects/whid) + A particularly juicy one was an SQL injection at the site of RIAA (Recording Industry Association of America), one of the most hated organizations on the planet (http://www.webappsec.org/projects/whid/byid_id_2008-04.shtml) + Yet another state government site (Pennsylvania, http://www.webappsec.org/projects/whid/byid_id_2008-06.shtml) and another University (MSU, http://www.webappsec.org/projects/whid/byid_id_2007-83.shtml) suffered serious hacking. + Hackers are actively exploiting CSRF to hack home ADSL routers in Mexico (http://www.webappsec.org/projects/whid/byid_id_2008-05.shtml). This incident also prompted me to write a blog entry about "client side web hacking" (http://www.xiom.com/?p=12) + For a second year in a row Kurt Grutzmacher was able to get a free MacWorld pass by cracking the conference web site (http://www.webappsec.org/projects/whid/byid_id_2008-07.shtml) + and lastly the FTC settles with retailer "life is good" over lack of reasonable and appropriate security, forcing the retailer to spend much more money on info sec. (http://www.webappsec.org/projects/whid/byid_id_2008-03.shtml) ~ Ofer Ofer Shezaf Work: ofers@xxxxxxxxxx, +972-9-9560036 #212 Personal: ofer@xxxxxxxxxx, +972-54-4431119 VP Security Research, Breach Security Chair, OWASP Israel Leader, ModSecurity Core Rule Set Project Leader, WASC Web Hacking Incidents Database Project
