Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Sverre H. Huseby (shhthathost.com)
Date: Fri Jun 28 2002 - 07:32:23 CDT
I received more than 30 links in response to my query for real-life
attacks on web applications. After filtering accoring to my rules (1:
attack on the web application, not the infrastructure (including web
server software), and 2: real crime, not just a demonstration that
attacks are possible), only two links remain! Too bad.
David Endler gave me the following:
Not the main topic of the article, but it mentiones this:
"Last week, a hacker used cross-site scripting to wipe out desktop
icons of Web users visiting Price Loto, a Japanese auction site,
prompting the site to temporarily shut down while a patch was
devised, says Japan's Information Technology Promotion Agency."
Some person that didn't tell me if s/he wanted his/her name here, gave
On bugs in code to "mail tip to a friend about this article".
Again, the following is not the main topic, but it is mentioned:
"A prankster exploited the flaw at CNN.com in Oct. 2001 to spread a
hoax about the death of pop singer Britney Spears. By creating a
mock-up of a CNN.com Web page at an external site and using a quirk
in how Web browsers handle special addresses, the prankster
apparently fooled thousands of people into thinking Spears had died
in a car accident."
The majority of the "rejected" links point to news articles that
describe exploitable holes, but no indication that someone actually
used the holes for purposes other than demonstration/publicity.
Some of the articles describe actual crimes (typically theft of
personal information), but they don't give enough info to make it
possible to classify the attacks as being on the web application
Thanks to all who sent me information. Sorry that so little got
included in the summary, but most of what I got was, as I said, not
quite what I asked for.
(Please do not send me more, as I will not make another summary.)
-- shhthathost.com Computer Geek? Try my Nerd Quiz http://shh.thathost.com/ http://nerdquiz.thathost.com/