TLUG Mailing List

Mailing List Archive

tlug.jp Mailing List tlug archive tlug Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] Hacktivists Ghost Shell dump 1.6m log-in details on web

Date: Wed, 12 Dec 2012 15:26:51 +0900

From: Benny K <mailinglist@example.com>

Subject: Re: [tlug] Hacktivists Ghost Shell dump 1.6m log-in details on web

The BBC wisely realized they couldn't get any more specific without
getting the technical details horribly wrong? But what are they talking
about. What is this "database that companies use to catalogue and curate
website content"?

(I took a look at the Pastebin website, and they sound like typical
anarchists, but I felt like I was jumping in a conversation midway and
didn't actually learn anything useful there.)

Their main tactic is SQL injection, which works on different kind of databases. Not enough websites do proper input validation.
http://www.darkreading.com/identity-and-access-management/167901114/security/attacks-breaches/240006425/ghostshell-haunts-websites-with-sql-injection.html

It's nr.1 on the top 10 most abused Web Application errors
https://www.owasp.org/index.php/Top_10_2010-Main

We talked about it at TLUG in March
http://tlug.jp/wiki/Meetings:2012:03

The OWASP website is a treasure trove of free information and tools on the subject.

Cheers

Prev by Date: Re: [tlug] Hacktivists Ghost Shell dump 1.6m log-in details on web

Next by Date: [tlug] Linux Web hosting recommendations

Previous by thread: Re: [tlug] Hacktivists Ghost Shell dump 1.6m log-in details on web

Next by thread: [tlug] Linux Web hosting recommendations

Index(es):

Date

Thread

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links