Mailing List Archive
tlug.jp Mailing List tlug archive tlug Mailing List Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]Re: [tlug] Hacktivists Ghost Shell dump 1.6m log-in details on web
- Date: Wed, 12 Dec 2012 15:26:51 +0900
- From: Benny K <mailinglist@example.com>
- Subject: Re: [tlug] Hacktivists Ghost Shell dump 1.6m log-in details on web
The BBC wisely realized they couldn't get any more specific without
getting the technical details horribly wrong? But what are they talking
about. What is this "database that companies use to catalogue and curate
website content"?
(I took a look at the Pastebin website, and they sound like typical
anarchists, but I felt like I was jumping in a conversation midway and
didn't actually learn anything useful there.)
Their main tactic is SQL injection, which works on different kind of databases. Not enough websites do proper input validation.
http://www.darkreading.com/identity-and-access-management/167901114/security/attacks-breaches/240006425/ghostshell-haunts-websites-with-sql-injection.html
It's nr.1 on the top 10 most abused Web Application errors
https://www.owasp.org/index.php/Top_10_2010-Main
We talked about it at TLUG in March
http://tlug.jp/wiki/Meetings:2012:03
The OWASP website is a treasure trove of free information and tools on the subject.
Cheers
Home | Main Index | Thread Index
- Prev by Date: Re: [tlug] Hacktivists Ghost Shell dump 1.6m log-in details on web
- Next by Date: [tlug] Linux Web hosting recommendations
- Previous by thread: Re: [tlug] Hacktivists Ghost Shell dump 1.6m log-in details on web
- Next by thread: [tlug] Linux Web hosting recommendations
- Index(es):
Home Page Mailing List Linux and Japan TLUG Members Links