Submit Your Top Web Hacking Techniques for 2008
Jeremiah is calling all security researchers and hobbyists to submit their favorite Web hacking techniques released during 2008. There are some nice perks too. I say "Sure!".
Although I don't like the fact that there are judges appointed to select which one is the best one. "Where did the democracy go?" With all the vastly expressive, social technologies that we have today, we are still stuck with juries.
In a similar fashion, "The Pwnie Awards" lacks any reality, imho. The process is meant to be open but the organizers failed to show that this is actually the case. Instead, it looks like the awards are selected by a few, meant for a few, and understood by less. Brilliant quality research, events and news are totally missed because they don't fit into someone's perception of reality. No offense to the organizers, but this is really how it looks like from far.
We've got some of our research in Jeremiah's original list. I recommended a few more entries to be included and they were. In no particular order, here is the full list of all our entries:
- Frame Injection Fun
- Cross-site File Upload Attacks
- Local DoS on CUPS to a remote exploit via specially-crafted webpage
- Navigation Hijacking (Frame/Tab Injection Attacks)
- UPnP Hacking via Flash
- Total surveillance made easy with VoIP phone
- Social Networks Evil Twin Attacks
The things that were not added are:
- Router Hacking Challenge (one of the biggest hacker challenges done so far and all of it is web stuff)
- Call Jacking: Phreaking the BT Home Hub (really cool web hack)
- The Pownce Worm (just another worm)
So there you have it!