Top 10 Web hacking techniques of 2010 revealed
Network World - A Web hack that can endanger online banking transactions is ranked the No. 1 new Web hacking technique for 2010 in a top 10 list selected by a panel of experts and open voting. Called the Padding Oracle Crypto Attack, the hack takes advantage of how Microsoft's Web framework ASP.NET protects AES encryption cookies. FROM THE SECURITY WORLD: Quirky moments at Black Hat DC 2011 If encryption data in the cookie has been changed, the way ASP.NET handles it results in the application leaking some information about how to decrypt the traffic. The developers of the hack -- Juliano Rizzo and Thai Duong -- have developed a tool for executing the hack. The ranking was sponsored by Black Hat, OWASP and White Hat Security, and details of the hacks will be the subject of a presentation at the IT-Defense 2011 conference next month in Germany. Here are the rest of the top 10 Web hacks voted in the competition: 2. 3. 4. 5. 6.