This makes me bang my head on the desk In the Citi breach, the data thieves were able to penetrate the bank’s defenses by first logging on to the site reserved for its credit card customers. Once inside, they leapfrogged between the accounts of different Citi customers by inserting various account numbers into a string of text located in the browser’s address bar. The hackers’ code systems automatically repeated this exercise tens of thousands of times — allowing them to capture the confidential private data. As if insecure direct object...
Just checked twitter and instead of the fail whale I got something different … “This Web Site Has Been Hacked By Iranian Cyber Arm”. Oh dear. At least there’s no destructive payload, no virus installers, just the vandalism. Interesting though, they’ve managed to upload pictures to the twitter servers. There doesn’t appear to be a redirect or anything that would indicate XSS, something twitter has had big problems with. When I hit refresh it’s back to normal. I’m wondering if they’ve managed to get some servers but not all, which may point to cracking the servers...