September 30, 2008
12:02 am

Cross-site request forgery (CSRF) exploit traced on ING, YouTube, MetaFilter and NYT


Researchers from Princeton University revealed their discovery of four major Websites susceptible to the silent-but-deadly cross-site request forgery (CSRF) attack -- including one on INGDirect.com’s site that would let an attacker transfer money out of a victim’s bank account.

ING, YouTube, and MetaFilter all have since fixed these vulnerabilities after being alerted to them by the researchers, but as of press time, the fourth, The New York Times, still harbored a CSRF flaw on its site that would let an attacker cull and abuse email addresses from online subscribers to the site.

Full Article

Loading

Contextual Related Posts:

Subscribe to our site Feed | Get email updates | Save & Share | Top | Back

No comment yet

Leave a comment »

  1. Pingback from
    1
    botchedPHP » Preventing CSRF Attacks with Static Nonce says:December 6th, 2008 at 3:59 pm

    [...] I caught an article about a paper “Cross-Site Request Forgeries: Exploitation and Prevention” written by [...]

Leave a Response

Comment Preview
« Viviane Reding calls on EU to take lead in Web 3.0 technologyTIFF iFilter: Brings search, file sharing features to Microsoft SharePoint »
Skip to Content | Refresh page | Top | Back
Feed Icon

Subscribe via RSS or email:

 

 

Top Windows 7 Posts

Recent Popular Posts

Overall Popular Posts

Recommended Links

Last Recent Posts

Recent Posts

Meta Section

Locations of visitors to this page