CSRF Flaws Found on Major Websites
Submitted
by
Anonymous Coward
An anonymous reader writes "DarkReading reports that "researchers from Princeton University today revealed their discovery of four major Websites susceptible to the silent-but-deadly cross-site request forgery (CSRF) attack — including one on INGDirect.com's site that would let an attacker transfer money out of a victim's bank account....Bill Zeller, a PhD candidate at Princeton, says the CSRF bug that he and fellow researcher Edward Felton found on INGDirect.com represents one of the first publicly disclosed CSRF flaws on a bank site. "It is the first example of a CSRF attack that allows money to be transferred out of a bank account that I'm aware of," Zeller says." More info: Freedom to Tinker post, Research Paper [pdf], WebMonkey"
CSRF Flaws Found on Major Websites More Login
CSRF Flaws Found on Major Websites