An anonymous reader writes "DarkReading reports that "researchers from Princeton University today revealed their discovery of four major Websites susceptible to the silent-but-deadly cross-site request forgery (CSRF) attack — including one on INGDirect.com's site that would let an attacker transfer money out of a victim's bank account....Bill Zeller, a PhD candidate at Princeton, says the CSRF bug that he and fellow researcher Edward Felton found on INGDirect.com represents one of the first publicly disclosed CSRF flaws on a bank site. "It is the first example of a CSRF attack that allows money to be transferred out of a bank account that I'm aware of," Zeller says." More info: Freedom to Tinker post, Research Paper [pdf], WebMonkey"
This discussion was created for logged-in users only, but now has been archived.
No new comments can be posted.
CSRF Flaws Found on Major Websites 0 Comments More Login /
Get More Comments