Hacker Who-Done-It - Twenty-Four Seven Security - ebizQ

February 10, 2008 Sign In | About ebizQ | Contact Us | Join ebizQ Gold Club

Peter

Twenty-Four Seven Security
Peter Schooff's blog is a daily look at what's going on in the world of computer security with an emphasis on how it affects businesses.

« Identity Management Must Look Pretty Cheap Now | Main | The Challenges of SOA Security: A Discussion with Layer 7 »

January 29, 2008
Hacker Who-Done-It

Dark Reading details a very scary exploit called cross-site request forgery (CSRF), where hackers can force someone else's browser to, as Dark Reading says, "to conduct searches on behalf of the attacker, grab files or pages, post messages to online forums, and even make changes to the user's Website accounts."

What's the advantage of that, you wonder? Well, because once the exploit is revealed and the perpetrator is caught red-handed, that red-handed perpetrator most likely didn't do it (as hacker who-done-its often rely on a browser's cookies and cache).

And the worst thing about it is cross-site request forgery is it's a vulnerability found in many web applications and much harder to eradicate than cross-site scripting vulnerabilities. To get the lowdown on application security, I highly recommend listening in on Mike Rothman's recent ebizQ podcast with Michael Gavin right here.

Tags: cross-site request forgery, CSRF, security, Mike Rothman, application security,

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/3090

Comments Post a comment

Most Recent ebizQ Blog Entries

ADVERTISEMENT

Subscribe

website metrics

Recent Posts

More Google Hacks You Better Know About
Hacker Proof Authentication?
Is the Government Paying Too Much for Security?
Here Comes Fuzzing
What is Security's Weakest Link?
The Challenges of SOA Security: A Discussion with Layer 7
Hacker Who-Done-It
Identity Management Must Look Pretty Cheap Now
Hackers' New Bag of Tricks
Data Breach Hits Home

Categories

Apple
Better Protection
Cisco Systems
Dell
Google
Hackers
IBM
McAfee
Microsoft
Oracle
Patches
Phishing
Podcast
Small Medium Enterprise
SOA Security
Spam

Archives

February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006

Blog Roll

Blogosphere

free counter with statistics

This Work

Accountability:The opinions expressed in this blog are solely representative of the blog's author, and not of ebizQ

Subscribe to our Newsletters
ebizQ Weekly Gold Club Update Live Webinar Updates Updates from ebizQ Partners ebizQ SOA Update ebizQ BPM Update ebizQ Security Update ebizQ BI Update ebizQ Open Source Software Update Virtual Show Newsletter
Your E-mail Address:

BAM: The Killer App for CEP
Date: Feb 12, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND

Event Processing Market Pulse
Date: Feb 14, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND

Archived Webinars | Upcoming Webinars

Marketing Solutions | Feedback | About ebizQ | Unsubscribe | Privacy Policy | Site Map