Twenty-Four Seven Security

Peter Schooff

Hacker Who-Done-It

user-pic
Vote 0 Votes

Dark Reading details a very scary exploit called cross-site request forgery (CSRF), where hackers can force someone else's browser to, as Dark Reading says, "to conduct searches on behalf of the attacker, grab files or pages, post messages to online forums, and even make changes to the user's Website accounts."

What's the advantage of that, you wonder? Well, because once the exploit is revealed and the perpetrator is caught red-handed, that red-handed perpetrator most likely didn't do it (as hacker who-done-its often rely on a browser's cookies and cache).

And the worst thing about it is cross-site request forgery is it's a vulnerability found in many web applications and much harder to eradicate than cross-site scripting vulnerabilities. To get the lowdown on application security, I highly recommend listening in on Mike Rothman's recent ebizQ podcast with Michael Gavin right here.

No TrackBacks

TrackBack URL: http://www.ebizq.net/MT4/mt-tb.cgi/10944

Leave a comment

Peter Schooff's blog is a daily look at what's going on in the world of computer security with an emphasis on how it affects businesses.

Peter Schooff

Peter Schooff is Forum Editor and frequent blogger for ebizQ. Peter can be reached at peter@ebizq.net

Recently Commented On

Monthly Archives

Blogs

ADVERTISEMENT