Dark Reading details a very scary exploit called cross-site request forgery (CSRF), where hackers can force someone else's browser to, as Dark Reading says, "to conduct searches on behalf of the attacker, grab files or pages, post messages to online forums, and even make changes to the user's Website accounts."
What's the advantage of that, you wonder? Well, because once the exploit is revealed and the perpetrator is caught red-handed, that red-handed perpetrator most likely didn't do it (as hacker who-done-its often rely on a browser's cookies and cache).
And the worst thing about it is cross-site request forgery is it's a vulnerability found in many web applications and much harder to eradicate than cross-site scripting vulnerabilities. To get the lowdown on application security, I highly recommend listening in on Mike Rothman's recent ebizQ podcast with Michael Gavin right here.
Leave a comment