Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
Security

Submission + - CSRF Flaws Found on Major Websites

Submitted by Anonymous Coward
An anonymous reader writes: DarkReading reports that "researchers from Princeton University today revealed their discovery of four major Websites susceptible to the silent-but-deadly cross-site request forgery (CSRF) attack — including one on INGDirect.com's site that would let an attacker transfer money out of a victim's bank account....Bill Zeller, a PhD candidate at Princeton, says the CSRF bug that he and fellow researcher Edward Felton found on INGDirect.com represents one of the first publicly disclosed CSRF flaws on a bank site. "It is the first example of a CSRF attack that allows money to be transferred out of a bank account that I'm aware of," Zeller says." More info: Freedom to Tinker post, Research Paper [pdf], WebMonkey

Comment Re:Permanent injuction? How likely is that? (Score 1) 162

by zelphi (#14271179) Attached to: Microsoft Sued Over Patent Infringements
It's what the bottom feeders always do. As much as I hate Microsoft, I really hope they win this case. Companies sit on crappy patents and then pull them out when a product is doing well. How's a developer supposed to know it's safe to continue? He can only wait till a product is successful to see if he'll be sued. - Free stuff without getting the referrals? http://referralaccelerated.com/

Slashdot Top Deals

Algol-60 surely must be regarded as the most important programming language yet developed. -- T. Cheatham

Close