Cross-site scripting request forgeries
Defenses for Web Users
One browser that has incorporated this strategy is Google Chrome. Each browser tab in Chrome is actually a separate process and not a thread running within the same context as other threads (tabs). Thus, the tabs cannot interfere with each other, rendering most CSRF attacks impotent.
- Cross-Site Request Forgery (CSRF): http://www.owasp.org/index.php/Cross-Site_Request_Forgery
- Zeller, W., and Felten, E.W. "Cross-Site Request Forgeries: Exploitation and Prevention," 2008, http://www.freedom-to-tinker.com/sites/default/files/csrf.pdf
Buy this article as PDF
Read full article as PDF:Security_Lessons_Cross-site_Scripting_Request_Forgeries.pdf (259.83 kB)
Report from the X-Force group says attackers are using TOR to hide their crimes
Future Firefox extensions will be compatible with Chrome.
Better read this if you bought your computer before 2011
Users should upgrade to the new version as soon as possible
Xen project announces a privilege escalation problem for Qemu host systems
Attackers can compromise an Android phone just by sending a text message
PC vendor will pre-install Ubuntu on portables in India.
More embarrassment for Adobe's embattled multimedia tool
Mozilla’s script blocker add-on could be putting malware sites on the whitelist.
The Internet community officially banishes the notoriously unsafe Secure Sockets Layer protocol.