Practical use of CSRF attacks in the wild

By Rory2 on December 25, 2007 6:55 PM

http://www.davidairey.co.uk/google-gmail-security-hijack/

Here's an example of bad-guys using CSRF attacks try and extort money from domain name holders. Interestingly it's the first example of practical use of this kind of attack I've seen.

Although the vulnerability in GMail that seems to have been exploited is now fixed, I bet this won't be the last time we see this form of attack in use, and it does give an example of the kind of damage that a CSRF attack can cause...

Categories

Monthly Archives

About this Entry

This page contains a single entry by Rory2 published on December 25, 2007 6:55 PM.

What 2008 may bring... was the previous entry in this blog.

New Years Resolution - Ask your Software vendors about security is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Pages

Powered by Movable Type 4.37

Search

About this Entry

This page contains a single entry by Rory2 published on December 25, 2007 6:55 PM.

What 2008 may bring... was the previous entry in this blog.

New Years Resolution - Ask your Software vendors about security is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.