OpenIDFriday, 6th May 2005
Fighting RFCs with RFCs
Google’s recently released Web Accelerator apparently has some scary side-effects. It’s been spotted pre-loading links in password-protected applications, which can amount to clicking on every “delete this” link — bypassing even the JavaScript prompt you carefully added to give people the chance to think twice. [... 353 words]
URIs, Addressability, and the use of HTTP GET and POST. A comprehensive, if slightly dry, overview of the issue. 
9:45 pm
Cross-site request forgery (CSRF). Somehow this vulnerability is news to me. 11:07 pm
