Friday, 6th May 2005
Cross-site request forgery (CSRF). Somehow this vulnerability is news to me. # 11:07 pm
URIs, Addressability, and the use of HTTP GET and POST. A comprehensive, if slightly dry, overview of the issue. # 9:45 pm
Fighting RFCs with RFCs
Google’s recently released Web Accelerator apparently has some scary side-effects. It’s been spotted pre-loading links in password-protected applications, which can amount to clicking on every “delete this” link — bypassing even the JavaScript prompt you carefully added to give people the chance to think twice.
[... 353 words]