XSRF - cross-site request forgery (was: Keyurbsorathia wants to share Favorites with you)
25 Oct 2007 - 7:16pm
(Maybe not the right list... but good to know)
It is actually a minor case of XSRF attack (cross-site request forgery).
The link above is a google search but it might have been transfer X
amount of money to Y. That's of course will work If your bank is
stupid enough (some are) to allow *significant and predictable*
action by HTTP request, and you're happen to be logged into your bank
account (in a different tab maybe?).
This attack is "statistic", but an attacker can send endless number
of emails. (maybe he collected ours too ;-)
How many of you use top 5 seller Wi-Fi router?
Do you use the default IP?
Have you changed the default Username/Password?
I think I can lead some of you to grant me permission into your
My grandpa use to say: "be careful where you click"
On Oct 24, 2007, at 11:54 AM, Gajendra Agrawal wrote:
> I think this is a result of misleading design. These are cheap tricky > methods to get more Users base eventually more traffic and money. > Finally > users lands up in embarrassing situations like this. This > invitation might > go to your VP, Girl fiend, Father, etc. Because people have all > kind of > email Address in their Address Book. Like Keyur sent this to IXDA > and some > other mailing list. :(