Practical use of CSRF attacks in the wild

Dec 25th, 2007

Comments: 0
Category: Uncategorized

Practical use of CSRF attacks in the wild

http://www.davidairey.co.uk/google-gmail-security-hijack/
Here’s an example of bad-guys using CSRF attacks try and extort money from domain name holders. Interestingly it’s the first example of practical use of this kind of attack I’ve seen.
Although the vulnerability in GMail that seems to have been exploited is now fixed, I bet this won’t be the last time we see this form of attack in use, and it does give an example of the kind of damage that a CSRF attack can cause…

Add a comment

Your email address will not be shared or published. Required fields are marked *