Hi Chris,
I feel that while the two are similar, they are not the same.
CSRF by OWASP definition is ...an attack which forces an end user to
execute unwanted actions on a web application in which he/she is
currently authenticated.
In contrast, the exploits described in the paper require the end
Sounds like automated vs manual approach. But in the end, I think
they are interchangeable. You can do an automated XSID via writing GET
from inside an iframe/image.
It may be correct by OWASP definition, but it's the same end result -
a request sent from a different sender then expected, whether
Hi,
A new type of vulnerability is described in which publicly available
information from social network sites obtained out of context, can be used
to identify a user in cases where anonymity is taken for granted.
This attack (dubbed Cross Site Identification, or CSID) assumes the
following
I'm confused, isn't this just like XSRF (cross-site request forgery)?
Regards,
Chris.
On Wed, Jan 13, 2010 at 4:33 PM, Ronen Z ro...@quaji.com wrote:
Hi,
A new type of vulnerability is described in which publicly available
information from social network sites obtained out of context, can
{hahahaha}
In fact, I didn't see Gmail mentioned anywhere. Perhaps it just
affects JSON/AJAX-intensive-without-XSRF-tokens sites?
On Wed, Jan 13, 2010 at 5:47 PM, Benji m...@b3nji.com wrote:
yes, but scarier BECAUSE IT INVOLVES FACEBOOK ARGH!
On Wed, Jan 13, 2010 at 4:45 PM, Christian
yes, but scarier BECAUSE IT INVOLVES FACEBOOK ARGH!
On Wed, Jan 13, 2010 at 4:45 PM, Christian Sciberras uuf6...@gmail.comwrote:
I'm confused, isn't this just like XSRF (cross-site request forgery)?
Regards,
Chris.
On Wed, Jan 13, 2010 at 4:33 PM, Ronen Z ro...@quaji.com wrote:
Hi,