csrf flaw

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

Google downplays severity of Gmail CSRF flaw

Yesterday, Vicente Aguilera Diaz from Internet Security Auditors released proof of concept of a CSRF (Cross-Site Request Forgery) vulnerability in Google's Gmail, which he originally communicated to Google two years ago. The CSRF flaw affects Gmail's "Change Password" function, since according to Diaz the session cookie is automatically sent by...

Tags: Google Inc., Google Gmail, Password, Flaw, Vulnerability, XSS, CSRF Flaw, E-mail Providers, Cloud Computing, Security, Internet, Dancho Danchev

Blog posts 2009-03-04

Additional Resources

News to know: Firefox patch; Windows 7; Facebook; RIM's app store

Here are today’s notable headlines. You can get News To Know via email alert and RSS daily.  For continuous updates see BNET’s around-the-Web tech coverage. Ryan Naraine: Mozilla plugs Firefox code execution holes Mary Jo Foley: Microsoft hedges its Windows 7 bets with new...

Tags: Facebook, Research In Motion Ltd., Mozilla Firefox, Microsoft Windows 7, Amazon.com Inc., Microsoft Corp., Matthew Miller, Sam Diaz, Amazon Kindle, Microsoft Windows, Web Browsers, Handhelds, Operating Systems, Software, Internet, Hardware, Larry Dignan

Blog posts 2009-03-05

Google downplays severity of Gmail CSRF flaw

Google downplays severity of Gmail CSRF flawOnly a fool uses this...Fools spew all private data in google, online blog things are waiting for hackers to get the data.Not only that google is big brother 2.0 on steroids, stores private data in which it is theirs to do with what they...

Tags: E-mail providers, Hacking, cloud computing, SECURITY, Google Inc., Gmail CSRF, Google Gmail

Discussion threads 2009-03-04

DEFCON 16: List of tools and stuff released

 Guest editorial by Rob Fuller DEFCON, the 9000+ attendee hacker conference in Vegas has become a sort of hydra conference. It has become more like a global fair than what most people think of conferences; even the badge is highly...

Tags: Tool, E-mail Address, E-mail, Productivity, Online Communications, Ryan Naraine

Blog posts 2008-08-18

News to know: Apple patch; IBM; PC upgrades; EDS; Yahoo

Notable headlines: Ryan Naraine: Apple finally ships DNS flaw fix, patches 16 other Mac OS X holes Nate McFeters: Black Hat talk on Apple encryption flaw pulled Black Hat Sneak Preview Larry Dignan: IBM plans building spree: To build $360M...

Tags: Google Inc., Facebook, Larry Dignan, PC, Yahoo! Inc., Apple Inc., Electronic Data Systems Corp., IBM Corp., FireWire, Sales Strategy, Desktops, Consumer Electronics, Personal Technology, Sales, Hardware

Blog posts 2008-08-01

Not scared about Cross-Site Request Forgery? You should be... you're scared of jail aren't you?

Robert Hansen aka R-Snake has posted a very interesting article today over at his blog. As R-Snake states: Whelp, we’ve talked about it, but now it’s finally possible. CSRF can now cause jail time. The FBI has begun arresting people who click on links to supposed child pornography. Now,...

Tags: Child Pornography, Law, Government, Nathan McFeters

Blog posts 2008-03-20

Bullseye on Google: Hackers expose holes in GMail, Blogspot, Search Appliance

[ UPDATE, October 1, 2007:  Google has issued a fix for this issue.  It's important that you check your filters to ensure your mailbox isn't compromised ] Google's security model is not holding up very well to scrutiny from hackers. In the past few...

Tags: Google Inc., Google Gmail, Search Appliance, Victim, XSS, Hacker, Attack Technique, E-mail Providers, E-mail, Internet, Online Communications, Ryan Naraine

Blog posts 2007-09-25