Sponsored White Papers, Webcasts, and Downloads
ZDNet Dictionary Definition
- CSRF
- (Cross-Site Request Forgery) An online forgery that requires knowledge of which Internet-based institutions a person deals with. It is used to steal money or obtain valuable data such...
- Full CSRF Definition >>
ZDNet Resources
- Not scared about Cross-Site Request Forgery? You should be... you're scared of jail aren't you?
- Not scared about Cross-Site Request Forgery? You should be... you're scared of jail aren't you?You are right.I see it updating a few times per month so there are more and more problems found. I will never tell anyone they are absolutely secure (ok, not networked, you are...
- Tags: PRODUCTIVITY, SECURITY, NoScript, Cross-Site Request Forgery, CSRF
- Discussion threads 2008-03-20
- Rough times for Gmail in the new year
- Rough times for Gmail in the new yearGmail storageFor me it's stating: You are currently using 2621 MB (94%) of your 2800 MB.So I think they will cap it for the moment.. and i'm afraid I actually gonna have to delete files, though that was the reason for me getting...
- Tags: E-mail providers, PRODUCTIVITY, login screen, CSRF, XSS, Google Docs, storage, Google Gmail
- Discussion threads 2007-01-01
Additional Resources
- PCI-DSS 1.1 points to outdated OWASP Top 10
- OK, I'm not going to freak out about this too bad... I've already pointed out enough problems with PCI, but I did find it morbidly entertaining. My good friend Jeremiah Grossman pictured at right blogged today about the PCI-DSS 1.1 section 6.5, which covers "prevention of common coding vulnerabilities in...
- Tags: XSS, PCI, Security, Storage, Hardware, Nathan McFeters
- Blog posts 2008-07-02
- 90% of all statistics can be made to say anything... 50% of the time, aka my thoughts on the Verizon report
- ** Update 06/23/2008: I realize I didn't do a very good job of talking about what we're reviewing here. This is in response to the statistics gathered by Verizon related to Forensic Analysis of Data Breaches over a four year span. First off, let me...
- Tags: Business Partner, Vulnerability, Verizon Communications Inc., Attack, Data Breach, Security, Nathan McFeters
- Blog posts 2008-06-22
- DoS Attacks Using SQL Wildcards Revealed
- Yesterday, Ferruh Mavituna of Portcullis released a whitepaper entitled "DoS Attacks Using SQL Wildcards", with some insightful comments on how it's possible to multiply the attack tactics discussed to the point where not even a botnet would be needed to successfully accomplish them. Summary of the paper...
- Tags: Denial Of Service, Microsoft SQL Server, Credit Card, SQL, Databases, Storage, Enterprise Software, Software, Data Management, Hardware, Dancho Danchev
- Blog posts 2008-05-20
- Not scared about Cross-Site Request Forgery? You should be... you're scared of jail aren't you?
- Robert Hansen aka R-Snake has posted a very interesting article today over at his blog. As R-Snake states: Whelp, we've talked about it, but now it's finally possible. CSRF can now cause jail time. The FBI has begun arresting people who click on links to supposed child pornography. Now,...
- Tags: Child Pornography, Law, Government, Nathan McFeters
- Blog posts 2008-03-20
- Are Routers the Next Big Target for Hackers?
- I've recently seen a great Black Hat presentation by Felix FX Lindner (see pic 2) and a blog posting by Petko D. Petkov PDP (see pic 1) on the subject of hacking routers. What seems to be clear is that they are becoming a bigger target. PDP, of the gnucitizen group, recently...
- Tags: Nathan McFeters
- Blog posts 2008-03-04
- Snom VoIP phone vulnerability enables phone history theft, addy book poisoning, and more
- Fellow VoIP blogger and multi-skilled polymath Tom Keating picks up on security consultancy GNUCitizen.org's description of a security vulnerability in snom Technology's model 320 VoIP phone. GNUCitizen, in turn, found this via what they term a "side result" of a router hacking challenge...
- Tags: VoIP, Phone, Vulnerability, XSS, VoIP Phone, Snom, Telecom & Utilities, Russell Shaw
- Blog posts 2008-02-12
- Bullseye on Google: Hackers expose holes in GMail, Blogspot, Search Appliance
- [ UPDATE, October 1, 2007: Google has issued a fix for this issue. It's important that you check your filters to ensure your mailbox isn't compromised ] Google's security model is not holding up very well to scrutiny from hackers. In the past few...
- Tags: Google Inc., Google Gmail, Search Appliance, Victim, XSS, Hacker, Attack Technique, E-mail Providers, E-mail, Internet, Online Communications, Ryan Naraine
- Blog posts 2007-09-25
- Understanding Web-Based Threats and How to Thwart Them
- The Web has never been more hostile and new dangers can lurk on even the most trusted Web sites. What's more, the potential harm that cross-site scripting XSS, cross-site request forgeries CSRF, and JavaScript malware payloads can cause is growing exponentially. Intranet hacking, history stealing, browser port scanning, and dozens...
- Tags: Web, Sophos Plc., XSS, JavaScript, Malware, Intranet, Channel Management, Spyware, Adware & Malware, Security, Marketing
- Webcasts 2007-09-20
- Google Gears steps up with a developer release
- Google Gears steps up with a developer releaseThis is huge and will allow simple web applications to work offline, BUT,we will need to add a sandboxed high level language running locally to enable the more complicated web applications for offline use. There is only so much you can do with...
- Tags: Scripting languages, JavaScript, Web application, developer release, Google Gears, Google Inc.
- Discussion threads 2007-08-30
- Microsoft patent FUD working against Linux, says new study
- Microsoft patent FUD working against Linux, says new studyHow to fight FUDYour opinion on how to fight FUD is interesting. Your camp says ignore them because it simply give them unnecessary publicity. The other camp says fight it by sending out as information debunking it.Both have merits. One problem with...
- Tags: Linux, FUD, open source, Microsoft Corp.
- Discussion threads 2007-08-02
- Use the revised OWASP Top Ten to secure your Web applications -- Part 5
- Insecure direct object access and cross site request forgery CSRF are serious flaws found in many Web applications. In fact, some hackers say that there isn't a Web site on the Internet that isn't vulnerable in some way to CSRF. In this, the fifth in a series on the revised...
- Tags: Web Application
- Download resources 2007-04-18
- << Previous
- page 1 of 1
- Next >>
White Papers and Webcasts
Intel is working with Microsoft to deliver an integrated, validated solution for notebook and desktop systems that gives users the performance they need for Windows Vista.
In this Super Techies interview, larger-than-life techie Marc Canter talks with ZDNet's Editor in Chief Dan Farber about his career as a multimedia pioneer.
The Cisco Mobility Resource Center offers FREE videos, downloads, podcasts and more, all designed to help small and medium businesses get mobile connectivity solutions, improve productivity and drive sales and revenue.
Tasty Baking’s new LEED factory
0:57
Tasty Baking CIO: Brendan O’Malley
Balancing act: innovation vs. reliability
1:28
Facebook VP of technical operations: Jonathan Heiliger
Securing data at E-Loan
1:47
E-Loan CIO: Jay Shah
When crops are scarce
1:47
Del Monte Foods CIO: Marc Brown
