MX Logic Email Filtering, Web Filtering and Email Archiving Managed Security Services
Anti Spam, Email Filtering and Other Resources MX Logic Support Contact MX Logic about Email Filtering, Web Filtering or Email Archiving Solutions Login to the MX Logic Control Console
Search
MX Logic Advantage Email Filter, Web Filter and Email Archiving Services Email Filter, Web Filter and Email Archiving Services MSPs, VARs and Partners MX Logic News & Events About MX Logic

MX Logic » Security News » Web Security » ING and others hit by web forgery

ING and others hit by web forgery

Tuesday, September 30, 2008

The ING Direct website is one of four major commercial sites to fall victim to a cross-site request forgery (CSRF) web security attack.

Discovered by network security experts Bill Zeller and Ed Felten, the vulnerability had the potential to allow hackers to transfer money from ING savers' accounts and even set up new accounts in their name.

Meanwhile, YouTube, MetaFilter and New York Times were also found to be vulnerable to the web security threat.

"We discovered CSRF vulnerabilities in nearly every action a user could perform on YouTube," said Zeller on the Freedom to Tinker blog.

Furthermore, a CSRF vulnerability on the New York Times website, allowed hackers to discover the addresses of the site's members, thereby posing a concomitant threat to email security.

In a report detailing the exploits, which have been fixed by three of the four groups, Zeller and Felten explain that CSRF attacks exploit coding flaws which cause websites to perform an action without first authenticating the request.ADNFCR-1765-ID-18803993-ADNFCR

Related News:

Scammers skulking on social networking sites - 11.11.2008
Criminals are increasingly turning to social networking sites to commit identity theft and fraud, it has been claimed.

Voting 'needs a paper trail' - 11.4.2008
As Americans head to the polls today, one research team has warned that different types of electronic voting machines used throughout the country all have their own vulnerabilities.

Microsoft in legal battle over piracy 'nagware' - 10.30.2008
A Chinese citizen has filed a civil lawsuit against Microsoft after the Windows Genuine Advantage software was installed on his computer as part of an automatic update.

Analyst finds SQL flaw in Google Adwords - 10.30.2008
There could be a resurgence in the number of attacks launched through Google services, one analyst has claimed.

Microsoft patches ahead of Windows 7 pre-beta launch - 10.28.2008
Microsoft yesterday (October 27th) issued a patch for a network security vulnerability identified in the pre-beta version of the Windows 7 operating system.
IT Security Blog Subscribe to the IT Security Blog
The Day the Botnet Died
11.17.08

Major Spam Source McColo Knocked Offline
11.12.08

President Elect Barack Obama Target of New Malware Campaign
11.5.08

More...
View Related Resources
About MX Logic:
MX Logic is a leading provider of managed email security and Web security services that deliver enterprise-grade performance without enterprise-level complexity and costOur easy-to-use, award-winning services reduce risk and liability, lower overall IT costs, and increase productivity. MX Logic services are available through our industry-leading partner network
General Information:
Why MX Logic? PDF
Unconditional Guarantee
About MX Logic PDF
White Papers
Data & Fact Sheets
Or
Watch an Online Demo
Or
Have us call you now

Privacy Policy
© MX Logic, Inc.
All Rights Reserved.

MX Logic
9781 S. Meridian Blvd. Suite 400 Englewood, CO 80112
Toll-Free: +1.877.MXLOGIC

  MX Logic provides Email Filtering, Web Filtering and Email Archiving managed services for use in network security.