Flaw Puts Hackers Closer to the Money | Security | ITBusinessEdge.com

Newsletters Welcome, Guest Log In | Register

This Feed More Feeds

< Previous | Next >

Subscribe

Sign up now and get the best business technology insights direct to your inbox.

Recent Posts

0

Flaw Puts Hackers Closer to the Money

Posted by Susan Hall Sep 30, 2008 1:25:25 PM

In the dark spirit of the day's news, we learn that if your bank doesn't fail, criminals could siphon off your money. And no, not those Washington or Wall Street hacks.

Princeton University researchers say they've found four Web sites vulnerable to the cross-site request forgery (CSRF) attack, reports Dark Reading. An attack on INGDirect.com's site would allow an attacker to transfer money out of a victim's bank account.

ING, YouTube and MetaFilter have since fixed the flaws, but one on The New York Times Web site remains. It could allow an attacker to harvest e-mail addresses of online subscribers.

Princeton doctoral student Bill Zeller explained the CSRF bug on the ING site would have allowed an attacker to move money from the victim's account to a fake account the attacker set up in the user's name -- all without the user's knowledge. He called it the first publicly disclosed CSRF flaw on a bank site.

Sphere: Related Content Print 0 Comments Permalink

Social Web
Send Email

To ShareThis, click on a service below:

Digg

del.icio.us

Email this article to a friend

X

Related Content

Topic: Vulnerabilities and Patches

[ Blog ] Staying Safe on Cyber Monday
[ Article ] The Tricky World of Disseminating Vulnerabilities
[ News ] Microsoft Helps Discover Flaw in Google Plug-In for IE

Add a comment Leave a comment on this blog post.

There are no comments on this post

Premium Tools

Six Sigma Framework for IT

This collection of tutorials, calculators, and templates will show you how to apply six sigma thinking to IT service management.

ITIL V3 Foundation - Complete Certification Kit

Enhance your IT career by getting your ITIL Foundation Certificate. It's fast and easy with this complete resource. The 186-page eBook and companion online training course is guaranteed to help you pass the ITIL exam.

Related Content

Topic: Identity Theft

Personal information is like gold to bad guys, but that gold belongs to you

Blog: FTC Extends Red Flag Rule Compliance Deadline...Again

Article: The Four Myths of Cyber Security

News: Missing Hard Drive Contains 1.5 Million Records

Related Topics

Vulnerabilities and Patches

Featured White Papers

Lowering Your IT Costs with Oracle Database 11g Release 2

This white paper identifies the key capabilities a database management solution needs to successfully deliver more information with higher quality of service, make more efficient use of IT budgets, and reduce the risk of change in data centers.

Software Forum: Information On Demand Virtual Experience

This interactive virtual forum presents leading IT experts providing the insights you need to turn your information into a strategic driver for innovation, business optimization and competitive differentiation.

Resource Centers

: Business Intelligence

Best-practice tools, strategies and technologies for determining and managing the data you need to make better business decisions.

Featured Whitepapers

Seeing the Big Picture: A Corporate Guide to Better Decisions Through IT
: Data Warehousing for Business Intelligence

Comprehensive storage solutions for better data access and retrieval, leading to better-informed business decisions.

Featured Whitepapers

Maximizing Operational Efficiency with Oracle Business Intelligence (BI) Applications
: Power Supply Solutions

Comprehensive power protection solutions.
: Responding to Change

The technology tips and tools to enhance your ability to respond to business change with ease and success.

Featured Whitepapers

Driving Business Agility Through SOA Connectivity and Integration